In an increasingly unpredictable world, the European Union has shown over again its capacity to protect its citizens and ensure our common security. As the nature of threats evolves and crises become more multidimensional, the Commission has adopted a holistic approach to security, and we have developed the necessary tools to keep Europe safe.
EU Security Union Strategy 2020-2025
In 2020, the Commission adopted its EU Security Union Strategy 2020-2025. The strategy has been the roadmap for our action on security internal and external during the current mandate and it is articulated around four pillars:
- Protection and resilience of key infrastructure and networks
- Tackling evolving threats
- Fighting against organised crime and terrorism
- Building a strong European ecosystem
The first pillar covers the protection and resilience of key infrastructure and networks. In recent years we have boosted the physical security of critical infrastructure and entities thanks to the Critical Entities Resilience Directive, which requires that Member States carry out risk assessments of their critical sectors; and with the Critical Infrastructure Blueprint, we set a framework for a unified response to common critical infrastructure incidents.
Our interconnected world has given rise to risks in the online sphere, too. With the Directive for a high common level of cybersecurity across the Union (NIS2 Directive), the Digital Operational Resilience Act, and the Cyber Resilience Act, this Commission has created a framework that increases the cybersecurity of all products traded in the Single Market, and which provides more robust requirements for critical sectors such as public administrations, postal services, hospitals, and the financial sector.
The Strategy’s second pillar focuses on tackling evolving threats. The Commission has acted to counter the rise of disinformation and misinformation, especially online. We strengthened the Code of Practice on Disinformation which includes major technology companies, platforms and the civil society, and with the Digital Services Act we added additional means to prevent false information from spreading online.
Acting on the Strategy’s third pillar, we have stepped up the fight against organised crime and terrorism offline and online. We have set out rules to fight new forms of trafficking in human beings; we have laid out a roadmap in the fight against criminal networks, notably those involved in drug trafficking. Furthermore, to fight terrorism and prevent radicalisation, rules have been put in place requiring that online platforms remove online terrorist content within one hour.
We have also worked on developing a strong European ecosystem, the fourth pillar. We have boosted cross-border cooperation of police and law enforcement authorities. Europol has been given a reinforced mandate to better support national authorities with information, analysis, and expertise; and Eurojust’s mandate has been strengthened to improve its capacity to support Member States in the investigation of serious cross-border crimes such as terrorism.
Protecting our borders
The protection and good functioning of our external borders is another core element of our security. The Commission worked to enable the conditions that allowed the safe and successful enlargement of the Schengen area to Croatia, Romania, and Bulgaria, while at the same time updating its governance and its rules.
A yearly Schengen cycle was launched in 2022, starting each year with a State of Schengen Report, which identifies risks and security gaps; and in February 2024, an agreement was reached by co-legislators on an updated Schengen Borders Code. Amongst others, the new code defines a mechanism to introduce temporary travel restrictions at the external border in case of health emergencies, and gives Member States the means to fight the instrumentalisation of migrants by third-countries or non-State actors.
Defence
Finally, with war back on the European continent, we are stepping up our defence capabilities to keep Europeans safe.
We have boosted our strong partnership with NATO, a key security partner in which 22 Member States are also present. Through a new Joint Declaration on EU-NATO Cooperation signed in January 2023, we are boosting our common work on hybrid threats, cyber, terrorism, and the security implications of climate change. Moreover, we launched the EU-NATO Task Force on resilience of critical infrastructure in March 2023, to better prevent common disruptions to essential services and address joint security challenges in the area of critical infrastructure.
Meanwhile, with the European Defence Fund, the European defence industry reinforcement through common procurement act, and the Act in Support of Ammunition Production, we are mobilising Europe's defence industry to manufacture more of our security at home. In March 2024, the Commission presented the European Defence Industrial Strategy (EDIS) and the European Defence Industry Programme (EDIP), which adopt the logics of the European defence industry reinforcement through common procurement act (EDIRPA) and the Act in Support of Ammunition Production (ASAP) for the longer term, ensuring that when it comes to defence, we invest more, better, together, and European.
Key policies and achievements
- Increasing the resilience of our critical infrastructure and cyber resilience
- Combatting child sexual abuse
- Fighting terrorism and organised crime
- Enhancing police cooperation to strengthen our security ecosystem
- Enlarging and reinforcing the Schengen area
- Boosting the EU’s defence partnerships and capabilities
The Critical Entities Resilience Directive which entered into force in January 2023, strengthens resilience against natural hazards, terrorist attacks, sabotage, and public emergencies for critical entities in sectors like banking and financial markets, transport, energy, health, water, and food production.
Under the new rules, Member States will identify those critical entities, and such entities will have to carry risk assessments of their own, including security measures to be followed in case of an incident.
The NIS2 Directive expands cybersecurity rules to cover new sectors, such as telecoms providers, postal services, public administration, and healthcare. With these instruments, there are now modern rules in place securing the physical and digital aspects of critical infrastructure sectors, including energy, transport, health, space, telecommunications and digital.
The Digital Operational Resilience Act, in force since January 2023, makes sure the financial sector in Europe is able to continue functioning at all times in case of operational disruption. With financial institutions depending increasingly on IT services, safeguards are necessary to mitigate cyberattacks and other risks.
Meanwhile, the Cyber Resilience Act, agreed in December 2023, improves the level of cybersecurity of digital products. It introduces cybersecurity requirements for all hardware and software, from baby monitors, smart watches, and computer games to firewalls and routers.
Furthermore, to improve the EU’s preparedness to sabotage, the Commission invited Member States to conduct stress tests of critical infrastructure operators and most of them reported to have completed the tests by the end of 2023. And we proposed a Critical Infrastructure Blueprint, to strengthen coordination of response between EU institutions and Member State, in case of common critical infrastructure incidents.
In May 2022, the Commission proposed ambitious legislation to prevent and tackle child sexual abuse online, with strong safeguards to data protection and efficient processes. This is key to protect children in the real and online world. To avoid a legislative gap in the detection and reporting of child sexual abuse online while co-legislators negotiate, the Commission has proposed an extension to interim rules that allow the voluntary detection and reporting by online providers of child sex abuse.
In February 2024, we set out additional protection for children, with a proposal to extend the definition of criminal offences related to child sexual abuse. The proposal also reinforces investigation and prosecution, it extends the statute of limitations to support victims, and it creates an obligation for professionals working closely with children to report offences of which they might suspect.
Fighting terrorism and organised crime
During this mandate, the Commission has taken concrete actions to better prevent and respond to terrorist threats on the basis of the Counter-Terrorism Agenda presented in December 2020. Preventing radicalisation is the first step: to counter radicalisation online, the Commission set out rules to ensure that any terrorist content online is removed within a maximum of one hour.
The traffic of firearms represents a risk and a security challenge. In February 2021, new rules on reinforced control of legally held firearms and access to explosives entered into force. They include harmonised and increased controls on the availability, possession, and use of substances that could be used to build home-made explosives.
In October 2023, the Commission adopted an EU Roadmap to step up the fight against drug trafficking and criminal networks. In particular, the Commission has proposed a new European Ports Alliance to increase the resilience of ports against criminal infiltration by reinforcing the work of customs authorities, law enforcement, and public and private actors in ports across the EU. Likewise, we have worked with partner countries from which drug shipments usually depart to reinforce cooperation and limit the options of criminal gangs.
In July 2024 revised rules to fight trafficking in human beings entered into force. These rules add forced marriage, illegal adoption, and surrogacy, as typed of exploitation. They also include new forms of exploitation that take place online, and the qualify as a criminal offence the use by a knowingly person of services provided by someone who is victim of trafficking.
To effectively fight the risks of corruption, the Commission adopted in May 2023, a package of anti-corruption measures, which include rules criminalising corruption offences and harmonising penalties across the EU. And we now monitor developments relevant to the fight against corruption in the annual Rule of Law Report.
Enhancing police cooperation to strengthen our security ecosystem
Several instruments have been adopted to support law enforcement authorities in Member States in their fight against organised crime and terrorism and boost prevention, detection, and investigation of criminal offences in the EU.
This Commission strengthened Europol’s mandate, to allow the agency to better support national law enforcement authorities with information, analysis and expertise, and to facilitate cross-border police cooperation and terrorism-related investigations. Europol is now able to better support Member States in combating terrorism, serious and organised crime. Its new powers have led to many successful operations, such as Encrochat, which resulted in:
In December 2021, the Commission proposed initiatives to improve police cooperation, including measures to accelerate the exchange of information between police forces. A further update of the Prüm framework on automated exchange of information between law enforcement authorities entered into force in April 2024.
Furthermore, we moved to reinforce external border management and internal security with proposals on the collection and transfer of advance passenger information.
Enlarging and reinforcing the Schengen area
During this mandate we were able to welcome Croatia into the Schengen area in January 2023. This was the first enlargement of Schengen in over a decade, and a significant achievement made possible thanks to Croatia’s efforts and to the Commission’s support ensuring the right structures are in place. Similarly, in March 2024, Romania and Bulgaria became Schengen members following a historic decision by the Council in December 2023. Controls at the internal air and sea borders have been lifted and the Council will establish another date for the lifting of checks at internal land borders.
This happened thanks to intense discussions with Member States and concrete operational support: pilot projects were developed by the Commission with Romania and Bulgaria that allowed to identify best practices in accelerated asylum procedures, effective returns, border management, and reinforced cooperation with neighbouring countries.
The Schengen area is now underpinned by a new governance model, with a Schengen cycle started by a yearly State of Schengen Report, which is prepared by the Commission and identifies risks, gaps, and concrete measures to reinforce its functioning.
The Commission also succeeded in unblocking a proposed update to the Schengen Borders Code. Following close contact with Member States about their interest and concerns, in February 2024 co-legislators agreed to the revision and the Code entered into force in July. The updated code clarifies the conditions for the reintroduction of internal border controls and promotes the application of alternative measures, when possible.
Drawing from the lessons of the COVID-19 pandemic, it also provides for a clear mechanism for temporary travel restrictions at the external border in case of a health emergency. It gives Member States the tools to fight the instrumentalisation of migrants by a third-country or a non-State actor, it reinforces cross-border police cooperation, and it creates a new transfer procedure for irregular migrants.
The Commission also took measures to reinforce borders and police cooperation: in March 2023, the Commission established the first-ever European integrated border management strategy; and a new interoperability framework of large-scale IT systems for border management has been agreed at EU level.
Boosting the EU’s defence partnerships and capabilities
At a time when war has returned to Europe, the Commission has taken bold steps towards a European Defence Union – to ensure that the EU is prepared for all scenarios – from traditional to hybrid, be it on land, at sea, in the air, in outer space or cyberspace.
At the same time, we have expanded our cooperation with NATO, our strategic security partner. Through a new Joint Declaration on EU-NATO Cooperation signed in January 2023, we are boosting our common work on hybrid threats, cyber, terrorism, and the security implications of climate change. Moreover, we launched the EU-NATO Task Force on resilience of critical infrastructure in March 2023, to better prevent common disruptions to essential services and address joint security challenges in the area of critical infrastructure.
We are also mobilising Europe's defence industry to sustain a war effort, ensuring continuous military support to Ukraine, and manufacture more of our security at home. The European Defence Fund (EDF) has been complemented by the European defence industry reinforcement through common procurement act (EDIRPA), and by the Act in Support of Ammunition Production (ASAP). ASAP will provide €500 million to support 31 investment projects with the objective of ramping-up ammunition production in the EU to two million per year by the end of 2025. The selected projects cover five areas: explosives, powder, shells, missiles, and testing and reconditioning certification They are expected to leverage additional industry investment to reach a total of about €1.4 billion.
€500 millionprovided by ASAP, to support 31 investment projects with the objective of ramping-up ammunition production in the EU to two million per year by the end of 2025. The selected projects cover five areas: explosives, powder, shells, missiles, and testing and reconditioning certification They are expected to leverage additional industry investment to reach a total of about €1.4 billion.
€310 millionprovided through EDIRPA to incentivise Member States to jointly procure urgently needed defence products, while improving interoperability among Member States, and facilitating the integration of a European defence market. The first calls for proposals were launched in March 2024.
1 million roundsof ammunition per year. Thanks to these initiatives; this figure keeps rising and marks a massive step forward for our defence capabilities.
Moreover, EDIS and EDIP, presented in March 2024, will build on the experiences of EDIRPA and ASAP to provide a longer-term response to the challenges of our defence industry. With the logic of investing more, better, together, and European, we will reduce fragmentation and increase interoperability of our defence equipment. EDIS and EDIP will promote joint procurement between Member States, support the launch of European Defence Projects of Common Interest, help SMEs and small midcaps in the defence sector, and overall give a boost to the European defence strategy. Additionally, EDIS and EDIP grant Ukraine a very similar treatment to the one accorded to Member States.
With the 2.0 Action Plan on Military Mobility, we are ensuring that European armed forces can respond better, more rapidly and at sufficient scale to crises erupting at the EU's external borders.
This Commission and the High Representative laid out a European Space Strategy for Security and Defence that will help protect our space assets, deter hostile activities in space and strengthen its strategic posture and autonomy. Furthermore, we have started the development of IRIS2, a new space-based connectivity system that will be a pillar for a safer and more resilient Europe. Once in operation, the system will be able to support border protection, crisis management, and the protection of critical infrastructure.
We also revised EU Maritime Security Strategy, that protects our interests at sea, where 80% of global trade transits; and we developed a new outlook on the climate and security nexus, which proposes measures to factor in the reality of climate change into Member States’ civilian and military planning, capabilities and infrastructure.