EU Commission publishes Action Plan on Cybersecurity and Artificial Intelligence
On 7 July 2026, the EU Commission presented its Action Plan on Cybersecurity and Artificial Intelligence, setting out how the EU intends to manage the risks and harness the opportunities of advanced AI for cybersecurity. The plan builds on the EU's existing legal framework (including the AI Act, the Cyber Resilience Act, the NIS2 Directive, DORA and the Cyber Solidarity Act) and sets out a coordinated approach to bring together Member States, industry and EU-level bodies around three objectives:
Promoting the safe and responsible use of advanced AI
Reinforcing the EU’s cybersecurity and resilience
Scaling up the EU’s AI capabilities for cybersecurity
Contents of the Action Plan
Promoting the safe and responsible use of advanced AI
Under the AI Act, advanced AI models must be evaluated, and mitigation measures assessed, before the models are placed on the EU market. To support this, the EU Commission will aim to launch a dedicated call to establish an EU evaluation capacity covering cybersecurity, expected to be operational in 2027. This new capacity would contribute to the regulatory function of the EU AI Office by strengthening third-party assessment of AI capabilities and risks.
The Commission also aims to work with the EU's cybersecurity agency (ENISA) to define a European Blueprint for structured access to advanced AI capabilities for cybersecurity purposes. This guidance is intended to help European public and private organisations gain access to the most advanced AI models. Additionally, ENISA and the Commission's Joint Research Centre will seek to create a secure platform to test AI for cybersecurity, including through simulated environments. Expected by the end of 2026, the platform would help organisations in critical sectors such as energy, transport, health, finance and public administration to safely test and deploy AI solutions.
Reinforcing the EU’s cybersecurity and resilience
The second part of the plan focuses on implementation rather than new rules. The Commission's stated priority is to help organisations identify and fix critical vulnerabilities faster. To do so, the EU Commission pushes for the full and effective implementation of existing EU cybersecurity legislation, namely the NIS2 Directive, DORA and the Cyber Resilience Act (which will be applicable by the end of 2027). It is worthwhile to note that the EU Commission has been particularly vocal on the urgency of NIS2 transposition across EU Member States. The plan also encourages organisations to use AI, including open-source models where appropriate, to detect and address vulnerabilities more quickly and to improve their ability to prevent and respond to cyberattacks
Scaling up the EU’s AI capabilities for cybersecurity
To stimulate the European Market, the EU Commission will launch an “EU Grand Challenge” on AI for cybersecurity. The competition aims to bring together companies, researchers and other organisations to develop innovative AI-powered cybersecurity solutions. The EU Commission, in its communication, also notes that the upcoming European Tech equity capacity, announced in the Tech Sovereignty Package, could help crowd in private investment to scale up homegrown AI capabilities.
What does this mean for UK industry?
While the EU Commission insists on a strong sovereignty framing for its plan, which could indicate potential sidelining of non-EU industries in certain parts of its implementation(and the opportunities that might arise from it), it remains understanding of the need to work with like-minded partners. Indeed, the final part of the Commission’s plan recognise this cybersecurity issue is a “shared challenge and international cooperation is essential”. The plan specifically highlights the need to engage and cooperate the G7, NATO, and the Network of Advanced AI Measurement, Evaluation and Science, coordinated by the UK AISI.
There are therefore encouraging signs that UK cybersecurity sector could be involved in the opportunities that arise from the plan and could therefore contribute to strengthening security and promoting interoperability of solutions between like-minded partners.
Next steps
The EU Commission will now begin to roll out the actions announced in the plan, with the secure AI testing platform expected by the end of 2026 and the EU evaluation capacity due to be operational in 2027. We will continue to monitor these developments and their implications for members.
techUK will be organising a cyber focused delegation to Brussels in September. Registered members will be provided with the opportunity to directly ask relevant EU stakeholders questions on the EU’s cyber security plans.
If you are not a techUK member, you can still register for the delegation by first expressing your interest to [email protected] before 15 August.
techUK International Policy and Trade Programme activities
techUK supports members with their international trade plans and aspirations. We help members to understand market opportunities, tackle market access barriers, and build partnerships in their target market. Visit the programme page here.
techUK Cyber Resilience Delegation to Brussels 2026
Join us from 8 – 9 September in Brussels to deepen your understanding of the EU cyber policy landscape, connect with key European decision-makers, and shape your organisation's strategy for engaging with EU institutions on cyber resilience.
Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.
Sabina Ciofu is International Policy and Strategy Lead at techUK, where she heads the International Policy and Trade Programme. Based in Brussels, she shapes global tech policy, digital trade, and regulatory cooperation across the EU, US, Canada, Asia-Pacific, and the Gulf region. She drives strategy, advocacy, and market opportunities for UK tech companies worldwide, ensuring their voice is heard in international policy debates.
With nearly a decade of previous experience as a Policy Advisor in the European Parliament, Sabina brings deep expertise in tech regulation, trade policy, and EU–US relations. Her work focuses on navigating and influencing the global digital economy to deliver real impact for members.
A passionate community-builder, Sabina co-founded Young Professionals in Digital Policy (800+ members) and now runs Old Professionals in Digital Policy (more experience, better wine, earlier nights). She is also the founder of the Gentlewomen’s Club, a network of 500+ women supporting each other with kindness.
She holds advisory roles with the UCL European Institute, Café Transatlantique (a network of women in transatlantic tech policy), and The Nine, Brussels’ first members-only club for women.
Recognised by ComputerWeekly as one of the most influential women in UK tech, Sabina is also a sought-after public speaker on tech, trade and diversity.
Sabina holds an MA in War Studies from King’s College London and a BA in Classics from the University of Cambridge.
Senior Policy Manager for International Policy and Trade, techUK
Daniel Clarke
Senior Policy Manager for International Policy and Trade, techUK
Dan joined techUK as a Policy Manager for International Policy and Trade in March 2023.
Before techUK, Dan worked for data and consulting company GlobalData as an analyst of tech and geopolitics. He has also worked in public affairs, political polling, and has written freelance for the New Statesman and Investment Monitor.
Dan has a degree in MSc International Public Policy from University College London, and a BA Geography degree from the University of Sussex.
Outside of work, Dan is a big fan of football, cooking, going to see live music, and reading about international affairs.
Theo joined techUK in 2024 as EU Policy Manager. Based in Brussels, he works on our EU policy and engagement.
Theo is an experienced policy adviser who has helped connect EU and non-EU decision makers.
Prior to techUK, Theo worked at the EU delegation to Australia, the Israeli trade mission to the EU, and the City of London Corporation’s Brussels office. In his role, Theo ensures that techUK members are well-informed about EU policy, its origins, and its implications, while also facilitating valuable input to Brussels-based decision-makers.
Theo holds and LLM in International and European law, and an MA in European Studies, both from the University of Amsterdam.
Archie Breare joined techUK in September 2022 as the Telecoms Programme intern, and moved into the Policy and Public Affairs team in February 2023.
Before starting at techUK, Archie was a student at the University of Cambridge, completing an undergraduate degree in History and a master's degree in Modern British History.
In his spare time, he likes to read, discuss current affairs, and to try and persuade himself to cycle more.
Theo joined techUK in 2024 as EU Policy Manager. Based in Brussels, he works on our EU policy and engagement.
Theo is an experienced policy adviser who has helped connect EU and non-EU decision makers.
Prior to techUK, Theo worked at the EU delegation to Australia, the Israeli trade mission to the EU, and the City of London Corporation’s Brussels office. In his role, Theo ensures that techUK members are well-informed about EU policy, its origins, and its implications, while also facilitating valuable input to Brussels-based decision-makers.
Theo holds and LLM in International and European law, and an MA in European Studies, both from the University of Amsterdam.