Search

This study examines the perpetrators and methods of transnational repression within the European Union (EU) and suggests possible counter-strategies for EU institutions. The study explains how transnational repression relates to associated issues faced by the EU, such as foreign interference, disinformation, abuse of migration frameworks and hybrid threats. Whilst the scale, scope and methods of transnational repression comprise a global phenomenon, this problem is specifically prevalent within the ...

The European Cybersecurity Act adopted in 2019 established a permanent mandate for the European Union Agency for Cybersecurity (ENISA) and introduced a European cybersecurity certification framework to strengthen trust and resilience across the Union. Its implementation faced a fast-evolving cybersecurity landscape since the Act’s adoption, marked by a 150% increase in cyberattacks in 2024 and an expanding regulatory landscape, including the network and information systems Directive, the Cyber Resilience ...

Russia's war against Ukraine has revealed the extent of our dependency on digital technology and the fragility of the digital space. It has triggered a surge in cyber-attacks that have been particularly disruptive when targeting critical infrastructure – such as energy, health or finance – because of the increasing reliance on information technology, rendering this infrastructure all the more vulnerable. Against this backdrop, the Commission has proposed a regulation on a cyber solidarity act that ...

European Union leaders met in Brussels on 3 February 2025, for their first-ever meeting dedicated solely to defence issues. In the current challenging geopolitical context, the purpose of this first meeting of EU Heads of State or Government in 2025 - described as an 'informal retreat' - was to make 'progress in discussions on building the Europe of defence'. The 'frank, open, and free discussion' covered three main issues: i) defence capabilities, ii) financing EU defence priorities, and iii) strengthening ...

Managed security services are services carrying out or providing assistance for activities relating to customers' cybersecurity risk management. They are gaining increasing importance in the prevention and mitigation of cybersecurity incidents. Yet they were not included in the scope of the EU cybersecurity certification framework in the 2019 Cybersecurity Act. As some Member States have begun adopting certification schemes for managed security services that are divergent or inconsistent, there is ...

Misleading information can throw any of us off course. Both misinformation – mistakes without ill intent – and disinformation – created and spread with the aim of fooling people – can make it hard to take informed decisions. Fast evolving technologies – including deepfake video and audio – make it too easy to produce and spread deceptive content very rapidly. Many of us worry about the effect: some 85 % of people worldwide are concerned about the impact of disinformation on their fellow citizens; ...

The digital transformation is making the EU institutions and administration more vulnerable to cyber threats and incidents. Their number has surged dramatically in recent years: there were as many incidents during the first half of 2021 as in the whole of 2020, for instance. Yet an analysis of 20 Union institutions, bodies and agencies showed that their governance, preparedness, cybersecurity capability and maturity varied substantially, weakening the system. This regulation puts in place a common ...

Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance spyware (PEGA) was set up on 10 March 2022. Chaired by MEP Jeroen LENAERS, PEGA Committee investigated infringements and maladministration in application of EU law in relation to the use of Pegasus and equivalent spyware surveillance software. Spyware and other hacking techniques are critical threats to privacy, data protection and democracy in the EU. They serve oppressive agendas against journalists, political activists ...

In April 2023, the European Commission proposed a regulation to strengthen solidarity and capacities in the EU to detect, prepare for and respond to cybersecurity threats and incidents ('cyber solidarity act'). During its April II part-session, the Parliament is set to vote on the agreement reached in negotiations with the Council.

Cyberattack numbers have surged in recent years, leading to the formation of entities at all levels to prevent attacks or mitigate the harm they may cause. An efficient EU-level response requires coordination and the timely exchange of information. Several bodies and networks have been set up to this end; this paper explains their respective roles.