The European Parliament on 17 June 2026 debated the protection of EU citizens' data from hybrid threats, focusing on a major data breach in Lithuania where over 600,000 records from the national register were stolen. Renew MEP Petras Auštrevičius criticised Lithuanian authorities for delaying notification to affected citizens from April to May 2026, questioning why the breach was hidden. Council Deputy Minister Marilena Raouna highlighted the EU's legislative cyber framework and the proposed cybersecurity package, stressing the need for coordinated response via hybrid rapid response teams and the European Democracy Shield. Commissioner Michael McGrath outlined EU tools including NIS2, the Cyber Resilience Act, and the Cyber Solidarity Act, and announced upcoming proposals to strengthen Eurojust and Europol.
MEPs from across the political spectrum diverged on national implementation gaps and political responsibility. EPP MEPs Liudas Mažylis and Vytenis Povilas Andriukaitis, S&D's Julie Rechagneux, Renew's Dainius Žalimas, ECR's Aurelijus Veryga, and Greens-EFA's Virginijus Sinkevičius all weighed in, with PfE MEP Petras Gražulis blaming liberal-conservative governments for ignoring 2024 cybersecurity recommendations. Several MEPs called for stronger EU-level guidelines, faster information sharing, and investment in cyber resilience. The debate underscored the need for a united European response to hybrid attacks targeting citizens' data and democratic trust.
EU citizens stand to benefit from faster breach notifications and stronger data protection, while national authorities may face tighter deadlines and oversight. EU tech firms could see increased demand for cybersecurity solutions, but may also face higher compliance costs under new rules. EU regulatory bodies like ENISA and Europol would gain expanded mandates and resources, enhancing their role in cross-border incident response.