The European framework for cybersecurity: strong assets, intricate history

Over the last decade, the European Union (EU) has demonstrated a consistent determination to promote a global, open, stable, and secure cyberspace for everyone. A structured (and chronological) review of key EU documents, reports, and directives on cybersecurity shows that the recommendations from the relevant EU institutions (Parliament, Commission, Council) have been persistent over time, reiterating the same core issues that seem to not yet have been solved after a decade of debates and experts’ advice. Since at least 2012, EU institutions have identified the two domains that are under constant critical observation for the deployment of a coordinated European cybersecurity approach—gaps in policies and poor integration—while the European fundamentals of cybersecurity (both human and physical) have been consistently seen as an asset rather than a liability. However, the progressive de-professionalization of coding that tends to blur the distinction between amateurs and professionals should not be underestimated, as it furtively introduces a new class of risk related to unverified or circularly certified skills. It is therefore recommended that the regulatory framework is expanded to better govern the accreditation/certification of professional cybersecurity experts as well.