The Externalisation of the EU’s Cybersecurity Regime: The Cyber Diplomacy Toolbox

Printer-friendly version

Table of Contents: I. Introduction. – II. Cybersecurity as internal market resilience. – III. Cybersecurity as an issue of internal security under the AFSJ. – IV. Mainstreaming cybersecurity into CFSP. – IV.1. The emergence of cyber cooperation under PESCO. – IV.2. Cyber Diplomacy Toolbox: between sanctions and a lawful response to cyber-attacks. – V. The externalisation of the EU’s cybersecurity and its limitations under the CFSP. – V.1.The attribution of responsibility for cyber-attacks. – V.2. Evidence collection as a limitation for the EU Cyber Diplomacy Toolbox. – VI. Concluding remarks.

Abstract: It is often claimed that there is a blurring line between external and internal security in the EU with both being increasingly intertwined. Apart from providing the state of affairs in EU cybersecurity law and policy, the argument of this contribution is that these internal-external links are also visible in a growing tendency towards the externalisation of the EU’s cybersecurity policy. Typical interior policy fields in that area that were tackled through the internal market and the Area of Freedom Security and Justice (AFSJ) legal bases, are now penetrating the field of action of the Common Foreign and Security Policy (CFSP). This tendency towards a growing externalisation of the EU cybersecurity will be demonstrated by analysing the emblematic EU’s Cyber Diplomacy Toolbox and its deterrence instrument: restrictive measures in response to cyber-attacks. Our analysis pinpoints a number of limitations for the EU’s common action under the CFSP, including problems of attribution and evidence collection. Our Article questions whether the CFSP is fit for the digital age and what repercussions cyber threats may have for the future of the EU CFSP and its Cyber Diplomacy Toolbox.

Keywords: Cyber Diplomacy Toolbox – CFSP – restrictive measures – PESCO – sanctions – cybersecurity.

European Papers, Vol. 7, 2021, No 1, pp. 413-438
2499-8249 - doi: 10.15166/2499-8249/570

* Researcher at the Chair of Law and Artificial Intelligence, University of Tuebingen,
** Professor of European Law, Faculty of Law, University of Groningen,


European Forum


Forum Européen


Forum europeo


Foro Europeo