{"id":220517,"date":"2026-05-26T08:46:00","date_gmt":"2026-05-26T12:46:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/26\/shared-threats-shared-resilience-integrating-enlargement-partners-in-eu-digital-and-cyber-security\/"},"modified":"2026-05-26T15:55:36","modified_gmt":"2026-05-26T19:55:36","slug":"shared-threats-shared-resilience-integrating-enlargement-partners-in-eu-digital-and-cyber-security","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/26\/shared-threats-shared-resilience-integrating-enlargement-partners-in-eu-digital-and-cyber-security\/","title":{"rendered":"Shared threats, shared resilience: Integrating enlargement partners in EU digital and cyber security"},"content":{"rendered":"

Shared threats, shared resilience: Integrating enlargement partners in EU digital and cyber security<\/a><\/p>\n

https:\/\/www.iss.europa.eu\/publications\/briefs\/shared-threats-shared-resilience-integrating-enlargement-partners-eu-digital<\/a><\/p>\n

Publish Date: 2026-05-26 08:46:00<\/a><\/p>\n

Source Domain: www.iss.europa.eu<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. Gaps in cyber and digital resilience in the EU neighbourhood pose a direct threat to European security.\u00a0Cyberattacks and\u00a0digital dependencies have become core instruments of coercion, destabilisation and influence across the EU\u2019s wider neighbourhood, targeting government services, critical infrastructure, electoral processes, supply chains and the information space(1). At the same time, digital infrastructures and\u00a0data flows are inherently cross-border, binding enlargement partners and EU Member States into a shared and interdependent digital environment.
\nYet digital policy and cybersecurity in the enlargement context remains largely embedded in a gradual, compliance-driven accession process, focused on regulatory alignment and unevenly implemented across enlargement partners in the Western Balkans and the Eastern Neighbourhood. This approach sits uneasily with a fast-moving and transnational threat landscape. It hampers the capacity to respond collectively to shared threats, as cooperation remains fragmented and often reactive. Existing EU cybersecurity frameworks provide a basis for integration, but continue to expose shortcomings in capacity, coordination and access to operational cooperation. In parallel, the enlargement partners are frontline actors who have capabilities that could be better used to strengthen regional security as a whole.
\nThese\u00a0realities\u00a0underline\u00a0the\u00a0need\u00a0to\u00a0act\u00a0before\u00a0accession to the EU.\u00a0This Brief argues that the EU should move beyond a focus on formal alignment and improve the practical conditions under which resilience can be built and sustained. This means addressing persistent shortages of human, financial and institutional resources, and enabling more participation in operational activities, including information-sharing and joint exercises.
\nA shared threat environment
\nThe EU and its enlargement partners are increasingly connected through digital infrastructure, service providers and information spaces, exposing them to common vulnerabilities and adversaries. The Russian Viasat attack targeting the satellite KA-SAT network, for instance, demonstrated how a cyber operation aimed at disrupting Ukrainian communications also affected satellite broadband users across Europe(2).
\nThis shared environment is increasingly exposed to sophisticated cyberattacks, carried out by state actors including China, Russia, Iran and North Korea, as well as by non-state groups(3), through operations such as Volt Typhoon, NotPetya, the Homeland Justice attack, and the WannaCry and Andariel campaigns. The effects of these attacks are often systemic, with the potential to disrupt essential services, undermine elections and democratic processes and destabilise societies.
\nRecent data confirms the scale and intensity of this threat landscape. The EU Cybersecurity Agency (ENISA) recorded 4 875 incidents between July 2024 and June 2025, with a growing use of AI in malicious activities and an increase in attacks directly targeting strategic points in digital supply chains. Public services, transport, and digital infrastructure and services remain among the most targeted sectors, with public administration accounting for more than a third of recorded incidents alone. Around 80% of the reported attacks are ideologically driven, far exceeding financially motivated operations (13%) or cyberespionage (7%)(4).
\nA similar trend is observable in enlargement partners. Ukraine recorded more than 5 900 cyberattacks in 2025 (approximately 16 per day), representing a 37% increase compared to 2024 (4 315 incidents). Moldova, meanwhile, faced over 1 000 cyberattacks in the first half of 2025 alone, many attributed to Russian-affiliated groups. Electoral processes have been a primary target: peaks in large-scale Distributed Denial of Service (DDoS) attacks were reported around the 2024 presidential and 2025 parliamentary elections, with the 2025 elections generating over 16 million malicious connection attempts against electoral and government systems, forcing the temporary blocking of 4,000 websites(5).
\nA shared threat environment
\nAddressing cross-border vulnerabilities requires a response at the regional level. Yet efforts remain constrained by fragmented governance, limited resources, uneven capabilities and insufficient information-sharing across the EU and enlargement partners.
\nCompliance over operational resilience: The European Commission\u2019s January 2026 cybersecurity package(6) emphasises the importance of extended partnerships and cooperation to address the current threat landscape, and the Commission\u2019s 2025 enlargement package(7) frames gradual integration to strengthen security and stability before accession. While regulatory compliance is an important driver of regional security in the pre-accession context, it should not be at the expense of operational resilience. Alignment with the EU acquis does not in itself guarantee preparedness.
\nThe gradual uptake of key EU instruments \u2013 including the NIS2 Directive, the 5G Toolbox and broader digital policy frameworks \u2013 thus matters less as an end in itself than as a means to build resilience in practice. Yet instruments designed primarily for the Union\u2019s internal architecture are difficult to transpose operationally in enlargement contexts. Even across Member States, the implementation of frameworks such as NIS2 remains uneven(8). To narrow this gap, ENISA and the European Commission (DG ENEST) have concluded a three-year contribution agreement to strengthen cybersecurity resilience in the Western Balkans, supporting targeted capacity-building efforts. Tools such as the AR-in-a-Box(9) (\u2018Awareness Raising in a Box\u2019) support exercises and awareness-raising, while regional and bilateral formats \u2013 including the Western Balkans Cyber Capacity Centre (WB3C)(10), the EU-Ukraine Cyber Dialogue(11), and Moldova\u2019s access to the EU Cybersecurity Reserve(12) \u2013 reflect a growing emphasis on operational cooperation and solidarity. Alignment should focus on effective implementation and operationalisation.
\nLack of resources and institutional constraints: Institutional fragmentation, complex governance and the multiplicity of EU instruments also hinder coordination, especially in crisis situations where speed and clarity of responsibility are critical. At the same time, severe shortages of cybersecurity professionals remain a significant challenge both for the EU and for enlargement partners. While tools such as ENISA\u2019s European Cybersecurity Skills Framework(13) help address this issue by supporting the assessment and harmonisation of relevant competencies, the cybersecurity workforce remains insufficient, with more than half of European organisations (52%) struggling to\u00a0retain\u00a0qualified professionals(14). This not only weakens governments\u2019 defensive capabilities, but also limits the development of domestic expertise and solutions, as well as the use of open-source alternatives which require advanced in-house skills.
\nFurthermore, asymmetries in information-sharing between the EU and enlargement partners hinder cross-sector coordination and preparedness for transnational cyber incidents, highlighting one of the limits of pre-accession integration. While existing initiatives, such as the EU-Ukraine Cyber Dialogue, support exchanges of good practices and situational awareness, access to more advanced operational structures remains restricted. The EU CSIRTs network is not open to enlargement partners, as it is legally defined under the Network and Information Systems (NIS) framework. This highlights a broader constraint: current mechanisms are either too limited in scope or too restrictive to match the level of interdependence already in place. Alignment must also catch up with the de facto level of integration with the EU.
\nStructural dependencies and vulnerabilities: Cooperation will remain fragile if the underlying digital stack is fragmented and relies extensively on foreign providers. This points to another mismatch in the enlargement process: between rapid digitalisation as an accession requirement and the structural conditions needed for secure digitalisation. While the enlargement process incentivises fast uptake, the EU increasingly prioritises digital sovereignty and the reduction of strategic dependencies(15). In practice, however, enlargement partners rely on the most accessible solutions \u2013 often provided by dominant non-European actors, namely US and Chinese \u2013 because they are cheaper, scalable, user-friendly, and high- performing. As a result, current approaches risk entrenching the very dependencies the EU seeks to reduce.
\nDependence on non-European providers is a challenge not limited to enlargement partners. The EU\u2019s digital infrastructure relies heavily on a small number of external providers, particularly in cloud services, where Amazon, Google and Microsoft control 63% of the regional market(16). While the Commission\u2019s 2026 cybersecurity package \u2013 including NIS2 \u2013 acknowledges the security of ICT supply chains, addressing technological dependencies requires broader industrial policy choices. The issue extends beyond technical mitigation to questions of digital sovereignty and strategic autonomy. Aligning enlargement-driven digitalisation with the EU\u2019s sovereignty agenda is thus essential to limit structurally embedded dependencies.
\nEnhancing resilience before accession
\nIn order to enhance Europe\u2019s capacity to address digital threats, the EU and its enlargement partners need to improve political, societal and industrial resilience.<\/p>\n

Political resilience: The EU and its enlargement partners need to be able to sustain swift and collective action under pressure. This requires clear institutional mandates, interoperable procedures, effective crisis-management mechanisms and trusted information-sharing channels, supported by cooperation between cybersecurity agencies at EU, Member State and enlargement partner level, and by instruments such as NIS2 or the 5G Toolbox. Engagement with EU structures also needs to be more accessible and functional. Where full participation is not possible, alternative formats should be developed to enable closer interaction with relevant actors, including EU CSIRTs. Existing platforms, such as the WB3C, can play a key role in facilitating coordination, notably through joint exercises and the development of shared practices. Peer exchanges and practical collaboration on implementation challenges (such as managing high-risk vendors) should also be reinforced, as they can reduce fragmentation and support mutual learning.
\nSocietal resilience: European societies must also be able to withstand and recover from cyber and hybrid disruption without major political or social destabilisation. This requires robust digital architectures for critical infrastructures and essential services, supported by regional incident response mechanisms and improved sharing of operational experience. It also requires stronger basic and advanced digital skills among the population, both in the EU and in enlargement partners. In practice, this means better cyber awareness and hygiene, more practice-oriented university training, stronger links between public institutions, academia and the private sector, and greater resilience against disinformation and manipulation. EU tools, including ENISA\u2019s Cybersecurity Skills Framework, could support training, align skills and strengthen expertise; in parallel, simulations \u2013 such as the eight large-scale cyber exercises conducted by Ukraine since 2023 \u2013 could help develop practical know-how and operational readiness. These efforts can be further reinforced by leveraging broader European capacity-building initiatives, such as GLACY-e, the Octopus Project and EU CyberNet(17).
\nIndustrial resilience: The EU and its enlargement partners need a robust digital industrial base to reduce dependencies on non-European providers. This requires not only access to, but the ability to build, procure, maintain and scale trusted digital infrastructures and services. Industrial resilience thus extends beyond cybersecurity: it encompasses diversified ICT supply chains, effective data governance frameworks, strategic procurement policies, and the capacity to sustain regional solutions. A more integrated market across the wider European digital space could expand demand and enable regional providers to scale up and offer viable alternatives to dominant external actors. This would require targeted procurement, provider diversification, and sustained investment in skills, research and innovation ecosystems. Platforms such as the WB3C could serve not only as training hubs, but also as facilitators of regional industrial uptake, innovation and cross-border cooperation.
\nReferences
\n* The authors thank Maria Loredana Campione and Alessandro Vitiello, EUISS trainees, for their research assistance.
\n1. EEAS, \u2018Countering hybrid threats \u2013 strategic communications\u2019, 2024.
\n2. European Council\/Council of the European Union, \u2018Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union\u2019, 10 May 2022.
\n3. CERT-EU, Threat Landscape Report 2024: A Year in Review, 2025.
\n4. European Union Agency for Cybersecurity (ENISA), ENISA Threat Landscape, October 2025.
\n5. Data collected during a EUISS workshop on 12 March 2026, gathering enlargement partners, cybersecurity agencies and EU institutions.
\n6. European Commission, \u2018Proposal for a Regulation for the EU Cybersecurity Act\u2019, January 2026.
\n7. European Commision, \u20182025 Communication on EU enlargement policy\u2019, November 2025.
\n8. European Cyber Security Organisation, \u2018NIS2 Directive Transposition Tracker\u2019, 2026.
\n9. ENISA, \u2018Cybersecurity Awareness Raising: The ENISA-Do-It-Yourself Toolbox\u2019.
\n10. Western Balkans Cyber Capacity Centre.
\n11. EU-Ukraine Cyber Dialogue.
\n12. EU Cybersecurity Reserve.
\n13. ENISA, \u2018European Cybersecurity Skills Framework (ECSF)\u2019.
\n14. ISACA, \u2018 Budgets, staffing and skills fail to keep pace with rising cyber threats\u2019, September 2025.
\n15. European Commission, State of the Digital Decade 2025 report, 2025.
\n16. B\u00f4mont, C., \u2018Technical is political: When a cloud certification scheme divides Europe\u2019, Brief no. 26, EUISS, November 2025.
\n17. GLACY-e; Octopus; EU CyberNet.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Shared threats, shared resilience: Integrating enlargement partners in EU digital and cyber security https:\/\/www.iss.europa.eu\/publications\/briefs\/shared-threats-shared-resilience-integrating-enlargement-partners-eu-digital Publish…<\/p>\n","protected":false},"author":1,"featured_media":220518,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.iss.europa.eu\/sites\/default\/files\/2026-05\/cover.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24],"class_list":["post-220517","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/220517"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=220517"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/220517\/revisions"}],"predecessor-version":[{"id":220519,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/220517\/revisions\/220519"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/220518"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=220517"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=220517"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=220517"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}