Search

In 2025, ransomware – malicious software that demands a ransom – remained a major cybersecurity threat in the EU, impacting individuals as well as the public and private sectors. Recent reports confirm that attack strategies have developed into complex, multilayered software systems that enable malicious actors to evade identification and carry out decentralised attacks. Additionally, artificial intelligence has emerged as a facilitator in both spreading and combating ransomware.

Cyberattacks are rising in frequency and complexity, and no sector is immune to malicious intrusions. Cybercriminals are increasingly leveraging artificial intelligence (AI) to exploit vulnerabilities in digital infrastructure, compromising security systems and inflicting damage. Addressing this growing threat requires a clear understanding of the nature of cyber incidents. The most effective way to develop this understanding is for affected entities and companies to systematically report cyber incidents ...

The Cybersecurity Act (CSA) came into force in 2019 as part of the EU's efforts to build strong cybersecurity. Since its introduction, the EU cybersecurity regulatory framework has become more complex in response to the rise in cyber-attacks. New EU rules, as well as changes in the geopolitical context, have impacted the CSA, and the regulation is currently under review. Although stakeholders are aligned on most issues, significant differences remain, notably in addressing non-technical risks relating ...

EU support for the implementation of Slovenia's national recovery and resilience plan (NRRP) amounts to €2 226.2 million, and includes €1 612.9 million in grants and €613.2 million in loans. This amount is €256.1 million lower than that initially approved and takes into account the June 2022 update of the maximum financial contribution from the Recovery and Resilience Facility (RRF), the non-repayable allocation for REPowerEU made available in 2023, as well as the latest 2025 revision that decommitted ...

The Data Act aims to create value from data generated by connected products and services, by introducing data-sharing obligations. The principles enshrined in the Act have received general approval, but concerns have been expressed about the clarity of certain definitions, the sharing of commercially sensitive data and its regulatory complexity. Most provisions of the Data Act will apply from 12 September 2025.

Russia's war against Ukraine has revealed the extent of our dependency on digital technology and the fragility of the digital space. It has triggered a surge in cyber-attacks that have been particularly disruptive when targeting critical infrastructure – such as energy, health or finance – because of the increasing reliance on information technology, rendering this infrastructure all the more vulnerable. Against this backdrop, the Commission has proposed a regulation on a cyber solidarity act that ...

Differences between the United States (US) and the European Union (EU) over the regulation of online platforms have taken on a new dimension under the Trump administration. Senior members of the US administration have strongly criticised the EU for 'limiting free speech' and have called the EU's content moderation law 'incompatible with America's free speech tradition'. Much of the debate is informed by misconceptions and misunderstandings. The differences between the US and EU hate speech regimes ...

Enforcement of the Digital Markets Act is under way. The European Commission has launched formal proceedings against three major providers of core platform services. The Commission's preliminary findings suggest breaches of EU rules. To date, two of these preliminary findings have been confirmed, resulting in non-compliance decisions and fines for the companies in April 2025.

Fact-checking of content on online platforms has so far played an important role in protecting democracy, by verifying statements and making sure trustworthy sources are used. Many social media platforms use fact-checkers to help them enforce content moderation policies, with the aim of protecting their users from harm. The EU's Digital Services Act – a binding legal instrument – strengthens content moderation obligations for online platforms, while the voluntary EU Code of Practice on Disinformation ...

Dark patterns are deceptive techniques used by online platforms to manipulate users' behaviour, often without their knowledge or consent. The EU regulatory framework against dark patterns is fragmented and lacks a unified legal definition. This can lead to legal uncertainty and inconsistent enforcement. Stakeholders and academics are calling for clearer definitions, stronger safeguards, and more effective enforcement of existing laws.