A view from Brussels: EU tackles AI and cyber
A view from Brussels: EU tackles AI and cyber
https://iapp.org/news/a/a-view-from-brussels-eu-tackles-ai-and-cyber
Publish Date: 2026-07-09 12:10:00
Source Domain: iapp.org
“(Artificial intelligence) is transforming the meaning of cybersecurity. And we must keep pace,” Executive Vice-President of the European Commission for Technological Sovereignty, Security and Democracy Henna Virkkunen said as she presented the commission’s EU Action Plan on Cybersecurity and Artificial Intelligence Tuesday.
The action plan is a direct response to unprecedented cybersecurity capabilities of the latest AI models, that also change the “economics of malicious actors,” she explained. It follows suit with recent declaration from the G7 Cybersecurity Working Group to strengthen global digital resilience. It also builds on a call to action from the Five Eyes cybersecurity agencies: AI undeniably accelerates the sophistication of cyber threats at unpresented scale and speed.
The AI cyber action plan therefore reflects a growing reality for digital governance teams: AI-enabled cyber shock is already prompting them to use AI automation to triage and remediate against cyberthreats, to list cyberattacks and third-party vendors management among top digital risks, and to improve efficiencies between trust, governance and security across the business.
The IAPP’s Navigate: Digital Risk Index 2026 attests to the significance of risks related to nation-state or sponsored cyberattacks, espionage and warfare on one hand, and AI technologies as accelerating or compounding risks on the other.
The European Commission is accelerating three priorities.
First, AI models with high cyber capability deployed in Europe must be safe. AI Act enforcement will play a role to ensure providers establish appropriate safeguards against misuse including in the cyber domains. Brussels will also launch a call to step up evaluation capacity of AI models by 2027 and strengthen know-how to deploy advanced AI models for Europe’s own cybersecurity.
Second, the Commission wants to identify and fix critical vulnerabilities faster. That means full implementation of the NIS2 Directive,…