The EU Council has proposed the development of a non-mandatory maritime cyber code to be submitted to the International Maritime Organization (IMO), aiming to enhance cybersecurity across ports, shipping, and ship-to-shore interfaces. The initiative, outlined in a cover note dated 2 May 2026, seeks to bolster cyber resilience in the maritime sector without imposing binding regulatory burdens on member states or industry stakeholders.
Goal-Based Approach Aligned with International Standards The proposed code adopts a goal-based approach, aligning with existing international maritime safety agreements. It emphasizes cooperation among EU member states and the maritime industry, and includes provisions for regional risk assessments to account for varying jurisdictional requirements. The code is designed to facilitate the sharing of best practices and standardization across the sector, potentially reducing costs and administrative obstacles through a common cybersecurity framework.
Impact on Stakeholders The non-mandatory nature of the code means that EU member states and maritime operators will not be legally required to comply, but are encouraged to adopt the framework voluntarily. This approach aims to foster collaboration and consistency in national cybersecurity frameworks while avoiding additional regulatory burdens. For the maritime industry, including shipping companies and port authorities, the code could lower compliance costs compared to a mandatory regime, but may also lead to fragmented implementation if adoption is uneven. The code also encourages training and skills development within the maritime workforce to address cyber risks, benefiting workers and enhancing overall sector resilience. For global trade stability, improved preventive measures against cyber incidents could reduce disruptions, though the voluntary nature may limit effectiveness if uptake is low.
Expected Institutional Follow-Up The Council's proposal will be submitted to the IMO for consideration. If adopted, the code would serve as a non-binding international framework, with member states and industry expected to implement its provisions on a voluntary basis. The EU may also consider complementary measures to support adoption, such as funding for training or regional risk assessments. No further EU legislative action is required at this stage, but the Council may revisit the issue based on IMO developments and member state feedback.
← Atlas › News › Digital & Communication