The Cyber Solidarity Act (Regulation (EU) 2025/38): A Milestone for Europe's Cyber Defense

Compliance Hub

Compliance Hub

4 min read
The Cyber Solidarity Act (Regulation (EU) 2025/38): A Milestone for Europe's Cyber Defense
Photo by Christian Lue / Unsplash

The Cyber Solidarity Act (Regulation (EU) 2025/38), published on January 15, 2025, represents a landmark moment in strengthening the European Union's cybersecurity posture. This regulation addresses the rising tide of cyber threats and lays the groundwork for a resilient digital Europe.

EUSolidarityact
EUSolidarityact.pdf
1 MB
download-circle

Key Highlights

1️⃣ Strengthening Europe's Cyber Defense: Solidarity in Action

The Act emphasizes solidarity and cooperation among EU member states, enhancing their collective ability to detect, prepare for, and respond to cyber threats. By fostering unity across national borders, it ensures an effective defense against increasingly sophisticated attacks.

2️⃣ Introducing the European Cybersecurity Alert System

The regulation establishes a pan-European network of cybersecurity hubs, including:

  • National Cyber Hubs: Act as the central points for coordination at the national level.
  • Cross-Border Cyber Hubs: Enable collaboration and intelligence sharing across countries.

This system improves situational awareness, facilitates rapid threat detection, and issues actionable alerts to member states and entities.

3️⃣ Launching the Cybersecurity Emergency Mechanism

The Cybersecurity Emergency Mechanism ensures robust responses to large-scale cyber incidents. It provides:

  • Emergency financial and technical support for affected countries.
  • Tools to mitigate impacts and assist in the recovery of critical infrastructure and services.

4️⃣ Learning from Incidents: European Cybersecurity Incident Review Mechanism

To avoid repeating past mistakes, a dedicated Incident Review Mechanism will analyze significant cybersecurity incidents. Key features include:

  • Root cause analysis.
  • Lessons learned.
  • Recommendations for enhancing resilience.

Economic and Workforce Implications

🛡️ Boosting Economic Resilience

By safeguarding critical sectors, including startups and SMEs, the Act fortifies the EU's digital economy. Improved cybersecurity means enhanced trust and stability, attracting investment and innovation across the bloc.

🎓 Developing Cyber Skills

Addressing the cybersecurity skills gap is a priority:

  • Initiatives will promote cybersecurity education.
  • Efforts to close the gender gap in cybersecurity are encouraged.
  • Partnerships with academia, industry, and civil society aim to build a robust talent pipeline.

Takeaways for Stakeholders

  1. Public Sector: Governments must integrate the European Cybersecurity Alert System and allocate resources for National Cyber Hubs.
  2. Private Sector: Organizations, especially critical infrastructure operators, should align with the Act’s recommendations for preparedness and incident response.
  3. Citizens: Greater transparency and protections offer assurance in the digital age.

Based on the Cyber Solidarity Act (Regulation (EU) 2025/38), Chief Information Security Officers (CISOs) and Chief Compliance Officers (CCOs) in 2025 should focus on several key areas to align their organizations with the Act’s mandates and leverage its benefits. Here are the top priorities:

1️⃣ Strengthening Incident Detection and Response

Key Focus:

  • Integration with National Cyber Hubs: Participate in the European Cybersecurity Alert System to improve threat detection and situational awareness.
  • Adopt Advanced Detection Tools: Leverage AI and data analytics tools as encouraged by the Act for proactive threat detection and mitigation.
  • Conduct Regular Incident Reviews: Use the insights from the Incident Review Mechanism to refine internal incident response plans and adopt best practices.

Actionable Steps:

  • Invest in Security Information and Event Management (SIEM) tools and Endpoint Detection and Response (EDR) platforms.
  • Collaborate with industry peers and national authorities to share threat intelligence.

2️⃣ Bolstering Cyber Resilience

Key Focus:

  • Implement robust disaster recovery and business continuity frameworks, ensuring alignment with the Cybersecurity Emergency Mechanism.
  • Test and enhance recovery plans to minimize downtime during large-scale cyber incidents.

Actionable Steps:

  • Establish air-gapped backups and simulate recovery scenarios regularly.
  • Engage with EU-supported cybersecurity reserves for incident response and initial recovery assistance.

3️⃣ Strengthening Compliance and Risk Management

Key Focus:

  • Align cybersecurity strategies with EU-wide standards, particularly those from NIS2 Directive and other frameworks referenced in the Act.
  • Ensure secure data handling in compliance with GDPR and additional national and EU regulations on sensitive information sharing.

Actionable Steps:

  • Map and assess risks across critical infrastructure and supply chains.
  • Develop a compliance checklist to monitor adherence to new EU cybersecurity mandates.

4️⃣ Enhancing Workforce Capabilities

Key Focus:

  • Address the cybersecurity skills gap by investing in workforce training.
  • Promote gender diversity and inclusivity in cybersecurity roles as recommended in the Act.

Actionable Steps:

  • Partner with academic institutions and government initiatives for skill development programs.
  • Provide internal training on advanced cybersecurity tools, threat analysis, and compliance requirements.

5️⃣ Optimizing Information Sharing

Key Focus:

  • Collaborate with National Cyber Hubs and Cross-Border Cyber Hubs to pool cyber threat intelligence.
  • Adopt secure data-sharing practices using state-of-the-art tools and protocols, such as the Traffic Light Protocol (TLP).

Actionable Steps:

  • Establish partnerships with Information Sharing and Analysis Centers (ISACs).
  • Implement secure communication tools for real-time collaboration with stakeholders.

6️⃣ Enhancing Preparedness through Testing

Key Focus:

  • Participate in EU-coordinated preparedness testing for high-criticality sectors as part of resilience-building efforts.
  • Regularly assess cybersecurity measures against potential threat scenarios.

Actionable Steps:

  • Conduct penetration testing, vulnerability assessments, and red team exercises.
  • Align testing methodologies with EU-supported frameworks and recommendations.

7️⃣ Emphasizing Supply Chain Security

Key Focus:

  • Evaluate third-party and supply chain risks as a significant part of incident prevention.
  • Leverage support from the EU Cybersecurity Reserve to enhance vendor security standards.

Actionable Steps:

  • Mandate security assessments for third-party vendors.
  • Implement automated tools for continuous monitoring of supply chain vulnerabilities.

8️⃣ Leveraging EU Support and Funding

Key Focus:

  • Take advantage of EU funding opportunities provided under the Digital Europe Programme to improve cybersecurity infrastructure.
  • Engage with the European Cybersecurity Reserve for financial and technical assistance during incidents.

Actionable Steps:

  • Submit applications for grants targeting preparedness actions and security enhancements.
  • Maintain readiness for rapid deployment of EU-funded incident response resources.

9️⃣ Fostering Public-Private Collaboration

Key Focus:

  • Strengthen ties with government agencies, industry groups, and academia for collective resilience.
  • Participate in public-private partnerships and EU-led cybersecurity initiatives.

Actionable Steps:

  • Join EU-led working groups and task forces.
  • Advocate for and contribute to policy development and information-sharing protocols.

10️⃣ Focusing on Emerging Threats

Key Focus:

  • Stay ahead of evolving threat vectors, such as AI-enabled attacks, ransomware-as-a-service, and supply chain compromises.
  • Monitor geopolitical cyber risks and prepare for spillover effects from global incidents.

Actionable Steps:

  • Conduct horizon scanning for emerging threats.
  • Develop advanced simulation models to understand potential impacts.

Strategic Summary for CISOs and CCOs:

By aligning their strategies with the Cyber Solidarity Act, CISOs and CCOs can:

  • Enhance their organization's resilience to cyber threats.
  • Strengthen compliance and regulatory standing.
  • Foster collaboration and skill development across their teams.
  • Build trust with stakeholders by demonstrating a proactive cybersecurity stance.

Proactive engagement with the Act’s provisions will position organizations not just to comply but to lead in Europe’s secure digital future.

Conclusion

The Cyber Solidarity Act reflects the EU's commitment to a secure and unified digital future. By fostering collaboration, building robust mechanisms, and nurturing talent, the regulation positions Europe as a leader in global cybersecurity efforts.

Cybersecurity is a collective responsibility—this Act makes it a shared reality.

Read more

Beyond Reaction: Integrating Incident Response into Your Cybersecurity Risk Management Strategy with NIST SP 800-61r3

Beyond Reaction: Integrating Incident Response into Your Cybersecurity Risk Management Strategy with NIST SP 800-61r3

In today's dynamic threat landscape, cybersecurity incidents are an unfortunate reality for organizations of all sizes and sectors. The ability to effectively handle these events is no longer a siloed IT function but a critical component of overall cybersecurity risk management. Integrating incident response recommendations and considerations throughout

By Compliance Hub