The European Cybersecurity challenges: the Warsaw Call

On 4-5 March 2025, Warsaw hosted a meeting of EU ministers responsible for cybersecurity – the first ever entirely dedicated to the European Union’s cybersecurity.

The Executive Vice-President for Technological Sovereignty, Security, and Democracy of the European Commission, along with the Executive Directors of ENISA (the EU Agency for Cybersecurity) and the ECCC (the European Cybersecurity Competence Centre) also participated.

The meeting culminated in the unanimous adoption of the Warsaw Call, addressing key cybersecurity challenges: the implementation of the commitments outlined in the document will be essential for the future digital resilience of the EU to tackle cyber threats and enhance common cybersecurity and cyber defence against malicious behaviour and acts of aggression in cyberspace.

Adoption of the Warsaw Call

The Warsaw Call serves as a key reference point for the EU’s future efforts to protect the digital space, enhance resilience amid growing geopolitical challenges and increase the cooperation in cybersecurity.

The document sets out thirteen recommendations and outlines six key areas that should guide the EU’s cybersecurity efforts.

The EU key areas on cybersecurity efforts

1. strengthening crisis management by swiftly adopting the Cybersecurity Blueprint, conducting test exercises, and enhancing coordination to protect submarine cable infrastructure
2. enhancing civil-military cooperation in cybersecurity, including EU-NATO collaboration, and improving information sharing between member states
3. developing a roadmap for emerging technologies, boosting EU expertise in strategic cybersecurity forecasting, and harmonising efforts to increase cybersecurity investments
4. reinforcing the horizontal impact of the NIS 2 Directive, focusing on harmonised, innovation-friendly implementation, simplifications, reduced regulatory burdens, and strengthening EU-wide cybersecurity risk assessments
5. addressing the shortage of cybersecurity specialists across the EU
6. cyber diplomacy – strategically deploying all available tools within the EU Cyber Diplomacy Toolbox

The recommendations

1. call for a timely adoption of the EU Cybersecurity Blueprint, a necessary tool to address the current challenges and complex cyber threat landscape, strengthen existing networks, enhance cooperation, and break silos between organisations, utilising to this end first and foremost existing structures
2. highlight the need to further enhance cooperation and information exchange on cybersecurity between Member States and the EU entities through existing structures
3. recall the need to enhance the civilian-military cooperation in the cyber domain, in particular covering strategic areas such as situational awareness and crisis management, including EU-NATO cooperation, while fully respecting the principles of inclusiveness, reciprocity, and the decision-making autonomy of both organisations
4. call for the continuation and further development of cybersecurity risk assessments, including risk scenarios at the EU level for all essential sectors
5. underline the need for the sustained and strategic use of the full spectrum of measures within the Cyber Diplomacy Toolbox, in order to prevent, deter and respond to malicious cyber activities from state and non-state actors
6. reiterate that the NIS 2 Directive should be the main horizontal legislation on cybersecurity and strongly caution against fragmentation, duplication or overlap of cybersecurity legislation across the EU by sector-specific initiatives or lex specialis
7. stress the need to focus on the harmonised and innovation friendly implementation of cybersecurity legislation and to find ways for simplification and burden reduction
8. underline the need to engage in a regular dialogue and strengthen the EU’s cyber foresight expertise in order to better anticipate and be prepared for future cyber threats
9. stress the need for a roadmap on new technologies impacting cybersecurity that would address opportunities and risks
10. emphasise the importance of further harmonising actions towards investments in cybersecurity, and of supporting the mission of the ECCC to create a strong and competitive European ecosystem of cybersecurity companies. Underline the benefit of creating synergies between defence and civilian investments and between the research, investment and business sectors in cybersecurity to achieve the greatest benefits
11. call for increased efforts to combat the shortage of cybersecurity professionals in the EU
12. recognise ENISA’s key supportive role for improving the level of cybersecurity in the EU and the Member States and the need for a strengthened, clearly-defined and focused ENISA’s future mandate
13. encourage stronger and more concerted efforts to enforce the protection of the submarine cable infrastructure against threats, both physical and cyber, with due respect to Member States’ exclusive competences in particular on national security

Revision of the Cybersecurity Blueprint

In addition to adopting the Warsaw Call, ministers discussed the need to update the Cybersecurity Blueprint, which sets out procedures for coordinated responses to large-scale cybersecurity incidents and crises.

During the meeting, ministers deliberated on improving coordination and information-sharing among member states under the NIS2 Directive.

The new Blueprint will provide clear answers to the questions: “Who?”, “What?”, and “When?” in the event of a large-scale cybersecurity incident.

Civil-military cooperation

Ministers also highlighted the growing importance of civil-military cooperation in response to emerging cybersecurity threats. Amid rising geopolitical tensions, cyberspace has become a key arena of international competition.

The boundaries between civilian and military operations are increasingly blurred, and effective protection against cyberattacks requires stronger information-sharing between government institutions, the military, and the private sector.

Ministers agreed that future efforts should focus on strengthening cooperation with NATO and EU cybersecurity agencies.

Investments in cybersecurity

According to data from ENISA, around 62% of public institutions in the EU will need to increase their cybersecurity spending due to the implementation of the NIS2 Directive.

Ministers agreed on the need to develop a common financing policy and to identify priority investment areas, such as the protection of critical infrastructure and the development of national cybersecurity incident response centres.

Studio dal Pozzo, law firm based in Milan, provides assistance to private individuals, organizations and businesses.