Cyber Solidarity Act

About

Recitals

 Chapter II – The European Cybersecurity Alert System (Art. 3-9)

  • Art. 3 CSol – Establishment of the European Cybersecurity Alert System
    1. A pan-European network of infrastructure that consists of National Cyber Hubs and Cross-Border Cyber Hubs joining on a voluntary basis, the European Cybersecurity Alert System, shall be established to support the development of advanced capabilities for the Union to enhance detection, analysis and data processing capabilities in relation to cyber threats and the prevention of incidents in the Union.
    2. The European Cybersecurity Alert System shall:
      1. contribute to better protection from and responses to cyber threats by supporting and cooperating with, and reinforcing the capabilities of, relevant entities, in particular CSIRTs, the CSIRTs network, EU-CyCLONe and competent authorities designated or established pursuant to Article 8(1) of Directive (EU) 2022/2555;
      2. pool relevant data and information on cyber threats and incidents from various sources within the Cross-Border Cyber Hubs and share analysed or aggregated information through Cross-Border Cyber Hubs, where relevant with the CSIRTs network;
      3. collect and support the production of high-quality, actionable information and cyber threat intelligence, through the use of state-of-the art tools and advanced technologies, and share that information and cyber threat intelligence;
      4. contribute to enhancing the coordinated detection of cyber threats and common situational awareness across the Union, and to the issuing of alerts, including, where relevant, by providing concrete recommendations to entities;
      5. provide services and activities for the cybersecurity community in the Union, including contributing to the development of advanced tools and technologies, such as artificial intelligence and data analytics tools.
    3. Actions implementing the European Cybersecurity Alert System shall be supported by funding from the Digital Europe Programme (DEP) and implemented in accordance with Regulation (EU) 2021/694, in particular Specific Objective 3 thereof.
  • Art. 4 CSol – National Cyber Hubs
    1. Where a Member State decides to participate in the European Cybersecurity Alert System, it shall designate or, where applicable, establish a National Cyber Hub for the purposes of this Regulation.
    2. A National Cyber Hub shall be a single entity acting under the authority of a Member State. It may be a CSIRT or, where applicable, a national cyber crisis management authority or other competent authority designated or established pursuant to Article 8(1) of Directive (EU) 2022/2555, or another entity. The National Cyber Hub shall:
      1. have the capacity to act as a reference point and gateway to other public and private organisations at national level for collecting and analysing information on cyber threats and incidents and to contribute to a Cross-Border Cyber Hub as referred to in Article 5; and
      2. be capable of detecting, aggregating, and analysing data and information relevant to cyber threats and incidents, such as cyber threat intelligence, by using in particular state-of-the-art technologies, with the aim of preventing incidents.
    3. As part of the functions referred to in paragraph 2 of this Article, National Cyber Hubs may cooperate with private sector entities to exchange relevant data and information for the purpose of detecting and preventing cyber threats and incidents, including with sectoral and cross-sectoral communities of essential and important entities as referred to in Article 3 of Directive (EU) 2022/2555. Where appropriate and in accordance with Union and national law, the information requested or received by National Cyber Hubs may include telemetry, sensor and logging data.
    4. A Member State selected pursuant to Article 9(1) shall commit to applying for its National Cyber Hub to participate in a Cross-Border Cyber Hub.
  • Art. 5 CSol – Cross-Border Cyber Hubs
    1. Where at least three Member States are committed to ensuring that their National Cyber Hubs work together to coordinate their cyber-detection and threat monitoring activities, those Member States may establish a Hosting Consortium for the purposes of this Regulation.
    2. A Hosting Consortium shall be composed of at least three participating Member States that have agreed to establish and contribute to the acquisition of tools, infrastructure or services for, and the operation of, a Cross-Border Cyber Hub, in accordance with paragraph 4.
    3. Where a Hosting Consortium is selected in accordance with Article 9(3), its members shall conclude a written consortium agreement which:
      1. sets out the internal arrangements for implementing the hosting and usage agreement referred to in Article 9(3);
      2. establishes the Hosting Consortium’s Cross-Border Cyber Hub; and
      3. includes the specific clauses required pursuant to Article 6(1) and (2).
    4. A Cross-Border Cyber Hub shall be a multi-country platform established by a written consortium agreement as referred to in paragraph 3. It shall bring together in a coordinated network structure the National Cyber Hubs of the Hosting Consortium’s Member States. It shall be designed to enhance the monitoring, detection and analysis of cyber threats, to prevent incidents and to support the production of cyber threat intelligence, in particular through the exchange of relevant data and information, anonymised where appropriate, as well as through the sharing of state-of-the-art tools and the joint development of cyber detection, analysis, and prevention and protection capabilities in a trusted environment.
    5. A Cross-Border Cyber Hub shall be represented for legal purposes by a member of the corresponding Hosting Consortium acting as a coordinator, or by the Hosting Consortium if it has legal personality. Responsibility for compliance by the Cross-Border Cyber Hub with this Regulation and the hosting and usage agreement shall be allocated in the written consortium agreement referred to in paragraph 3.
    6. A Member State may join an existing Hosting Consortium with the agreement of the Hosting Consortium members. The written consortium agreement referred to in paragraph 3 and the hosting and usage agreement shall be modified accordingly. This shall not affect the ownership rights of the European Cybersecurity Industrial, Technology and Research Competence Centre (ECCC) over the tools, infrastructure or services already jointly procured with that Hosting Consortium.
  • Art. 6 CSol – Cooperation and information sharing within and between Cross-Border Cyber Hubs
    1. Members of a Hosting Consortium shall ensure that their National Cyber Hubs share, in accordance with the written consortium agreement referred to in Article 5(3), relevant information, anonymised where appropriate, such as information relating to cyber threats, near misses, vulnerabilities, techniques and procedures, indicators of compromise, adversarial tactics, threat-actor-specific information, cybersecurity alerts and recommendations regarding the configuration of cybersecurity tools to detect cyberattacks, among themselves within the Cross-Border Cyber Hub where such information sharing:
      1. fosters and enhances the detection of cyber threats and reinforces the capabilities of the CSIRTs network to prevent and respond to incidents or to mitigate their impact;
      2. enhances the level of cybersecurity, for example through raising awareness in relation to cyber threats, limiting or impeding the ability of such threats to spread, supporting a range of defensive capabilities, vulnerability remediation and disclosure, threat detection, containment and prevention techniques, mitigation strategies, response and recovery stages or promoting collaborative threat research between public and private entities.
    2. The written consortium agreement referred to in Article 5(3) shall establish:
      1. a commitment to share among the members of the Hosting Consortium information as referred to in paragraph 1 and the conditions under which that information is to be shared;
      2. a governance framework clarifying and incentivising the sharing by all participants of relevant information, anonymised where appropriate, as referred to in paragraph 1;
      3. targets for contribution to the development of advanced tools and technologies, such as artificial intelligence and data analytics tools.

      The written consortium agreement may specify that the information referred to in paragraph 1 is to be shared in accordance with Union and national law.

    3. Cross-Border Cyber Hubs shall conclude cooperation agreements with one another, specifying interoperability and information-sharing principles among the Cross-Border Cyber Hubs. Cross-Border Cyber Hubs shall inform the Commission about the cooperation agreements concluded.
    4. Information sharing as referred to in paragraph 1 between Cross-Border Cyber Hubs shall be ensured by a high level of interoperability. To support such interoperability, ENISA shall, in close consultation with the Commission, without undue delay and in any event by 5 February 2026, issue interoperability guidelines specifying in particular information-sharing formats and protocols, taking into account international standards and best practices, as well as the functioning of any established Cross-Border Cyber Hubs. Interoperability requirements provided for in the cooperation agreements of Cross-Border Cyber Hubs shall be based on the guidelines issued by ENISA.
  • Art. 7 CSol – Cooperation and information sharing with Union-level networks
    1. Cross-Border Cyber Hubs and the CSIRTs network shall cooperate closely, in particular for the purpose of sharing information. To that end, they shall agree on procedural arrangements on cooperation and sharing of relevant information and, without prejudice to paragraph 2, on the types of information to be shared.
    2. Where the Cross-Border Cyber Hubs obtain information relating to a potential or ongoing large-scale cybersecurity incident, they shall ensure, for the purposes of common situational awareness, that relevant information as well as early warnings are provided to Member States’ authorities and the Commission through EU-CyCLONe and the CSIRTs network without undue delay.
  • Art. 8 CSol – Security
    1. Member States participating in the European Cybersecurity Alert System shall ensure a high level of cybersecurity, including confidentiality and data security, as well as physical security of the European Cybersecurity Alert System network, and shall ensure that the network is adequately managed and controlled in such a way as to protect it from threats and to ensure its security and that of the systems, including that of data and information shared through the network.
    2. Member States participating in the European Cybersecurity Alert System shall ensure that the sharing of information referred to in Article 6(1) within the European Cybersecurity Alert System with any entity other than a public authority or body of a Member State does not negatively affect the security interests of the Union or of the Member States.
  • Art. 9 CSol – Funding of the European Cybersecurity Alert System
    1. Following a call for expressions of interest for Member States intending to participate in the European Cybersecurity Alert System, the ECCC shall select Member States to take part with the ECCC in the joint procurement of tools, infrastructure or services in order to set up, or enhance the capabilities of, National Cyber Hubs designated or established pursuant to Article 4(1). The ECCC may award to the selected Member States grants to fund the operation of such tools, infrastructure or services. The Union financial contribution shall cover up to 50 % of the acquisition costs of the tools, infrastructure or services and up to 50 % of the operational costs. The selected Member States shall cover the remaining costs. Before launching the procedure for the acquisition of tools, infrastructure or services, the ECCC and the selected Member States shall conclude a hosting and usage agreement regulating the usage of the tools, infrastructure or services.
    2. Where a Member State’s National Cyber Hub is not a participant in a Cross-Border Cyber Hub within 2 years of the date on which the tools, infrastructure or services were acquired, or on which it received grant funding, whichever occurred sooner, the Member State shall not be eligible for additional Union support under this Chapter until it has joined a Cross-Border Cyber Hub.
    3. Following a call for expressions of interest, a Hosting Consortium shall be selected by the ECCC to participate in a joint procurement of tools, infrastructure or services with the ECCC. The ECCC may award a grant to the Hosting Consortium to fund the operation of the tools, infrastructure or services. The Union financial contribution shall cover up to 75 % of the acquisition costs of the tools, infrastructure or services, and up to 50 % of the operational costs. The Hosting Consortium shall cover the remaining costs. Before launching the procedure for the acquisition of tools, infrastructure or services, the ECCC and the Hosting Consortium shall conclude a hosting and usage agreement regulating the usage of the tools, infrastructure or services.
    4. The ECCC shall prepare, at least every 2 years, a mapping of the tools, infrastructure or services necessary and of adequate quality to establish, or enhance the capabilities of, National Cyber Hubs and Cross-Border Cyber Hubs, and their availability, including from legal entities established or deemed to be established in Member States and controlled by Member States or by nationals of Member States. When preparing the mapping, the ECCC shall consult the CSIRTs network, any existing Cross-Border Cyber Hubs, ENISA and the Commission.

Previous article

 Chapter I – General provisions (Art. 1-2)

Next article

Chapter III – Cybersecurity Emergency Mechanism (Art. 10-20)

Read More About AI
AI News
Read More About Consumer & E-commerce
Consumer & E-commerce News
Read More About Cybersecurity
Cybersecurity News
Read More About Data
Data News
Read More About Digital Privacy
Digital Privacy News
Read More About Digital Services
Digital Services News