10 Jul 2026
by Theo Maiziere

EU Commission publishes Action Plan on Cybersecurity and Artificial Intelligence

On 7 July 2026, the EU Commission presented its Action Plan on Cybersecurity and Artificial Intelligence, setting out how the EU intends to manage the risks and harness the opportunities of advanced AI for cybersecurity. The plan builds on the EU's existing legal framework (including the AI Act, the Cyber Resilience Act, the NIS2 Directive, DORA and the Cyber Solidarity Act) and sets out a coordinated approach to bring together Member States, industry and EU-level bodies around three objectives:  

  • Promoting the safe and responsible use of advanced AI  
  • Reinforcing the EU’s cybersecurity and resilience  
  • Scaling up the EU’s AI capabilities for cybersecurity 

Contents of the Action Plan 

Promoting the safe and responsible use of advanced AI  

Under the AI Act, advanced AI models must be evaluated, and mitigation measures assessed, before the models are placed on the EU market. To support this, the EU Commission will aim to launch a dedicated call to establish an EU evaluation capacity covering cybersecurity, expected to be operational in 2027. This new capacity would contribute to the regulatory function of the EU AI Office by strengthening third-party assessment of AI capabilities and risks. 

The Commission also aims to work with the EU's cybersecurity agency (ENISA) to define a European Blueprint for structured access to advanced AI capabilities for cybersecurity purposes. This guidance is intended to help European public and private organisations gain access to the most advanced AI models. Additionally, ENISA and the Commission's Joint Research Centre will seek to create a secure platform to test AI for cybersecurity, including through simulated environments. Expected by the end of 2026, the platform would help organisations in critical sectors such as energy, transport, health, finance and public administration to safely test and deploy AI solutions. 

Reinforcing the EU’s cybersecurity and resilience  

The second part of the plan focuses on implementation rather than new rules. The Commission's stated priority is to help organisations identify and fix critical vulnerabilities faster. To do so, the EU Commission pushes for the full and effective implementation of existing EU cybersecurity legislation, namely the NIS2 Directive, DORA and the Cyber Resilience Act (which will be applicable by the end of 2027). It is worthwhile to note that the EU Commission has been particularly vocal on the urgency of NIS2 transposition across EU Member States. The plan also encourages organisations to use AI, including open-source models where appropriate, to detect and address vulnerabilities more quickly and to improve their ability to prevent and respond to cyberattacks 

Scaling up the EU’s AI capabilities for cybersecurity 

To stimulate the European Market, the EU Commission will launch an “EU Grand Challenge” on AI for cybersecurity. The competition aims to bring together companies, researchers and other organisations to develop innovative AI-powered cybersecurity solutions. The EU Commission, in its communication, also notes that the upcoming European Tech equity capacity, announced in the Tech Sovereignty Package, could help crowd in private investment to scale up homegrown AI capabilities.  

What does this mean for UK industry?  

While the EU Commission insists on a strong sovereignty framing for its plan, which could indicate potential sidelining of non-EU industries in certain parts of its implementation(and the opportunities that might arise from it), it remains understanding of the need to work with like-minded partners. Indeed, the final part of the Commission’s plan recognise this cybersecurity issue is a “shared challenge and international cooperation is essential”. The plan specifically highlights the need to engage and cooperate the G7, NATO, and the Network of Advanced AI Measurement, Evaluation and Science, coordinated by the UK AISI.  

There are therefore encouraging signs that UK cybersecurity sector could be involved in the opportunities that arise from the plan and could therefore contribute to strengthening security and promoting interoperability of solutions between like-minded partners.  

Next steps  

The EU Commission will now begin to roll out the actions announced in the plan, with the secure AI testing platform expected by the end of 2026 and the EU evaluation capacity due to be operational in 2027. We will continue to monitor these developments and their implications for members.  

techUK will be organising a cyber focused delegation to Brussels in September. Registered members will be provided with the opportunity to directly ask relevant EU stakeholders questions on the EU’s cyber security plans.  

If you are not a techUK member, you can still register for the delegation by first expressing your interest to [email protected] before 15 August.

techUK International Policy and Trade Programme activities

techUK supports members with their international trade plans and aspirations. We help members to understand market opportunities, tackle market access barriers, and build partnerships in their target market. Visit the programme page here.

 

 

Upcoming events

Latest news and insights 

Learn more and get involved

 

International Policy and Trade updates

Sign-up to get the latest updates and opportunities from our International Policy and Trade programme.

 

Here are the five reasons to join the International Policy and Trade Programme

Download

Join techUK groups

techUK members can get involved in our work by joining our groups, and stay up to date with the latest meetings and opportunities in the programme.

Learn more

Become a techUK member

Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.

Learn more

 

Meet the team 

Sabina Ciofu

Sabina Ciofu

International Policy and Strategy Lead, techUK

Daniel Clarke

Daniel Clarke

Senior Policy Manager for International Policy and Trade, techUK

Theophile Maiziere

Theophile Maiziere

Policy Manager - EU, techUK

Archie Breare

Archie Breare

Policy Manager - Trade, techUK

 

Authors

Theo Maiziere

Theo Maiziere

Policy Manager - EU, techUK

Theo joined techUK in 2024 as EU Policy Manager. Based in Brussels, he works on our EU policy and engagement.

Theo is an experienced policy adviser who has helped connect EU and non-EU decision makers.

Prior to techUK, Theo worked at the EU delegation to Australia, the Israeli trade mission to the EU, and the City of London Corporation’s Brussels office. In his role, Theo ensures that techUK members are well-informed about EU policy, its origins, and its implications, while also facilitating valuable input to Brussels-based decision-makers.

Theo holds and LLM in International and European law, and an MA in European Studies, both from the University of Amsterdam. 

Read lessmore