Youtube icon Spotify icon Facebook icon Instagram icon LinkedIn icon
Logo gray

EU Adopts New Cybersecurity Blueprint to Bolster Crisis Response

On 6 June 2025, the Council of the European Union adopted the updated Cyber Blueprint, which serves as a key guideline for the Member States for managing large-scale cybersecurity incidents and crises across the Union. The revised blueprint builds on the foundations of the 2017 version and incorporates key recent legislation such as the NIS2 Directive and the Cyber Solidarity Act.

The blueprint stresses that while digital technologies and global connectivity drive economic growth, they also increase the risk of cyber threats. Large-scale cyber incidents can overwhelm individual Member States and impact multiple countries, posing serious risks to the internal market and public security. A key obstacle in past responses has been fragmentation: Member States often relied on different thresholds, terminology, and procedures, leading to uncoordinated and inefficient action. To overcome this, the updated blueprint introduces a common set of definitions, most importantly, five crisis stages, providing a unified structure to ensure consistent and coordinated responses across the EU.

The blueprint defines when large-scale incidents or Union-level cyber crises require coordinated action, and clarifies the roles of key actors, such as EU-CyCLONe and ENISA. EU-CyCLONe is responsible for operational coordination among national authorities during large-scale cyber incidents and crises. ENISA maintains a “rolling annexe”, which is continuously updated through cyber exercises and real-world incidents to keep crisis protocols up to date. The blueprint also underscores the importance of coordinated public communication, civil-military cooperation and promotes effective recovery and the exchange of lessons learned among Member States.

With cyberattacks growing more sophisticated, the EU’s proactive approach underscores the urgency of robust preparedness and collaborative defense mechanisms to safeguard Europe’s digital landscape. The Cyber Blueprint is expected to enhance the overall effectiveness of the cyber crisis management framework by helping Member States enhance their preparedness, detection capabilities and response to incidents