European member states have new obligations in terms of national cybersecurity. According to the European Commission, the European Union is vulnerable to cyberattacks from Russia. Hence, the body adopted a new cybersecurity policy. As a result, member states are expected to increase investments in cybersecurity measures.

The national cybersecurity laws of member states are typically outlined in Brussels. The reason that companies in Germany are obliged to report sensitive data breaches is the same in Estonia, The Netherlands and any other member state: EU countries have to follow EU security guidelines

Today, the European Commission announced a set of new obligations. Brussels adopted a new policy (EU Cyber Defense Policy) designed to prevent large-scale cyberattacks on member states. The rules require member states to increase investments in military cybersecurity and collaborations with other member states.

Russian cyberattacks on European infrastructure have been a “wake-up” call for the European Commission, the body said during the policy’s announcement. With the new policy, the European Commission wants to prevent non-EU countries — and Russia in particular — from attacking member states.

Satellite network attack

Cyberattacks on government agencies and infrastructure have been on the rise since Russia’s invasion of Ukraine. Most security experts agree that Russia hires hackers and cybercriminals to attack state targets. Although Ukraine has been Russia’s biggest target since the invasion of February 2022, it didn’t take long for the attacks to extend beyond Ukraine.

The cyberattack on the European KA-SAT satellite network exemplifies the problem. On February 24, 2022, part of the satellite network was disabled by a targeted attack. The Internet connections of tens of thousands of European residents dropped. The communications of Ukrainian troops were disrupted. The European Commission holds Russia responsible for the attack.

Consequences for member states

The new EU Cyber Defense Policy is designed to prevent such incidents in the future. In short, the European Commission wants to make funding and manpower available to train security professionals, facilitate more security cooperation among member states and upgrade the cybersecurity systems of military services.

You can find a clear overview of the policy’s purpose and assignments for member states on the European Commission’s website.

The average European resident is likely months away from noticing the effects. The policy is currently in the implementation phase. Member states have to process the policy on a national level in the coming period. The first noticeable change is that the politicians of member states will start deliberating on how they intend to do so.

Tip: ‘Cyberthreats increase due to Russia’s attack on Ukraine’