A rising tide of foreign-sponsored cyberattacks targeting the European Union has sparked calls for stronger EU cyber resilience, with MEP Dan-Ştefan Motreanu highlighting critical vulnerabilities in sectors ranging from public administration to finance. This issue affects national governments, critical infrastructure operators, and citizens who rely on secure digital services — groups all likely to react strongly to the Commission’s strategy on cybersecurity.
Motreanu, representing the PPE group, posed a parliamentary question focusing on recent European Union Agency for Cybersecurity (ENISA) findings about increasingly sophisticated state-backed cyber intrusions, notably linked to Russia, China, and North Korea. These attacks have targeted key member states like Poland, Germany, France, Italy, and Romania, raising concerns over electoral interference and ideological motivations.
The European Commission’s reply, articulated by Executive Vice-President Virkkunen, outlined existing legislative tools like the NIS2 Directive and the forthcoming Cyber Resilience Act, which aim to bolster national cybersecurity strategies and enforce cybersecurity requirements for market products. Concrete steps include establishing an EU Cybersecurity Reserve under the Cyber Solidarity Act to support member states during major incidents and plans to revise the Cybersecurity Act for enhanced agency mandates and streamlined certification frameworks.
Policy orientation shows a strong emphasis on strengthening EU-level cybersecurity enforcement and coordination, balancing tighter risk management across critical sectors with efforts to simplify implementation and business compliance. This reflects a tilt toward increasing EU oversight and harmonization of cybersecurity standards, possibly at the expense of greater operational burdens on national authorities and private sector entities.
Stakeholders vary in their exposure and benefits: governments and regulators gain improved tools and coordination capacity; essential service providers face stricter compliance demands; cybersecurity agencies obtain more powers and clearer mandates; and consumers stand to enjoy enhanced protection from cyber threats, though the cost and adaptation efforts for businesses, particularly in manufacturing and digital services, could be substantial.
An institutional follow-up is expected with formal responses from the Commission within weeks, signaling strategic direction and potential adjustments in EU cybersecurity policy.