by George Christou
Reflecting a central premise of the collective securitisation model, it is argued in this article that both specific events and longer-term trends have galvanised and reinforced the EU discourse of increasing threat and risk around cybersecurity, at different points in time. Thus, whilst major cyberattacks have caused the EU to reflect with some urgency on the increasing threat and review its approach, new policy initiatives evolved incrementally thereafter, rather than being the product of any emergency action outside the EU’s normal politics. It is shown further that, in the case of cybersecurity, discourses of threat and risk have continued beyond policy initiation, and that this discourse has very much run in parallel with further action and initiatives. Finally, this article demonstrates how collective securitisation and legislation in certain key areas related to cybersecurity can also be subject to EU institutional desecuritisation moves, leading to national policy differentiation following a precipitating event.