This report examines how the EU can strengthen its cybersecurity regime while contributing to global cyber stability. It notes that although the EU as a whole hasn’t adopted an offensive cyber posture, several member states now mirror the offensive-defensive balancing seen in China, Russia, and the US. EU policy faces a dilemma: it must navigate some members’ use of offensive cyber operations even as the EU advocates a defense-centric, resilience-focused strategy. The authors highlight that cyber operations have become a “constant cycle of preparation, detection, mitigation, resilience and response” across major powers. They argue for EU initiatives that bolster cyber defenses (through laws like the NIS2 Directive and proposed Cyber Resilience Act) and for the EU to take a larger role in promoting international norms and confidence-building measures.
Author:
Fei Su, Larisa S. Dovgal, and Lora Saalman, SIPRI Research Policy Paper
