Draft:Cyber Solidarity Act

The upcoming Cyber Solidarity Act and its predecessor, The Joint Cyber Unit.

Review waiting, please be patient. This may take 3 months or more, since drafts are reviewed in no specific order. There are 2,436 pending submissions waiting for review. If the submission is accepted, then this page will be moved into the article space. If the submission is declined, then the reason will be posted here. In the meantime, you can continue to improve this submission by editing normally. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL Easy tools: Citation bot (help) | Advanced: Fix bare URLs Reviewer tools Instructions · What links here · Cyber Solidarity Act (talk: + · bio) · (log) · Copyvios report · reFill · Citation Bot · (Search: Google, Bing, Wikipedia) · Submitted 15 days ago by Guilherme.Marques.UCP (talk: D · +) · Last edited 4 days ago by Citation bot

Submission declined on 13 April 2024 by TheLonelyPather (talk). Subject may be notable, but the article is in the style of an essay, not of an encyclopedic article. If you would like to continue working on the submission, click on the "Edit" tab at the top of the window. If you have not resolved the issues listed above, your draft will be declined again and potentially deleted. If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors. Please do not remove reviewer comments or this notice until the submission is accepted. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL Easy tools: Citation bot (help) | Advanced: Fix bare URLs Declined by TheLonelyPather 17 days ago. Last edited by Citation bot 4 days ago. Reviewer: Inform author. This draft has been resubmitted and is currently awaiting re-review.

The EU Cybersecurity Strategy, approved on 16 December 2020, highlighted the establishment of a European Cyber Shield to solidify cyber threat detection and information sharing capabilities within the European Union.^[1] Two years later, on 23 May 2022, the European Council Conclusions were released regarding the cyber posture and emphasising the necessity of addressing the deficiencies present in the responses and preparedness to cyber-attacks.^[2] They urged the European Commission to propose a new Emergency Response Fund for Cybersecurity. The following year, on 18 April 2023, the European Commission officially implemented the proposal for a new Regulation, known as the EU Cyber Solidarity Act. This new proposal outlined measures to enhance solidarity and capacities within the European Union to detect, prepare for, and address cybersecurity incidents and threats.^[3]

Legal Basis

This proposal is grounded on two distinct legal bases, namely, Article 173(3) on competitiveness of the Union's industry; and Article 322(1), point (a) of the Treaty on the Functioning of the European Union ("TFEU") on carry-over rules derogating from the principle of budget annuality.^[4]

The main purpose of Article 173(3) TFEU is to enhance the competitive position of European service and industry sectors and promote their digital transformation by elevating cybersecurity levels in the Digital Single Market. Specifically, it seeks to bolster the resilience of entities and citizens that operate in critical sectors against the current escalation of cybersecurity threats that can provoke profound economic and societal repercussions. Moreover the proposal is complemented with Article 322(1) point (a) TFEU, which by considering the unpredictable nature of the cybersecurity realm, will allow for a certain degree of flexibility to be in place when dealing with financial management of the Cybersecurity Emergency Mechanism.^[5]

Objectives and Actions

In essence, the Cyber Solidarity Act aims to enhance solidarity in the Union through the following objectives:

1. Contribute to the EU technological sovereignty, namely its cybersecurity, by reinforcing common European situational awareness and detection of cyber incidents and threats.
2. Enhance preparedness and solidarity in the EU by forming common response capacities to address serious cybersecurity incidents. This includes providing incident response support to third countries associated with the Digital Europe Programme.
3. Reinforce EU resilience by contributing with effective responses by reviewing significant incidents.^[6]

Furthermore, the Cyber Solidarity Act seeks to reinforce the EU capacities to detect, prepare for and respond to cybersecurity incidents and threats through three unique actions:

1. Deployment of the European Cybersecurity Alert System;
2. Creation of the Cybersecurity Emergency Mechanism;
3. Establishment of the European Cybersecurity Incident Review Mechanism.

European Cybersecurity Alert System

The first Foundational Element corresponds to the formation of a European Cybersecurity Alert System which aims to particularly develop and reinforce common detection and situational awareness capabilities by forming a vast amount of interoperating Cross-border Cyber Hubs, each grouping together several National Cyber Hubs.^[7]

Accordingly, the European Cybersecurity Alert System shall pool, share and produce a series of high-quality data regarding cyber incidents by utilising Artificial Intelligence and advanced data analytics. Thereby, its primary objective is to provide real-time situational awareness to authorities and other pertinent entities by enabling them to respond effectively to such threats and incidents.^[8]

Cybersecurity Emergency Mechanism

The second Foundational Element corresponds to the creation of the Cybersecurity Emergency Mechanism, which aims to enhance the Union's resilience against serious cybersecurity threats and "to prepare for and mitigate, in a spirit of solidarity, the short-term impact of significant and large-scale cybersecurity incidents"^[9] Subsequently, the Cybersecurity Emergency Mechanism supports three main areas, namely: (a)Preparedness Actions; (b)EU Cybersecurity Reserve; (c)Mutual Assistance Actions.

When dealing with Preparedness Actions, the European Commission (only after consulting both ENISA and the NIS Cooperation Group) must identify highly critical sectors (energy, healthcare etc.) and conduct coordinated testing exercises for potential vulnerabilities, based on common risk practices.^[10]

The new EU Cybersecurity Reserve will comprise incident response services from the private sector, which will intervene upon request of a Member State or EU entities, as well as third countries associated with the Digital Europe Programme, in the event of a significant or large-scale cybersecurity incident.^[7][8][10]

The implementation of Mutual Assistance Actions, in financial terms, aims to assist Member States that have provided support to other Member State affected by a significant or large-scale cybersecurity incidents.^[5]

European Cybersecurity Incident Review Mechanism

The third Foundational Element corresponds to the establishment of the Cybersecurity Incident Review Mechanism, where ENISA, (at the request of the EU-CyCLONe, the European Commission or the CSIRTs network), must review and assess mitigation actions, vulnerabilities and threats concerning a particular large-scale or significant cybersecurity incident.^[5]

The Joint Cyber Unit

When analysing the 2020 EU Cybersecurity Strategy, under Section 2, which is aimed at "building operational capacity to prevent, deter and respond", it is possible observe the intention to create a Joint Cyber Unit.^[1] Ultimately, the Joint Cyber Unit would become a platform to foster cooperation between several cybersecurity communities in the EU and would mainly focus on technical and operational coordination towards the formation of a European Cybersecurity Crisis Management Framework that would deal with critical cyber threats and incidents.^[11] Eventually, in 2021, in consultation with Member States, the European Commission decided to adopt the "Recommendation on building a Joint Cyber Unit".^[12]

The Joint cyber Unit aimed to achieve three primary goals:

1. ensure preparedness across cybersecurity communities;
2. provide continuous shared situational awareness through information sharing;
3. reinforce coordinated response and recovery.^[1]

However, the European Council decided to eliminate all mentions of the Joint Cyber Unit.^[13] Nowadays, when analysing recent pieces of EU legislation regarding cybersecurity, such as the NIS2 Directive^[14], the Cyber Solidarity Act or even the new 2022 Cyber Defence Strategy, there is not a single mention about the further implementation of the Joint Cyber Unit.

Nevertheless, the similarities between the Cyber Solidarity Act and the Joint Cyber Unit are striking. Despite the European Council previously approving the Joint Cyber Unit initiative, its Conclusions clearly indicate a scaling down of the project. However, this time, the Cyber Solidarity Act is 'supported' by a Legislative Proposal (contrary to the Joint Cyber Unit), which will be debated by the European Council and European Parliament.^[15]

References

1. JOINT COMMUNICATION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL The EU's Cybersecurity Strategy for the Digital Decade, 2020, retrieved 2024-04-12
2. Council of the European Union, "Council conclusions on the development of the European Union's cyber posture" 9364/22,https://www.consilium.europa.eu/media/56358/st09364-en22.pdf
3. Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL laying down measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents, 2023, retrieved 2024-04-12
4. • Explanatory Memorandum - Section 2 - Legal Basis, Subsidiarity and Proportionality - Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL laying down measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents, 2023, retrieved 2024-04-12
5. Chiara, Pier Giorgio, and Bartoli, Laura. "Unveiling EU Cybersecurity Law Turf Battles: The Case of the EU Cyber Solidarity Act Proposal". SSRN. SSRN 4700569.
6. Article 1(2), Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL laying down measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents, 2023, retrieved 2024-04-12
7. "Cyber Solidarity Act approved by the EU to strengthen European cybersecurity". Innovation News Network.
8. "The European Sting is Your democratic, independent and top quality political newspaper specialized in European Union News. Unique Features: iSting & Harry StingThe European Sting - Critical News & Insights on European Politics, Economy, Foreign Affairs, Business & Technology - europeansting.comCommission welcomes political agreement on Cyber Solidarity Act". The European Sting - Critical News & Insights on European Politics, Economy, Foreign Affairs, Business & Technology - europeansting.com. 2024-03-07. Retrieved 2024-04-14.
9. Article 9(1), Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL laying down measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents, 2023, retrieved 2024-04-12
10. "Cyber solidarity package: Council and Parliament strike deals to strengthen cyber security capacities in the EU". Council of the European Union.
11. "EU Boost against cyberattacks: EU Agency for Cybersecurity welcomes proposal for the Joint Cyber Unit". ENISA. Retrieved 2024-04-14.
12. Recital 7, Commission Recommendation (EU) 2021/1086 of 23 June 2021 on building a Joint Cyber Unit (Report). 2021-06-23.
13. (Recital 21). (Article 3). (Article 12). (Article 22), Council of the European Union, 'Council Conclusions on exploring the potential of the Joint Cyber Unit initiative complementing the EU Coordinated Response to Large-Scale Cybersecurity Incidents and Crises' (2021), 12534/21.https://data.consilium.europa.eu/doc/document/ST-13048-2021-INIT/en/pdf
14. "Directive - 2022/2555 - EN - EUR-Lex". eur-lex.europa.eu. Retrieved 2024-04-12.
15. Clasen, Celina. "Cyber Solidarity Act moves ahead in EU Parliament with key committee vote". Euractiv.