The Cyber Solidarity Act (Regulation (EU) 2025/38) establishes a comprehensive framework to strengthen the EU’s cybersecurity capabilities and response mechanisms. It creates three main pillars: the European Cybersecurity Alert System, the Cybersecurity Emergency Mechanism, and the European Cybersecurity Incident Review Mechanism. The act aims to enhance detection of cyber threats, improve incident response coordination, and strengthen solidarity between Member States in cybersecurity matters.The regulation’s structure includes five chapters covering general provisions, the European Cybersecurity Alert System, the Cybersecurity Emergency Mechanism, the European Cybersecurity Incident Review Mechanism, and final provisions. It also amends Regulation (EU) 2021/694 (Digital Europe Programme) to incorporate new operational objectives and funding arrangements.Key provisions include:
- Establishment of a pan-European network of cyberhubs consisting of National Cyber Hubs and Cross-Border Cyber Hubs to enhance detection and situational awareness capabilities
- Creation of an EU Cybersecurity Reserve composed of trusted managed security service providers to assist in responding to significant cybersecurity incidents
- Introduction of coordinated preparedness testing for entities in critical sectors
- Development of mechanisms for information sharing and cooperation between Member States
- Provision of support to associated third countries under specific conditions
- Implementation of incident review procedures to learn from significant cybersecurity events
The regulation introduces significant changes compared to previous frameworks by:
- Creating new operational structures for cyber threat detection and response
- Establishing formal mechanisms for cross-border cooperation and assistance
- Introducing specific funding arrangements for cybersecurity initiatives
- Setting up clear procedures for third country participation
- Implementing new review and evaluation mechanisms
