Go to Content

We are the flag of Portugal on the internet

Register DomainReserved Area

Blog

.PT Legal & Corporate Affairs
12-05-2025
EU Cyber Solidarity Act: A New Step in European Cybersecurity
Digital security is a top priority for the European Union (EU), and the EU Cyber Solidarity Act, published on 15 January 2025, reflects this focus by aiming to strengthen the EU's collective capacity to prevent, detect, and respond to cyber threats. The Act entered into force on 4 February and has been fully applicable to all EU Member States since that date.

The Cyber Solidarity Act is not an isolated initiative; it is part of the EU’s broader cybersecurity legislative package, which includes several legal instruments, such as the NIS2 Directive, the DORA Regulation, and the CER Directive.

But what changes in practice? Let’s break it down.

Purpose

The Act establishes a common framework for responding to cyber threats, ensuring that Member States cooperate to protect essential networks and information systems.

Key objectives include:

  • Strengthening early detection of cyber threats;
  • Improving coordinated response among Member States;
  • Enabling more effective responses to large-scale cyber incidents;
  • Enhancing the resilience of digital infrastructure.

Benefits

  • Increased cooperation and information sharing across the EU;
  • Faster and more effective response to major cybersecurity incidents;
  • Reduced risk and impact of attacks on critical infrastructure;
  • Greater digital trust for users and businesses.

To achieve these goals, the Act introduces three key mechanisms:

1. The European Cybersecurity Alert System

A pan-European network of national and cross-border cybersecurity platforms that enhances threat detection and response capabilities.

This system ensures that the EU’s digital infrastructure remains one step ahead of emerging threats.

How it works:

  • Involves incident response teams (e.g. the CSIRT Network and EU-CyCLONe);
  • Enables the exchange of anonymised threat and vulnerability data;
  • Supports the development of innovative technologies like AI and data analytics;
  • Member States may form hosting consortia to manage joint platforms.

2. The EU Cybersecurity Emergency Mechanism

When a major incident occurs, speed of response is critical. This mechanism ensures immediate access to expert support for Member States.

Key features:

  • EU Cybersecurity Reserve – a pool of trusted private providers selected according to strict criteria;
  • Rapid technical assistance by specialised teams to mitigate damage;
  • Central coordination by the European Commission and ENISA, ensuring an efficient response process.

How do Member States request support?

Through the CSIRT Network or the country’s designated single point of contact. Requests must detail the incident, its impact, and measures already taken. Following assessment, response and assistance teams are deployed.

3. The European Cyber Incident Review Mechanism

Post-incident analysis is crucial to learning lessons and preventing recurrence.

How it works:

  • Led by ENISA, with support from EU-CyCLONe and the CSIRT Network;
  • Identifies the root causes and exploited vulnerabilities;
  • Produces a detailed report with recommendations to improve digital resilience;
  • In some cases, anonymised versions of the report may be published.

The EU Cyber Solidarity Act is a milestone in the EU’s cybersecurity strategy. As cyberattacks grow more sophisticated, it is essential that governments, businesses, and citizens are prepared to respond in a coordinated and effective way.



Please note: the articles on this blog may not convey the opinion of .PT, but of its author.
Back to Posts