Skip to content

EU Action Plan for Cybersecurity and AI: Opportunities and Risks Regulated

In brief: The plan creates a coordinated strategy to develop AI-enabled cybersecurity solutions while implementing existing EU regulations such as the EU AI Act and the NIS2 Directive.

The European Commission has presented an action plan designed to promote the secure use of AI systems in cybersecurity while keeping sight of the new threats associated with them.

Artificial intelligence is fundamentally changing the cybersecurity landscape: AI systems can uncover vulnerabilities, prevent cyberattacks and better protect critical infrastructure. At the same time, they open up new opportunities for attackers to automate attacks, identify weaknesses and conduct cyberattacks at unprecedented speed and scale.

The action plan addresses this ambivalence through three priorities: promoting safe and responsible AI use, strengthening EU cybersecurity and resilience, and scaling European AI capabilities for cybersecurity. To ensure the safe application of advanced AI systems, the Commission will expand Europe’s capacity to assess AI models before they enter the market – in line with the EU AI Act. Together with the EU Agency for Cybersecurity (ENISA), a European blueprint for secure access to advanced AI systems and a secure testing platform are to be developed. This platform enables organisations in critical sectors – energy, transport, health, finance and public administration – to safely test and deploy AI solutions.

The plan commits Member States and enterprises to implement existing EU cybersecurity legislation, in particular the NIS2 Directive and the Cyber Resilience Act. Organisations are encouraged to use AI systems – including open-source models – to more rapidly identify and remediate vulnerabilities and to improve their capability to defend against and respond to cyberattacks.

To strengthen European technological independence, the Commission is launching an EU Grand Challenge for AI and Cybersecurity that brings together enterprises, research institutions and other actors. The EU will also invest in sovereign AI capabilities – building on initiatives such as AI Factories and future Gigafactories – and promote private investment to scale European AI technologies. The action plan complements the existing EU regulatory framework, which encompasses the EU AI Act, the Cyber Resilience Act, the NIS2 Directive, the Digital Operational Resilience Act (DORA) and the Cyber Solidarity Act.


Source: digital-strategy.ec.europa.eu · Published 7 July 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.

Share on: