The European Commission released the "Action Plan on Cybersecurity and Artificial Intelligence" on July 7, 2026. This plan outlines several key actions to achieve three objectives: Promoting the safe and responsible use of advanced AI, reinforcing the EU's cybersecurity and resilience, and scaling up Europe's AI capabilities for cybersecurity.
1. Promoting the Safe and Responsible Use of Advanced AI
The EU AI Act requires advanced AI models to undergo risk assessments before entering the EU market. The European Commission will support the establishment of EU-wide capabilities for evaluating AI models, with a specific focus on cybersecurity. The Commission will coordinate with the European Union Agency for Cybersecurity (ENISA) to define a structured access blueprint for cybersecurity purposes. This blueprint will clarify how AI providers should grant access to European public and private organizations. ENISA will partner with the Joint Research Centre (JRC) to set up a secure testing platform. This platform will allow critical infrastructure operators to test AI performance in realistic scenarios, such as vulnerability scanning and incident response, without exposing their real systems to potential risks.
2. Reinforcing the EU's cybersecurity and resilience
The widespread deployment of advanced AI capabilities poses a risk, as these tools can be misused to target the economy and society. To counter this threat and harness AI to enhance cyber resilience, ENISA plans to publish practical guidelines. These will focus on defending against AI-driven attacks and safely integrating AI into cybersecurity operations. The European Commission, member states, and ENISA will collaborate to upgrade vulnerability management. This effort aims to ensure that existing tools, such as the European Vulnerability Database, remain effective in the AI era. They will also launch pilot activities that utilize AI to accelerate the remediation of vulnerabilities in open-source components used by critical infrastructure.
3. Scaling up Europe's AI capabilities for cybersecurity
To reduce dependence on external systems and safeguard technical sovereignty, the Action Plan aims to boost Europe's capacity to develop its own AI solutions. The EU will launch an EU Grand Challenge. This initiative will bring businesses and research organizations together to develop AI systems capable of automatically analyzing and patching vulnerabilities. The Commission will work with member states to open up the computing power of "AI Factories." This resource will be used to test, train, and deploy advanced AI models necessary for cyber resilience. The Commission, member states, and the industry will collaborate to provide professional training through the Cybersecurity Skills Academy. They will develop dedicated training modules on AI tool applications specifically for cybersecurity professionals.
This Action Plan serves as a complement to the EU's existing legal frameworks for AI and cybersecurity. By uniting the efforts of EU institutions, member states, the industry, researchers, the open-source community, and international partners, the EU aims to fully leverage the benefits of AI while maintaining strong defenses against emerging cybersecurity threats.