Scope

The EU Cyber Solidarity Act aims to enhance cooperation at the Union level for better detection, preparation, and response to significant or large-scale cybersecurity incidents. This involves establishing a European Cybersecurity Shield and a comprehensive Cyber Emergency Mechanism.

Relevance

While the Cyber Solidarity Act does not impose direct obligations on most enterprises, it strengthens the regulatory and operational environment for cybersecurity in Europe, reinforcing the importance for Norwegian enterprises to maintain a high level of cyber resilience and alignment with EU cybersecurity frameworks. Norwegian enterprises may be affected through enhanced expectations for cyber preparedness, information sharing, and incident response, especially when operating cross-border or as part of EU-based value chains

Key obligations

To swiftly and effectively identify major cyber threats, the Regulation aims to establish a European Cyber Shield. This will be a pan-European infrastructure comprising national and cross-border Security Operations Centres (SOCs) across the EU. These SOCs will use cutting-edge technologies like artificial intelligence (AI) and advanced data analytics to detect and share timely warnings on cyber threats and incidents across borders. This approach allows authorities and relevant entities to respond more efficiently and effectively to major incidents.

The goal is to have these centres operational by early 2024. In preparation for the European Cyber Shield, the Commission, under the Digital Europe Programme, selected three consortia of cross-border Security Operations Centres (SOC) in April 2023. These consortia bring together public bodies from 17 Member States and Iceland.

Additionally, the EU Cyber Solidarity Act introduces a Cyber Emergency Mechanism to boost preparedness and enhance incident response capabilities in the EU.