EU member states close cyber front: blueprint should strengthen joint approach
EU telecommunications ministers have taken an important step to strengthen Europe's defenses against large-scale cyber threats. They adopted the so-called EU Cyber Crisis Management Blueprint - a plan that clarifies how the European Union should respond if major cyber incidents or crises occur.
Council of the European Union June 11, 2025
According to Polish Deputy Prime Minister and Minister of Digital Affairs, Krzysztof Gawkowski, the blueprint provides guidance for member states to recognize, better combat and recover from cyber attacks more quickly. At the same time, the document should contribute to a better prepared and more resilient EU - a key focus of the current Polish Presidency of the Council of the EU.
The new blueprint builds on the first version from 2017, but now also takes into account recent developments, such as the NIS2 Directive and the Cyber Solidarity Act. The plan provides member states with concrete guidelines to strengthen their preparedness and cooperation in an increasingly complex cyber threat landscape.
Why is the blueprint needed?
Digital technology and global connectivity are essential for Europe's economy and society. But this digitalization also brings new vulnerabilities. Hybrid threats and cyber attacks can not only cause economic damage, but also put pressure on the security of citizens.
While member states remain responsible for dealing with cyber incidents on their own, some attacks can be so large that they affect multiple countries at once - or exceed national capacity to respond. In such cases, it is crucial that countries work together at the technical, operational and political levels.
The blueprint explains when the EU considers an incident to be a "Union-level crisis" and which agencies should then be involved. Among others, the EU Cybersecurity Agency (ENISA) and the EU CyCLONe network play a coordinating role in crisis situations. There is also a focus on clear communication with the public, both during and after a crisis.
It also stresses the importance of cooperation between civilian and military agencies - including through information sharing with partners such as NATO, when necessary.
Learning from crises
Finally, the blueprint contains guidelines for recovery after a cyber crisis. This includes a focus on sharing experiences and lessons learned among member states so that the joint response to cyber threats continues to improve.
Background
Since the first blueprint in 2017, both the threat landscape and European policy around cybersecurity have changed significantly. New legislation, such as the NIS2 Directive and the Cyber Solidarity Act, necessitate an updated framework. The Polish EU Presidency prioritized this issue and organized a special meeting of telecom ministers in Warsaw in early March to shape the new blueprint.
