With the European parliamentary elections around the corner, and the growing level of cyber threats, stakes are high for the European Union and its Member States regarding cybersecurity.
From the NIS directive that entered into force in 2018, the Cybersecurity Act, that will be adopted in the coming weeks, to the current discussions on the cybersecurity competence center, the EU has made important efforts to address cybersecurity challenges and managed to create what we have pleaded for: building an EU cyber community.
The upcoming renewal of the Commission and the start of a new legislative period gives us an opportunity to take stock of the progress made and of the challenges lying ahead.
Cybersecurity to defend European core values
With cyberattacks becoming more and more sophisticated, at a time where multilateralism is under threat, France firmly believes in European cooperation to defend Europe’s core values but also its freedom to choose its own path.
Cybersecurity is no longer about protecting strictly delimited networks, belonging to States or critical infrastructures; it is about protecting the very functioning of the whole economy and society as well as the trust in the democratic process.
While under threat, some wrongly think that the answers are in the easiest solutions, such as weakening encryption or allowing private retaliation to cyberattacks in the form of “hacking back”.
However, beyond the disregard of EU’s core values of freedom, peace and democracy, those solutions are also detrimental to the overall stability of cyberspace.
In fact, by weakening the basic principles upon which cyberspace stability is resting, they pave the way to the emergence of a highly deregulated and chaotic digital Far West.
The Paris Call for Trust and Security in Cyberspace, launched by President Macron on the 12th of November, has been a new and innovative step to unite the international community, from States, the civil society, to the private sector, around core principles that we believe are necessary to preserve a peaceful, open and stable cyberspace.
The support of this call by all EU Member states has shown that a shared vision is within reach on how to protect the digital economy and society against cyber threats.
Cybersecurity: a shared responsibility
The multistakeholder approach of the Paris Call is also a clear reminder that States will not be able to deal with such tremendous challenges alone.
The private sector has sparked a great number of initiatives to step up efforts in this respect, demonstrating that this is no longer an area of concerns only for the States.
Protecting the digital economy and society has indeed become a shared responsibility between the States, the private sector and the citizens.
With this new reality in mind, the European Commission and the Member States have strived to establish the foundation of an EU cybersecurity, gathering all relevant actors from the NIS-inspired national authorities, the certification community, the digital industry to the research community.
Thanks to these efforts, all those actors are now working together to address common challenges at the EU scale.
The EU’s way forward
A lot still needs to be done to promote the EU’s own approach to the security of cyberspace.
Firstly, it requires the strengthening of EU’s strategic autonomy, through technological, capacity building and regulatory efforts.
Secondly, it demands the reinforcement of the responsibility of private actors in the security of digital services and products, throughout their lifecyle and supply chain.
Thirdly, it requires the EU to promote its unique approach on cybersecurity on the international stage, in particular through diplomatic efforts.
During the next European legislative period, France will be an avid supporter of cooperation at EU level in order to reach these ambitious common goals.