Thanks to its regulatory powers, robust digital economy, and active foreign and security policy, the European Union is one of the key players in cyberspace. The EU strongly promotes the position that international law, and in particular the United Nations (UN) Charter, applies in cyberspace. As a complement to binding international law, the EU endorses the voluntary non-binding norms, rules and principles of responsible State behaviour that have been articulated by the UN Group of Governmental Experts. It also encourages the development and implementation of regional confidence building measures, both in the Organisation for Security and Co-operation in Europe and other regions. On a bilateral level, the EU has established cyber dialogues with strategic partners to reinforce the exchange of good practices, lessons learnt and further the idea of responsible state behaviour in cyberspace.
As of 2009, Ukraine has been a member of the Eastern Partnership (EaP) and a strategic partner for the EU. On the basis of the
EU-Ukraine Association Agreement (AA) signed in 2014, the country has engaged in legislative and policy reforms aiming at gradual convergence with the EU
acquis, including on digital economy. During the past two years, digitalisation has become a
“flagship topic” in Ukraine, with a growing focus on e-government, digital citizenship, and state support for the local IT industry. Ukraine suffered large-scale cyberattacks during the 2014 presidential elections [
x], distributed denial of service (DDoS) attacks during the Russian invasion of Crimea in 2014 [
x], malware attacks on its power grid in 2015 [
x], and was also heavily impacted by the devastating global-scale
NotPetya attack in 2017. This explains why Ukraine prioritised capacity building efforts to strengthen its cyber resilience.
Internet penetration in Montenegro stands at 83%, while analysis indicates that internet usage increased by 10,000 users (+2%) from 2021 to 2022. [
x] As an EU candidate country, Montenegro has strived to align itself with the EU’s cyber priorities and recent strategic documents like the 2018-2021
Cybersecurity Strategy and its 2013-2017
predecessor represent a firm indication of this ambition. In the past five years, however, the Montenegrin government and media outlets have increasingly seen themselves sitting at the bullseye of numerous malicious cyberattacks, suggesting “synchronised action” on the part of several state and non-state actors. [
x] A 2022
digital maturity assessment commissioned by the European Bank for Reconstruction and Development and conducted by e-Governance Academy found Montenegro to have only a “basic” level of digital maturity in seven dimensions, including “financing digitalisation, level of digital skill, and access to services”. The same assessment found that the “right conditions” had been generated for the purposes of digitalisation, but implementation fell short. These conditions included “political will and support, the legal framework, digital infrastructure and interoperability, digital identity/signature and security”. Montenegrin policymakers now perceive an increased need to transform their stated strategic goals into concrete action.