European External Action Service
The EU Global Strategy sets out the interests, principles and priorities for the EU in an increasingly connected, contested and complex world. Adopted in June 2016, it represents the EU doctrine for the defence and security of the Union and its members states, for the cooperation between the member states’ armed forces, the management of immigration, crises, and for the protection of civilians. Below are the main cyber-related excerpts within the 2016 EU Global Strategy.
The EU will support the swift recovery of Members States in the event of attacks through enhanced efforts on security of supply, the protection of critical infrastructure, and strengthening the voluntary framework for cyber crisis management.
The EU will increase its focus on cyber security, equipping the EU and assisting Member States in protecting themselves against cyber threats while maintaining an open, free and safe cyberspace. This entails strengthening the technological capabilities aimed at mitigating threats and the resilience of critical infrastructure, networks and services, and reducing cybercrime.
The EU will foster innovative information and communication technology (ICT) systems which guarantee the availability and integrity of data, while ensuring security within the European digital space through appropriate policies on the location of data storage and the certification of digital products and services.
The EU will weave cyber issues across all policy areas, reinforcing the cyber elements in CSDP missions and operations, and further develop platforms for cooperation.
The EU will support political, operational and technical cyber cooperation between Member States, notably on analysis and consequence management, and foster shared assessments between EU structures and the relevant institutions in Member States.
The EU will enhance its cyber security cooperation with core partners such as the US and NATO. Its response will also be embedded in strong public-private partnerships, built upon cooperation and information-sharing between Member States, institutions, the private sector and civil society in the view of fostering a common cyber security culture and raise preparedness for possible cyber disruptions and attacks.
The EU will pursue locally owned rights-based approaches to the reform of the justice, security and defence sectors, and support fragile states in building capacities, including cyber.
The EU will deepen its partnership with NATO through coordinated defence capability development, parallel and synchronised exercises, and mutually reinforcing actions to build the capacities of our partners, counter hybrid and cyber threats, and promote maritime security. Parallelly, it will EU deepen cooperation with the US and Canada on crisis management, counter-terrorism, cyber, migration, energy and climate action.
Globally, the EU will be a forward-looking cyber player, protecting its critical assets and values in the digital world, notably by promoting a free and secure global Internet through a progressive alliance between states, international organisations, industry, civil society and technical experts. The EU will engage in cyber diplomacy and capacity building with its partners, and seek agreements on responsible state behaviour in cyberspace based on existing international law. It will support multilateral digital governance and a global cooperation framework on cybersecurity, respecting the free flow of information.
The 2019 review of the EUGS confirmed the relevance of the five priorities set out in 2016. Regarding technology and cyber, the EUGS stresses the EU role in providing a normative framework for the development of new technologies which is coherent with the EU threat response and capability development process. The 2019 EUGS hints at further development of the EU diplomatic toolbox to deter against and ensure a coordinated response to cyber threats, also making full use of the recently adopted framework allowing the EU to impose targeted restrictive measures.