The European Union’s Cybersecurity Industrial Policy
28 February 2019
Centre Visiting Research Fellow Paul Timmers' article on "The European Union’s Cybersecurity Industrial Policy" has been published in the Journal of Cyber Policy.
The European Union was founded as an economic cooperation of its member states. It has as a major objective to create a large internal market with free flow of people, goods, services and capital. Over its 60-year history, the EU’s mandate has expanded beyond economic matters and the internal market into areas such as justice and international affairs. In this paper, I discuss EU policy to address cybersecurity concerns, bolster the cybersecurity market, and assess the impact of these interventions. EU-level cybersecurity policymaking is challenging due to the wide diversity of interests of the EU countries and the limited EU mandate where matters of national security are concerned. The conclusion is that, nevertheless, it has been possible to establish clear EU policy in cybersecurity and even to a degree joint EU cybersecurity industrial policy. The EU approach, though sui generis, may also provide insights for wider international cooperation in cybersecurity.