In the midst of escalating cyber attacks supported by the Chinese Communist Party, the European Union is taking action to play a greater role in helping businesses and governments address cybersecurity issues.
In April of this year, when the U.S. government faced a temporary halt in aid to a crucial security organization, experts warned about the cybersecurity system in Europe.
For decades, the United States has publicly disclosed a catalog of cybersecurity vulnerabilities through a non-profit organization. This catalog provides guidance on dealing with hacker threats, allowing companies and governments worldwide to report security issues and find solutions.
Although the U.S. cyber security program was not ultimately disrupted, it exposed Europe’s excessive reliance on key U.S. digital infrastructure in the face of escalating cyber threats.
Juhan Lepassaar, head of the European Union Agency for Network and Information Security (Enisa), stated that the EU needs to “step up efforts” to play a more proactive role in reporting and fixing potential cyber threats.
“So far, we have not established a global system, and this system largely relies on the capabilities of the United States,” Lepassaar told the Financial Times. “As Europe, we are ready to participate and make this global framework stronger.”
Lepassaar mentioned that the EU established a new institution last month responsible for issuing vulnerability warnings to European businesses and governments.
While the U.S. cyber security plan overseen by the Cybersecurity and Infrastructure Security Agency (CISA) faced budgetary issues, CISA attributed the funding shortage to governmental decisions. According to the 2026 budget proposal, the agency will cut over a thousand employees and reduce funding by nearly $495 million.
The system releases over 100 vulnerability reports daily, accumulating over 40,000 annually. Lepassaar stated, “Not all vulnerabilities are critical, but on average, a critical vulnerability emerges every day, so measures must be taken to address them.”
He noted that the EU established its own “European Vulnerability Database” last month and aims to play a more active role in providing patches and guidance, especially in assisting European companies in dealing with these potential threats.
Even before the funding issues faced by the U.S. cyber security organization, the EU database had already begun preparations, but these issues have made the full implementation of the database more urgent.
“Essentially, this is to better protect our backyard, and in doing so, also strengthens the global vulnerability management framework,” said Lepassaar.
Lepassaar pointed out that state-sponsored cyber attacks are intensifying.
“We see attacks related to states escalating against critical infrastructure, and of course, public administrations are also targets… From the first quarter of 2025, threat actors related to (Communist) China are targeting the telecommunications industry,” he said.
Last month, the Czech government attributed malicious cyber attacks against its Foreign Ministry to the Chinese Communist Party.
Lepassaar highlighted that ransomware attacks are also a significant issue. Additionally, there are politically motivated attacks launched by so-called “hacktivists.”
“From a security perspective, the energy, telecommunications, and banking sectors are quite mature,” he said, but public administration, healthcare, and wastewater management are causes for concern and fall under “risk areas” that require action.
Last year, the EU passed new network resilience rules, requiring companies to establish better security standards in products containing digital components like smartwatches or baby monitors.
The European Commission is also reviewing the Network Security Bill, which could expand the scope of Enisa’s powers.
Lepassaar stated that his agency can play a more proactive role in assisting market participants in better implementing the new network resilience rules.
(This article referenced reports from the Financial Times.)