National Cybersecurity Strategies in the EU: Overview

National cybersecurity strategies emerged in Europe mainly after the 2007 cyberattack campaign against Estonia and the Commission Communication ‘Digital Agenda for Europe’, a flagship initiative under the Europe 2020 Strategy.

In 2007, coordinated cyber attacks were launched against Estonian government agencies, banks, and media and telecommunications companies. In the follow-up of these events, Estonia became the first EU Member State to adopt a national cybersecurity strategy seeking to reduce the inherent vulnerabilities of cyberspace. While Slovakia followed with a national strategy in 2009, only nine EU Member States (Belgium, Cyprus, Estonia, Finland, Germany, Lithuania, Luxembourg, the Netherlands, Slovakia) had a national cyber security strategy in place when the European Commission presented its Proposal for a NIS Directive on 7 February 2013 in connection with the European Cybersecurity Strategy ‘An Open, Safe and Secure Cyberspace’. The Proposal for a NIS Directive foresaw that each Member State adopts a national ‘NIS strategy’ and a ‘national NIS cooperation plan’ (Art. 5 Proposal for a NIS Directive). In light of an increasing threat landscape and in view of a forthcoming obligation to adopt a national cybersecurity strategy, a further six Member States adopted a national strategy in 2013: Romania in May, Poland and Hungary in June, Austria in July, and Italy and Spain in December. When the NIS Directive, and thus the obligation to have a national strategy on the security of NIS in place, was adopted in July 2016, only three Member States still lacked a national cybersecurity strategy: Bulgaria, which adopted its first strategy before the NIS Directive entered into force, Greece and Sweden, which both adopted their first strategy in 2017. Today, most Member States have updated their national cybersecurity strategy at least once.

	2009-2012	2013	2014-2015	2016	2017	2018-2019	2020	2021-2023
EU Policy Measure		EU Cybersecurity Strategy ‘An Open, Safe and Secure Cyberspace’; Proposal for a NIS Directive		NIS Directive 2016/1148	Renewal of EU Cybersecurity Strategy ‘Resilience, Deterrence and Defence: Building strong cybersecurity for the EU’		EU Cybersecurity Strategy for the Digital Decade; Proposal for a NIS 2 Directive
Austria		Österreichische Strategie für Cyber Sicherheit   July 2013						Österreichische Strategie für Cyber Sicherheit 2021
Belgium	Cyber Security Strategy 2012							Stratégie Cybersecurité Belgique 2.0 2021-2025 2021
Bulgaria				Национална стратегия за киберсигурност „Киберустойчива България 2020” July 2016				Актуализирана Национална стратегия за киберсигурност „КИБЕРУСТОЙЧИВА БЪЛГАРИЯ 2023” 2021
Croatia			Nacionalna Strategija Kiberneti čke Sigurnosti 2015
Cyprus	Στρατηγική Κυβερνοασφάλειας της Κυπριακής Δημοκρατίας 2012						Στρατηγική Κυβερνοασφάλειας της Κυπριακής Δημοκρατίας 2020 2020
Czech Republic			Národní Strategie Kybernetické Bezpe čnosti ČR 2015-2020 2015					Národní Strategie Kybernetické Bezpe čnosti ČR 2021-2025 2021
Denmark			National Strategi for Cyber- og Informationssikkerhed 2015-2016 2014			National Strategi for Cyber- og Informationssikkerhed 2018-2021 2018		National Strategi for Cyber- og Informationssikkerhed 2022-2024 2021
Estonia	Küberjulgeoleku Strateegia 2008-2013 2008		Küberjulgeoleku Strateegia 2014-2017 2014			Küberturvalisuse Strateegia 2019-2022 2019
Finland		Suomen Kyberturvallisuusstrategia January 2013				Suomen Kyberturvallisuus Strategia 2019
France			Stratégie Nationale pour la Sécurité du Numérique 2015		Stratégie internationale de la France pour le numérique  [complementing the 2015 strategy] 2017
Germany	Cyber-Sicherheitsstrategie für Deutschland 2011			Cyber-Sicherheitsstrategie für Deutschland November 2016				Cybersicherheitsstrategie für Deutschland 2021
Greece					ΕΘΝΙΚΗ ΣΤΡΑΤΗΓΙΚΗ ΚΥΒΕΡΝΟΑΣΦΑΛΕΙΑΣ -ΑΝΑΘΕΩΡΗΣΗ 3  2017		ΕΘΝΙΚΗ ΣΤΡΑΤΗΓΙΚΗ ΚΥΒΕΡΝΟΑΣΦΑΛΕΙΑΣ 2020-2025 2020
Hungary		Magyarország Nemzeti Kiberbiztonsági Stratégiájáról June 2013				A hálózati és információs rendszerek biztonságára vonatkozó Stratégia 2018
Ireland			National Cyber Security Strategy 2015-2017 2015			National Cyber Security Strategy 2019-2024 2019
Italy		Quadro Strategico Nazionale per la Sicurezza dello Spazio Cibernetico 2013 December 2013			Piano Nazionale per la Protezione Cibernetica e la Sicurezza Informatica [operational guidelines] 2017			Strategia Nazionale di Cybersicurezza 2022-2026 2022
Latvia			Latvijas Kiberdrošības stratēģija 2014-2018 2014			Latvijas Kiberdrošības stratēģija 2019-2022 2019		Latvijas kiberdrošības stratēģiju 2023-2026 [forthcoming; project stage]
Lithuania	Dėl elektroninės informacijos saugos (kibernetinio saugumo) plėtros 2011–2019 metais programos patvirtinim 2011					Nacionaline Kibernetinio Sugumo Strategija 2018
Luxembourg	Stratégie Nationale en matière de Cybersécurité 2012		Stratégie Nationale en matière de Cybersécurité II 2015			Stratégie Nationale en matière de Cybersécurité III 2018		Stratégie Nationale en matière de Cybersécurité IV 2021
Malta				Malta Cyber Security Strategy 2016 2016
Netherlands	De Nationale Cyber Security Strategie – Slagkracht door samenwerking 2011		Nationale Cybersecurity Strategie 2 – Van bewust naar bekwaam 2014			Nederlandse Cybersecurity Agenda – Nederland digitaal veilig 2018		Nederlandse Cybersecuritystrategie 2022-2028 – Ambities en acties voor een digitaal veilige samenleving 2022
Poland		Polityka Ochrony Cyberprzestrzeni Rzeczypospolitej Polskiej 2013 June 2013			Strategia Cyberbezpieczeństwa Rzeczypospolitej Polskiej 2017-2022 2017	Strategia Cyberbezpieczeństwa Rzeczypospolitej Polskiej  2019-2024 2019
Portugal			Estratégia Nacional de Segurança do Ciberespaço 2015			Estratégia Nacional de Segurança do Ciberespaço 2019-2023 2019
Romania		Strategia de Securitate Cibernetică a României May 2013						Strategia de Securitate Cibernetică a României pentru perioada 2022-2027 2021
Slovakia	Národná stratégia pre informačnú bezpečnosť v Slovenskej republike 2009		Koncepcia kybernetickej bezpečnosti Slovenskej republiky na roky 2015-2020 2015					Národná stratégia kybernetickej bezpečnosti na roky 2021 až 2025 2021
Slovenia				Strategija Kibernetske Varnosti 2016
Spain		Estrategia de Ciberseguridad Nacional December 2013				Estrategia Nacional de Ciberseguridad 2019
Sweden					Nationell Strategi för Samhällets Informations- och Cybersäkerhet 2017

_{The hyperlink provided links to the respective strategy (if available, an English language version is provided).}