Projects & Resources

EU Action Plan on Cybersecurity and Artificial Intelligence

SUMMARY:

  • This week, the European Commission presented a new Action Plan on Cybersecurity and Artificial Intelligence setting out a coordinated approach to help Member States, businesses and public authorities harness the benefits of AI while addressing the cybersecurity risks posed by increasingly advanced AI models.
  • The plan focuses on three priorities: promoting the safe and responsible use of advanced AI, reinforcing the EU's cybersecurity and resilience, and scaling up Europe's AI capabilities for cybersecurity.
  • The roadmap includes several concrete milestones: from Q3 2026, ENISA will issue guidance and best practices on AI-powered cyber threats and work with the Commission, Member States and industry to adapt vulnerability management tools to the AI age.

MORE INFORMATION:

Please find below an overview of the key initiatives planned by the Commission:

1. Promoting the safe and responsible use of advanced AI

  • Q4 2026: Define a Blueprint to facilitate access for European actors to the most advanced AI-enabled cyber capabilities
  • Q4 2026: Develop secure testing environments for AI models for cybersecurity use cases
  • 2027: Support the establishment of an EU evaluation capacity for AI models that must include cybersecurity

2. Reinforcing the EU's cybersecurity preparedness

  • Q3 2026: The EU cybersecurity agency (ENISA) will issue guidance and best practices and advisories to protect against AI-enable AI cybersecurity
  • Q3 2026: Commission, ENISA, Members States, and industry will work together to make existing vulnerability management practices and tools fit for the AI age
  • Q4 2026: ENISA, in cooperation with the Commission, Member States, open source communities, Union entities and industry, will launch a first pilot of a Critical Open Source Resilience Campaign to accelerate patching including by leveraging AI

3. Scaling up Europe's AI capabilities for cybersecurity

  • As of 2026: Facilitate access to AI Factories as they become gradually operational to test, train and deploy advanced AI models for cyber resilience
  • Q4 2026: Launch an EU Grand Challenge to help scale European AIpowered cybersecurity solutions
  • Q4 2026: Start developing trainings for professionals on the use of AI for cybersecurity under the Cybersecurity Skills Academy

Yesterday, the European Parliament in Plenary session debated the Action Plan with Executive Vice-President Henna Virkkunen. MEPs broadly agreed that Europe must reduce its dependence on non-European AI and cloud providers, but remained divided over whether the main barrier is excessive regulation or insufficient investment.

Commissioner Virkkunen announced that seven of the plan’s nine flagship actions would begin implementation in the autumn and called on Parliament to move quickly on the Cybersecurity Act revision and the Digital Omnibus.

Downloads