This Scientific Opinion responds to a request for scientific advice on cybersecurity in the EU in the context of the European Digital Single Market. The advice in this Scientific Opinion is based on analysis of publicly available scientific literature as well as extensive consultation with the scientific community.
The Advisors base their advice on relevant principles in the Charter of Fundamental Rights of the European Union and others which are particularly pertinent to cybersecurity policy including transparency, duty-of-care towards customers and shared responsibility. The advice takes the form of ten recommendations and a number of observations. The first few recommendations deal with technical matters such as cryptography, backdoors, vulnerabilities and the importance of a systems approach. Others deal with contextual identity, user choice and engaging citizens thereby giving the advice a strong citizen-centred character. The remainder deal with training professionals, industry, evidence collection and sharing, and cybersecurity governance, thus the advice also addresses economic and strategic issues.
The observations – issues pertinent to cybersecurity policy but on which there was no clear expert consensus - highlight the complex nature of cybersecurity from a scientific perspective, the delay between EU legislation conception and implementation and the corresponding lead-time and the rate of evolution of the threat landscape, as well as some other tensions.