The European Commission wants Europe ready for a new generation of AI, capable of shielding critical systems or exploiting them. Its new plan rests on three pillars: access to advanced AI models, an EU capacity to evaluate them, and a shared platform to test them.
The European Commission presented the Action Plan on Cybersecurity and Artificial Intelligence on 7 July. It aims to prepare the Union for a new generation of AI systems, capable of strengthening cyber defences, spotting vulnerabilities, and powering attacks at scale. Ms Virkkunen presented the plan to MEPs in the Parliament’s plenary earlier in the day.
“AI is transforming the meaning of cybersecurity. And we must keep pace. The EU has strong foundations in place to adapt its response in the face of vulnerabilities that emerging tech brings with it. We must harness and focus existing capabilities, networks and the legal framework to fortify the cybersecurity protecting our digital landscape,” said Henna Virkkunen, Commission Executive Vice-President for Tech Sovereignty, Security and Democracy.
What’s inside
Among the announced measures, the Commission will launch a call to establish an EU evaluation capacity for cybersecurity, expected to become operational in 2027. It will support the AI Office’s regulatory role by strengthening third-party assessment of AI capabilities and risks globally. Asked whether non-EU entities could take part, Ms Virkkunen was cautious: “We will now define the criteria for what type of entities can participate. But here we are talking about security and how we can test the security of models. So we are talking about very sensitive issues.”
The Commission will also work with the EU Agency for Cybersecurity (ENISA) to define a European Blueprint for structured access to advanced AI capabilities for cybersecurity. ENISA and the Commission’s Joint Research Centre (JRC) will create a secure platform to test AI in simulated environments, with a particular focus on critical sectors such as energy, finance and health.
You might be interested
Brussels is also encouraging administrations and businesses to use AI tools, including open-source models, to identify and address vulnerabilities more quickly. Finally, the plan includes a European “Grand Challenge” dedicated to AI for cybersecurity, alongside new initiatives to strengthen European industrial capabilities in the sector.
AI is transforming the meaning of cybersecurity. And we must keep pace.
— Henna Virkkunen, Commission Executive Vice-President for Tech Sovereignty, Security and Democracy
The action plan follows weeks of pressure over Mythos, the advanced AI model developed by Anthropic. ENISA, the EU’s cybersecurity agency, gained restricted access to the model through Anthropic’s Project Glasswing after intense lobbying from Brussels. The affair has fuelled concerns about Europe’s dependence on large US companies in the development of frontier models, and the need to equip European authorities with the tools to test them independently.