National Cybersecurity Strategies in the EU: Overview

National cybersecurity strategies emerged in Europe mainly after the 2007 cyberattack campaign against Estonia and the Commission Communication ‘Digital Agenda for Europe’, a flagship initiative under the Europe 2020 Strategy.

In 2007, coordinated cyber attacks were launched against Estonian government agencies, banks, and media and telecommunications companies. In the follow-up of these events, Estonia became the first EU Member State to adopt a national cybersecurity strategy seeking to reduce the inherent vulnerabilities of cyberspace. While Slovakia followed with a national strategy in 2009, only nine EU Member States (Belgium, Cyprus, Estonia, Finland, Germany, Lithuania, Luxembourg, the Netherlands, Slovakia) had a national cyber security strategy in place when the European Commission presented its Proposal for a NIS Directive on 7 February 2013 in connection with the European Cybersecurity Strategy ‘An Open, Safe and Secure Cyberspace’. The Proposal for a NIS Directive foresaw that each Member State adopts a national ‘NIS strategy’ and a ‘national NIS cooperation plan’ (Art. 5 Proposal for a NIS Directive). In light of an increasing threat landscape and in view of a forthcoming obligation to adopt a national cybersecurity strategy, a further six Member States adopted a national strategy in 2013: Romania in May, Poland and Hungary in June, Austria in July, and Italy and Spain in December. When the NIS Directive, and thus the obligation to have a national strategy on the security of NIS in place, was adopted in July 2016, only three Member States still lacked a national cybersecurity strategy: Bulgaria, which adopted its first strategy before the NIS Directive entered into force, Greece and Sweden, which both adopted their first strategy in 2017. Today, most Member States have updated their national cybersecurity strategy at least once.

EU Policy Measure EU Cybersecurity Strategy ‘An Open, Safe and Secure Cyberspace’; Proposal for a NIS Directive NIS Directive 2016/1148Renewal of EU Cybersecurity Strategy ‘Resilience, Deterrence and Defence: Building strong cybersecurity for the EU’ EU Cybersecurity Strategy for the Digital Decade; Proposal for a NIS 2 Directive 
Austria Österreichische Strategie für Cyber Sicherheit  
July 2013
     Österreichische Strategie für Cyber Sicherheit 2021  
BelgiumCyber Security Strategy
      Stratégie Cybersecurité Belgique 2.0 2021-2025 2021
Bulgaria   Национална стратегия за киберсигурност
„Киберустойчива България 2020”
July 2016
   Актуализирана Национална стратегия за киберсигурност „КИБЕРУСТОЙЧИВА БЪЛГАРИЯ 2023”
Croatia  Nacionalna Strategija Kiberneti čke Sigurnosti 2015     
CyprusΣτρατηγική Κυβερνοασφάλειας
της Κυπριακής Δημοκρατίας

     Στρατηγική Κυβερνοασφάλειας
της Κυπριακής Δημοκρατίας 2020
Czech Republic  Národní Strategie Kybernetické Bezpe čnosti ČR 2015-2020 2015    Národní Strategie Kybernetické Bezpe čnosti ČR 2021-2025 2021
Denmark  National Strategi for Cyber- og Informationssikkerhed 2015-2016
  National Strategi for Cyber- og Informationssikkerhed 2018-2021
 National Strategi for Cyber- og Informationssikkerhed 2022-2024
EstoniaKüberjulgeoleku Strateegia 2008-2013
 Küberjulgeoleku Strateegia 2014-2017 2014  Küberturvalisuse Strateegia 2019-2022 2019  
Finland Suomen Kyberturvallisuusstrategia January 2013   Suomen Kyberturvallisuus Strategia
France  Stratégie Nationale pour la Sécurité du Numérique
 Stratégie internationale de la France pour le numérique  [complementing the 2015 strategy] 2017   
GermanyCyber-Sicherheitsstrategie für Deutschland 2011  Cyber-Sicherheitsstrategie für Deutschland November 2016   Cybersicherheitsstrategie für Deutschland
Hungary Magyarország Nemzeti Kiberbiztonsági Stratégiájáról
June 2013
   A hálózati és információs rendszerek biztonságára vonatkozó Stratégia 2018  
Ireland  National Cyber Security Strategy 2015-2017 2015  National Cyber Security Strategy 2019-2024
Italy Quadro Strategico Nazionale per la Sicurezza dello Spazio Cibernetico 2013 December 2013  Piano Nazionale per la Protezione Cibernetica e la Sicurezza Informatica [operational guidelines] 2017  Strategia Nazionale di Cybersicurezza 2022-2026
Latvia  Latvijas Kiberdrošības stratēģija 2014-2018 2014  Latvijas Kiberdrošības stratēģija 2019-2022 2019 Latvijas kiberdrošības stratēģiju 2023-2026 [forthcoming; project stage]  
LithuaniaDėl elektroninės informacijos saugos (kibernetinio saugumo)
plėtros 2011–2019 metais programos patvirtinim

    Nacionaline Kibernetinio Sugumo Strategija
LuxembourgStratégie Nationale en matière de Cybersécurité
 Stratégie Nationale en matière de Cybersécurité II 2015    Stratégie Nationale en matière de Cybersécurité III
 Stratégie Nationale en matière de Cybersécurité IV
Malta   Malta Cyber Security Strategy 2016
NetherlandsDe Nationale Cyber Security Strategie – Slagkracht door samenwerking 2011 Nationale Cybersecurity Strategie 2 – Van bewust naar bekwaam 2014  Nederlandse Cybersecurity Agenda – Nederland digitaal veilig
 Nederlandse Cybersecuritystrategie 2022-2028 – Ambities en acties voor een digitaal veilige samenleving 2022
Poland Polityka Ochrony Cyberprzestrzeni Rzeczypospolitej Polskiej 2013
June 2013
  Strategia Cyberbezpieczeństwa Rzeczypospolitej Polskiej 2017-2022 2017  Strategia Cyberbezpieczeństwa Rzeczypospolitej Polskiej  2019-2024 2019  
Portugal  Estratégia Nacional de Segurança do Ciberespaço 2015  Estratégia Nacional de Segurança do Ciberespaço 2019-2023
Romania Strategia de Securitate Cibernetică a României May 2013     Strategia de Securitate Cibernetică a României pentru perioada 2022-2027
SlovakiaNárodná stratégia
pre informačnú bezpečnosť v Slovenskej republike

kybernetickej bezpečnosti
Slovenskej republiky na roky 2015-2020
    Národná stratégia kybernetickej
bezpečnosti na roky 2021 až 2025

Slovenia   Strategija Kibernetske Varnosti
Spain Estrategia de Ciberseguridad Nacional December 2013   Estrategia Nacional de Ciberseguridad 2019  
Sweden    Nationell Strategi för Samhällets Informations- och Cybersäkerhet

The hyperlink provided links to the respective strategy (if available, an English language version is provided).

Leave a Reply

Your email address will not be published. Required fields are marked *