The European Commission has presented an Action Plan on Cybersecurity and Artificial Intelligence to strengthen the EU's digital resilience.
Artificial intelligence is increasingly shaping the cybersecurity landscape from both a defensive and offensive perspective. According to the Commission, AI can help detect vulnerabilities, prevent cyberattacks, and strengthen the protection of critical infrastructure. At the same time, the technology can be exploited by malicious actors to automate attacks and identify weaknesses at optimised speed and scale than before.
The Action Plan sets out a coordinated approach intended to help member states, businesses, and public authorities benefit from AI-driven opportunities while managing the associated risks. It is structured around three complementary objectives: promoting the safe and responsible use of advanced AI, reinforcing the EU's cybersecurity and resilience, and scaling up Europe's AI capabilities for cybersecurity purposes.
Testing, evaluation, and sectoral deployment
To support the safe use of advanced AI, the Commission plans to strengthen Europe's capacity to evaluate AI models before they reach the EU market, in line with the AI Act. It will also collaborate with the European Union Agency for Cybersecurity (ENISA) to develop a European Blueprint for secure access to advanced AI systems used for cybersecurity purposes, alongside a secure testing platform. This platform is intended to help organisations in critical sectors, including energy, transport, health, finance, and public administration, test and deploy AI solutions safely.
Moreover, the plan also promotes implementation of existing EU cybersecurity legislation, including the NIS2 Directive and the Cyber Resilience Act, and encourages organisations to use AI, including open-source models where appropriate, to identify and address vulnerabilities more quickly.
Building sovereign AI and cybersecurity capacity
On the third objective, the Commission intends to launch an EU Grand Challenge on AI for cybersecurity, bringing together companies, researchers, and other stakeholders to develop AI-powered cybersecurity solutions. The EU will continue investing in sovereign AI capabilities through initiatives such as AI Factories and future Gigafactories, while seeking to encourage private investment to scale up European AI technologies.
The Action Plan complements the EU's broader legal framework for AI and cybersecurity, including the AI Act, the Cyber Resilience Act, the NIS2 Directive, the Digital Operational Resilience Act (DORA), and the Cyber Solidarity Act. Through the process of involving EU institutions, member states, industry, researchers, open-source communities, and international partners, the initiative is intended to help Europe capture the benefits of AI while remaining resilient against emerging cybersecurity threats.