Home » News » European Commission sets up a Joint Cyber Unit to respond to large-scale cyber incidents

European Commission sets up a Joint Cyber Unit to respond to large-scale cyber incidents

The European Commission has announced the creation of a Joint Cyber Unit to ensure an EU coordinated response to large-scale cyber incidents and crises, as well as to offer assistance in recovering from these attacks.

Advanced and coordinated responses in the field of cybersecurity have become increasingly necessary, as cyberattacks grow in number, scale and consequences, impacting heavily our security.

The Joint Cyber Unit is a new platform that aims to strengthen cooperation among EU Institutions, Agencies, Bodies and the authorities in the Member States to prevent, deter and respond to cyberattacks.

The Joint Cyber Unit will act as a central coordination point between:

  • European Union Agency for Cybersecurity (ENISA)
  • Computer Emergency Response Team for the EU institutions, bodies and agencies (CERT-EU)
  • Europol’s European Cybercrime Centre (EC3)
  • National Computer Security IncidentResponse Teams (CSIRTs)
  • EU Cyber Crisis Liaison Organisation Network (CyCLONe)
  • European External Action Service (EEAS)
  • European Defence Agency (EDA), and others.

The following main activities will be carried out and supported by the Joint Cyber Unit:

  • Creating an inventory of operational and technical capabilities available in the EU;
  • Producing integrated EU cybersecurity situation reports, including information and intelligence about threats and incidents;
  • Delivering the EU Cybersecurity Incident and Crisis Response Plan, based on national plans proposed in the revised NIS Directive (NIS2);
  • Concluding memoranda of understanding for cooperation and mutual assistance;
  • Establishing and mobilising EU Cybersecurity Rapid Reaction Teams;
  • Sharing information and conclude operational cooperation agreements with private sector companies.

The Commission is proposing to build the Joint Cyber Unit through a gradual and transparent process in 4 steps, in co-ownership with the Member States and the different entities active in the field.
The aim is to ensure that the Joint Cyber Unit will move to the operational phase by 30 June 2022 and that it will be fully established one year later, by 30 June 2023.
ENISA will serve as secretariat for the preparatory phase.



In its third edition, Concordia Open Door (COD) continued the series of annual meetups for the European heterogenous cybersecurity community.

Future Events

Quick and efficient management of ongoing incidents are paramount factors to consider when designing a SOC. To this end, the SOCCRATES platform provides with a flexible approach based on customizable workflows and the integration of specific security tools. This webinar will demostrate how the SOCCRATES platform manages incidents notified from the security monitoring systems deployed in an infrastructure, from incident analysis to containment and supported by the orchestrator of several different tools.


In order to ensure that the SOCCRATES platform is fit for purpose, the project will carry out three pilots to validate the platform in realistic environments. This webinar will show results and experiences from the second pilot, in which the complete SOCCRATES platform was validated in realistic (on-site) environments at Vattenfall, mnemonic and Shadowserver.