Fortifying Europe’s digital defences: EU Cybersecurity month and the ProtectEU Strategy

October marks EU Cybersecurity month, a time to highlight the importance of cybersecurity in protecting our digital landscape. As our world becomes increasingly interconnected, the need for robust cybersecurity measures has never been greater. The European Commission is at the forefront of these efforts, working to ensure the EU is well-prepared to face cyber threats.

Adopted in April 2025, the ProtectEU Internal Security Strategy places a strong focus on cybersecurity. This strategy aims to enhance the EU's capacity to prevent, detect, and respond to cyber threats through advanced technologies, international cooperation, and cybersecurity education.

Key cybersecurity provisions in ProtectEU

ProtectEU integrates cybersecurity as a central pillar of the EU's internal security. The strategy outlines existing legal instruments to be implemented, while also identifying actions to be further developed. Some of its main points include:

• Resilience against hybrid threats, critical infrastructure protection and cybersecurity strengthening, including through the full implementation of the Cybersecurity Act and NIS2 Directive.
• New legal instruments, roadmaps and processes, such as the revision of the Cybersecurity Act, measures to ensure a cybersecure use of cloud and telecom services, and the development of a Technology Roadmap on encryption.
• Operational and institutional capacity building, by strengthening ENISA, the EU's cybersecurity agency, as well as enhancing cooperation and information sharing between law enforcement authorities, cybersecurity authorities and the private sector.
• Technological sovereignty and future technologies, by seeking to reduce dependencies on single foreign suppliers in ICT and telecom, and the deployment of a European quantum communication infrastructure (EuroQCI) as part of secure communication infrastructure.
• Lawful access to data, through a roadmap ensuring lawful and effective access to data by law enforcement, and that such access respects fundamental rights and safeguards cybersecurity.

The European Cybercrime Centre

Ensuring resilience of infrastructure and deterring cybercrime through an effective action of law enforcement and judicial authorities are two faces of the same coin. Established in 2013 and based in The Hague, the European Cybercrime Centre (EC3) is a specialised department within Europol dedicated to combating cybercrime across the European Union. EC3 supports EU Member States and international partners by providing advanced technical, analytical, and digital forensic expertise. Its primary focus areas include cyberattacks, online child sexual exploitation, and payment fraud.

EC3 also facilitates the exchange of cybercrime intelligence, coordinates joint operations through the Joint Cybercrime Action Taskforce (J-CAT), and produces the annual Internet Organised Crime Threat Assessment (IOCTA) to inform strategic and operational priorities. By fostering collaboration among law enforcement, the private sector, and academia, EC3 plays a pivotal role in strengthening Europe's collective cybersecurity posture.