On 2 December 2024, the EU adopted the Cyber Solidarity Act (Regulation (EU) 2021/694)(the “Act”).¹ The new measures aim to address escalating cyber threats, including ransomware, phishing, and attacks on critical infrastructure. The Act builds on existing cybersecurity frameworks, aiming to unify and enhance the EU’s preparedness, response, and recovery mechanisms. This article explores the Act’s integration of AI in strengthening cybersecurity, examines its framework for cross-border collaboration, and highlights enforcement challenges and recommendations for improvement.

---

The EU Agency for Cybersecurity, ENISA, charged with strengthening cybersecurity and keeping EU citizens “digitally secure”² recently highlighted the challenges to cybersecurity such as a significant shortage of cybersecurity professionals, which exacerbate vulnerabilities in both public and private sectors.³

ENISA just released its first report on the State of Cybersecurity in Europe (2024).⁴ Among the key findings of the report are the risk in substantial cybersecurity threats across the Union, where DOS/DDOS attacks (e.g. the use of traffic or multiple computers to flood a server rendering it unavailable)⁵ (41.1%) and ransomware (25.79%) represent the most significant incident types.⁶

Despite these challenges, the EU is moving toward unified cybersecurity practices through mechanisms like the NIS Cooperation Group and the CSIRTs Network. These efforts form the backdrop for the Cyber Solidarity Act’s provisions. Indeed, In the wake of several high profile cybersecurity attacks against European companies and government agencies,⁷ the Act comes at a critical time.

The Act establishes three cornerstone mechanisms, each with distinct legal foundations and operational frameworks:

1. European Cybersecurity Alert System (ECAS) under Article 3(1) establishes ECAS as “a pan-European network of infrastructure that consists of National Cyber Hubs and Cross-Border Cyber Hubs joining on a voluntary basis.” The system emphasises advanced technological capabilities, with Article 3(2)(e) specifically mandating the development of “advanced tools and technologies, such as artificial intelligence and data analytics tools.”
2. Cybersecurity Emergency Mechanism created under Article 10, this mechanism includes the EU Cybersecurity Reserve of trusted service providers. Article 14(2) specifies it “shall consist of response services from trusted managed security service providers” and can include pre-committed services. The mechanism creates a “cyber firefighting” capability that can be rapidly deployed during major incidents.
3. European Cybersecurity Incident Review Mechanism under Article 21 empowers ENISA to conduct comprehensive reviews of significant cybersecurity incidents, incorporating lessons learned and advanced analytical capabilities.

---

The Act places significant emphasis on AI as a crucial tool for modern cybersecurity, aligning with ENISA’s findings on the growing sophistication of cyber threats. The integration of AI capabilities is particularly important given the report’s identification of substantial gaps in detection and response capabilities across member states.

• Article 2(4) explicitly recognizes AI’s role in threat detection and analysis
• Article 24 acknowledges the importance of “pooling high-quality, curated data” for AI development
• Cross-Border Cyber Hubs must establish targets for developing AI and analytics tools (Article 6(2)(c))
• The framework maintains emphasis on human oversight alongside AI capabilities

Challenges include addressing algorithmic biases, ensuring compliance with GDPR, and balancing automation with human control.

The Cyber Solidarity Act recognises AI as a transformative tool in cybersecurity. Key provisions promote its use for detecting, analysing, and mitigating cyber threats (Articles 3 and 24)​. However, AI introduces unique challenges that necessitate careful consideration to ensure its ethical and effective application.

Potential Challenges Raised by AI

Despite its potential, the use of AI in cybersecurity is not without significant hurdles. These challenges, if unaddressed, could undermine the effectiveness of AI initiatives under the Cyber Solidarity Act.

1. Algorithmic Bias:
   • AI models can inherit biases from training data, leading to skewed threat detection.AI models can inherit biases from training data, leading to skewed threat detection. For instance, biased algorithms might disproportionately flag traffic from certain regions as suspicious, fostering inequality in security measures. Potential methods to resolve such issues could be more robust bias testing and inclusive data sets​.⁸
2. Adversarial Attacks:
   • Cybercriminals may exploit vulnerabilities in AI models by feeding adversarial inputs to evade detection. Examples include injecting maliciously crafted data into machine learning systems to bypass malware detection software​.⁹ Countermeasures like adversarial training and constant model updates may be critical.
3. Transparency and Accountability:
   • The “black box” nature of many AI systems complicates oversight and accountability, especially in automated decision-making (see our article here to understand more). This opacity may lead to legal challenges, especially if AI decisions adversely affect individuals or organisations without clear justification.
4. Data Privacy Concerns:
   • AI requires vast amounts of data for training and operations, raising concerns about compliance with the General Data Protection Regulation (GDPR). Challenges include anonymising data while maintaining its utility for AI development and addressing the risk of re-identification​.¹⁰
5. Over-reliance on Automation:
   • While AI improves efficiency, over-reliance may result in neglecting essential human oversight (something which the EU AI Act aims to overcome with the requirement for human involvement where AI is deployed in certain high risk areas such as the administration of justice). Human operators therefore may remain integral to critical decision-making to avoid catastrophic errors, such as false positives or system lockouts during high-stakes incidents.
6. Resource Inequities:
   • Smaller Member States or enterprises might lack the resources to implement and maintain sophisticated AI-driven tools, widening the cybersecurity capability gap. Collaborative funding and training initiatives under the Cyber Solidarity Act could help bridge this gap.

Current examples of AI in Cybersecurity

• Threat Prediction: AI models like predictive analytics such as those deployed by Darktrace, Qualys or Palo Alto Networks, help identify vulnerabilities before exploitation, but could fail if underlying assumptions are incomplete. For example, predicting zero-day attacks remains a major challenge.
• Automated Incident Response: AI can automatically isolate compromised systems, a feature particularly useful during ransomware attacks. However, improper configuration or misjudgments by AI can disrupt critical operations.

Addressing these challenges requires continuous monitoring, robust legal frameworks, and ethical AI practices. By embedding safeguards and promoting transparency, the Cyber Solidarity Act may unlock AI’s potential while mitigating its risks.

The Act creates robust structures for multinational cooperation:

• Minimum of three Member States required for Cross-Border Cyber Hubs (Article 5(1))
• Mandatory written consortium agreements (Article 5(3))
• Structured information sharing protocols (Article 6(2))
• Clear frameworks for third country participation (Article 19)

The regulation includes comprehensive security requirements, such as under Article 17(2) which sets strict criteria for trusted service providers, including professional integrity requirements; classified information protection and appropriate security clearances.

The Act amends the Digital Europe Programme (Regulation (EU) 2021/694), allocating €1,372,020,000 for Cybersecurity and Trust initiatives (Article 9(2)(c)). Implementation includes:

• Regular evaluation cycles mentioned below (Article 25)
• Specific assessment criteria for operational effectiveness
• Integration with existing EU digital initiatives
• Flexibility for Member State participation

The Act’s strengths lie in its capacity to foster cross-border collaboration, innovation, and equitable resource sharing:

1. Comprehensive Coordination: The Act’s emphasis on creating cross-border hubs strengthens collaborative detection and response capabilities.
2. Focus on Solidarity: By pooling resources and expertise, the regulation provides much-needed support to less-prepared Member States. For example, the Cybersecurity Reserve (see Article 14) provides access to pre-committed service providers, offering immediate assistance during large-scale incidents​.
3. Harnessing AI: The promotion of AI and advanced analytics under the Act is a forward-looking strategy. AI capabilities enable predictive threat detection, faster incident response, and deeper forensic analysis. These tools are essential in tackling complex threats like zero-day vulnerabilities (an undiscovered flaw in an application or operating system) and sophisticated ransomware attacks, which often outpace traditional cybersecurity defences​.
4. Regular Review: The Act specifies a regular review cycle (first review within two years, then every four years under Article 25), to assess the use and effectiveness of the regulation, which should help to strengthen governance and implementation of cybersecurity measures across the EU.

---

While the Cyber Solidarity Act represents significant progress, several challenges must be addressed to ensure its successful implementation. These challenges highlight the complexities of creating a unified cybersecurity framework across a diverse union of nations and organisations.

1. Fragmented Capabilities: Disparities in national cybersecurity maturity may hinder the implementation of unified measures.
2. Voluntary Participation: Member States are not mandated to join the European Cybersecurity Alert System, potentially limiting its effectiveness.
3. Privacy Concerns: Sharing sensitive information across borders could lead to GDPR compliance issues.
4. Resource Constraints: Building and maintaining cybersecurity reserves will require significant financial and human investment.

---

The Cyber Solidarity Act represents a sophisticated approach to modern cybersecurity challenges, combining traditional cooperative frameworks with cutting-edge technological capabilities. The emphasis on AI alongside human expertise reflects a balanced approach to cyber defense, while the voluntary nature of participation maintains necessary flexibility for Member States.

The Act’s regular review cycle ensures the framework can adapt to evolving threats and technological capabilities. This combination of structured cooperation, technological innovation, and adaptability positions the EU to better address contemporary cybersecurity challenges while preparing for future threats.

However, success hinges on addressing several key challenges. Member States must commit to robust implementation, bridge resource disparities, and ensure data-sharing frameworks comply with GDPR. The voluntary nature of participation in certain mechanisms, such as ECAS, may need reassessment to ensure comprehensive threat coverage across the Union.

For legal practitioners and cybersecurity professionals, the Act creates new considerations for incident response planning and cross-border cooperation, while providing access to advanced technological tools and support mechanisms. Its success will depend on effective implementation and genuine commitment to cooperation from Member States, supported by continued technological innovation in AI and other advanced security capabilities.

---

Sources:

1. Regulation laying down measures to strengthen solidarity and capacities in
   the Union to detect, prepare for and respond to cyber threats and incidents
   and amending Regulation (EU) 2021/694 (Cyber Solidarity Act). Full text available: https://data.consilium.europa.eu/doc/document/PE-94-2024-INIT/en/pdf ↩︎
2. ENISA “What we do” (https://www.enisa.europa.eu/about-enisa/what-we-do). ↩︎
3. ENISA “Press release:”The European Union Agency for Cybersecurity (ENISA) publishes the executive summary of this year’s ‘Foresight Cybersecurity Threats for 2030’ presenting an overview of key findings in the top 10 ranking” 27 March 2024 (https://www.enisa.europa.eu/news/skills-shortage-and-unpatched-systems-soar-to-high-ranking-2030-cyber-threats) ↩︎
4. ENISA “Press release: EU’s First Ever Report on the State of Cybersecurity in the Union” 3 December 2024 (https://www.enisa.europa.eu/news/eus-first-ever-report-on-the-state-of-cybersecurity-in-the-union) ↩︎
5. Fortinet “What is the difference between DoS Attacks and DDoS Attacks?” (https://www.fortinet.com/resources/cyberglossary/dos-vs-ddos). ↩︎
6. ENISA 2024 Report on the State of Cybersecurity in the Union: Condensed Version. December 2024, at p. 7 (available to download: https://www.enisa.europa.eu/publications/2024-report-on-the-state-of-the-cybersecurity-in-the-union) ↩︎
7. e.g. Unikey “Recent cyberattacks & data breaches in Europe in 2024” 12 March 2024 (https://blog.uniqkey.eu/recent-cyber-attacks-data-breaches/). ↩︎
8. “4 Unexpected Ways AI Bias Can Jeopardize Cybersecurity.” Cybersecurity Magazine. Accessed December 4, 2024 (https://cybersecurity-magazine.com/4-unexpected-ways-ai-bias-can-jeopardize-cybersecurity/) ↩︎
9. EEE, “Adversarial Example Attacks Against Intelligent Malware Detection: A Survey.” IEEE Conference Publications (https://ieeexplore.ieee.org/document/10056478); IEEE. “MalPatch: Evading DNN-Based Malware Detection with Adversarial Patches.” IEEE Journals & Magazines. (https://ieeexplore.ieee.org/document/10319738). ↩︎
10. MIAI, “Re-Identification Attacks and Data Protection Law.” (https://ai-regulation.com); Privacy Security Academy. “Is Anonymization Possible? Experts Weigh In.” Accessed December 4, 2024. (https://www.privacysecurityacademy.com); European Parliament. GDPR Compliance and the Challenges of Artificial Intelligence: A Study (https://www.europarl.europa.eu​). ↩︎