EU Resources

Strengthening Cybersecurity Through EU Support

The European Union plays a crucial role in advancing cybersecurity resilience across Europe and beyond. Through various initiatives, policies, and funding programs, the EU provides valuable resources to help individuals, organizations, and governments improve their digital security.

On this page, you’ll find key EU cybersecurity resources, including best practices, educational materials, reports, and policy guidelines that can help strengthen online safety and resilience in the Western Balkans and beyond.

The European Union has been actively developing a comprehensive legal framework to enhance national cybersecurity across its member states. Here’s a breakdown of the main directives, laws, and regulations.  

1. Core cybersecurity framework

NIS2 Directive (Directive (EU) 2022/2555):  

• This directive is the cornerstone of the EU’s cybersecurity efforts. It builds upon the original NIS Directive, expanding its scope to include a wider range of essential entities. 

• It mandates stricter cybersecurity risk management measures, incident reporting obligations, and supervisory measures. 

Find it here

EU Cybersecurity Act:  

• This act strengthens the role of the European Union Agency for Cybersecurity (ENISA) and establishes a framework for EU-wide cybersecurity certification. 

• It aims to enhance trust in ICT products, services, and processes through certification schemes. 

Find it here

02. Operational resilience and critical infrastructure 

Critical Entities Resilience Directive (CER): 

• The CER Directive mandates measures to ensure the continuity of essential services across the EU, protecting them from disruptions. 

• Unlike NIS2’s cybersecurity focus, CER addresses all-hazards resilience, including natural disasters, terrorism, and other non-cyber threats. 

Find it here

Digital Operational Resilience Act (DORA): 

• DORA establishes uniform requirements for the digital operational resilience of financial entities in the EU, ensuring they can withstand, respond to, and recover from ICT-related disruptions. 

• It mandates robust ICT risk management frameworks, incident reporting, and testing, while also establishing oversight of critical ICT third-party providers to the financial sector. 

Find it here

03. Data protection and privacy 

General Data Protection Regulation (GDPR):  

• While primarily focused on data protection, the GDPR has significant implications for cybersecurity. 

• It requires organisations to implement appropriate technical and organisational measures to protect personal data, including security measures. 

• It also contains breach notification requirements. 

The ePrivacy Directive: 

•  Concerns about the processing of personal data and the protection of privacy in the electronic communications sector.  

• Essentially, it aims to protect the privacy of individuals using electronic communications services.    

04. Product and service security 

Cyber Resilience Act (CRA):  

• This act focuses on the cybersecurity of digital products and services. 

• It establishes cybersecurity requirements for manufacturers and retailers of hardware and software with digital elements. 

• It aims to ensure that products placed on the EU market are secure by design and throughout their lifecycle. 

Find it here

Digital Services Act (DSA):  

• This act sets rules for online intermediaries and platforms, including obligations related to cybersecurity and the removal of illegal content. 

• It aims to create a safer online environment for users. 

Find it here

The AI act: 

• This act sets rules for online intermediaries and platforms, including cybersecurity obligations and removing illegal content. 
• It aims to create a safer online environment for users. 

Find it here