Council of the EU adopts updated cyber crisis management blueprint

On 6 June 2025, EU telecom ministers formally adopted a revised blueprint for managing large-scale cyber incidents and crises across the European Union. The document aims to provide structured guidance for coordination among EU member states and relevant institutions during serious cybersecurity events.

The new blueprint updates the original 2017 version in response to a shifting threat environment and recent legislative developments, notably the NIS2 Directive and the Cyber Solidarity Act. It addresses the growing need for better coordination in light of increasing cross-border cyber threats that may overwhelm individual member states.

The document outlines how national authorities and EU institutions should cooperate in detecting, responding to, and recovering from cyber crises. It defines conditions under which a cybersecurity incident should be managed at the EU level and clarifies roles for entities such as:

• ENISA (EU Agency for Cybersecurity)
• EU-CyCLONe (European Cyber Crisis Liaison Organisation Network)

It also underscores the need for coherent public communication and outlines protocols for coordination before, during, and after a crisis.

The blueprint highlights the relevance of hybrid threats, which combine cyberattacks with other forms of interference, and the potential for these to disrupt the EU’s internal market or public safety. In such cases, collective EU-level crisis management is necessary.

The blueprint promotes strengthened cooperation between civilian and military actors, including engagement with NATO where appropriate. It also includes guidance for post-crisis recovery and encourages the sharing of lessons learned to improve future responses.