The initiative is designed to help Member States, businesses and cybersecurity organisations better defend digital infrastructure while supporting the safe development of AI technologies.
The strategy focuses on improving access to advanced AI systems for trusted organisations, expanding Europe’s ability to assess AI risks, and accelerating the adoption of AI-powered cybersecurity tools.
It also seeks to reinforce cooperation between governments, industry and research organisations to improve resilience against emerging cyber threats.
By combining new testing capabilities, regulatory oversight and investment in European AI innovation, the Commission aims to ensure that advanced AI strengthens cybersecurity rather than becoming a tool for malicious actors.
The plan builds on existing EU legislation covering both artificial intelligence and cybersecurity.
Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy, explained: “AI is transforming the meaning of cybersecurity. And we must keep pace.
“The EU has strong foundations in place to adapt its response in the face of vulnerabilities that emerging tech brings with it. We must harness and focus existing capabilities, networks and the legal framework to fortify the cybersecurity protecting our digital landscape.”
AI brings new cybersecurity challenges
Rapid advances in AI are transforming how cyber threats emerge and evolve.
While the technology can improve cyber defence by detecting vulnerabilities and responding to attacks more quickly, it can also be exploited to automate malicious activity, identify software weaknesses and launch cyberattacks at a much greater scale and speed.
The Commission said effective protection depends on understanding both the benefits and risks of advanced AI systems.
Under the EU’s AI Act, developers of advanced AI models must evaluate potential risks and implement appropriate safeguards before their technologies are introduced to the European market.
To strengthen independent oversight, the Commission will launch a dedicated call to establish an EU evaluation capability focused on cybersecurity.
Scheduled to become operational in 2027, the facility will support the work of the AI Office by carrying out third-party assessments of advanced AI models and their associated risks.
Improving access to advanced AI models
A key element of the Action Plan is ensuring that trusted organisations can securely access the most advanced AI technologies.
Working alongside the EU Agency for Cybersecurity (ENISA), the Commission will develop a European blueprint outlining transparent and structured access to advanced AI capabilities.
The guidance is intended to help both public and private organisations make use of powerful AI systems while maintaining appropriate security controls.
The framework is expected to support organisations working in cybersecurity by providing clearer pathways for using advanced AI responsibly.
Secure testing environment for AI and cybersecurity
The Commission and ENISA will also establish a secure testing platform where AI technologies can be evaluated in controlled environments.
Developed in partnership with the Commission’s Joint Research Centre, the platform will use simulated scenarios to assess how AI systems perform in cybersecurity applications before deployment.
The testing capability will support organisations operating critical infrastructure, including those in finance, healthcare, energy, transport and public administration, helping them understand how AI can be safely integrated into their cybersecurity operations.
Strengthening cyber resilience with AI
Alongside new testing capabilities, the Action Plan encourages organisations to strengthen existing cybersecurity practices by adopting security-by-design principles, improving cyber hygiene and enhancing risk management.
The Commission also recommends making greater use of AI, including open-source models, to identify software vulnerabilities more quickly, accelerate security updates and improve cyberattack detection and response.
To support wider adoption, ENISA will facilitate partnerships between public authorities, businesses and open-source communities. The agency will also publish guidance, promote best practices and launch a campaign focused on securing critical open-source software.
Investing in Europe’s AI future
To encourage innovation, the Commission will launch the EU Grand Challenge on AI for cybersecurity, bringing together researchers, companies and public organisations to develop next-generation security solutions.
The Action Plan also highlights continued investment in European AI infrastructure, including AI Factories and future Gigafactories, alongside new funding mechanisms announced through the Tech Sovereignty Package.
Together, these initiatives aim to strengthen Europe’s homegrown AI capabilities while improving long-term resilience in AI and cybersecurity.