Author: Matteo Luigi Rosada
Referee: Professor Marco Bacini
Committee: Cybersecrity Strategic Committee
Date: 18/05/2025
The ongoing war in Ukraine has profoundly reshaped the European Union’s approach to security and defense. The war has exposed gaps in the EU’s ability to act independently, pushing the Union to rethink its defense strategy. Given these circumstances, the Union has committed to significantly increasing its military and cybersecurity capabilities, recognizing that modern warfare is no longer confined to traditional battlefields but also extends into the digital domain.
The White Paper for European Defence Readiness 2030 outlines a vision for strengthening Europe’s military capabilities by ensuring that the European defense industry can operate at the required speed and scale to meet strategic demands and facilitating the deployment of military personnel and assets across the EU. The Paper lays out the groundwork for a true European Defence Union, where EU countries retain control over defense while benefiting from the collective advantages of EU membership. It proposes measures to strengthen the defense industry by addressing key gaps, ensuring readiness and encouraging member states to invest in defense.
Readiness 2030 seeks to enhance defense funding by offering EU countries increased financial flexibility. A key component of this plan is the launch of the 150 billion Security Action for Europe (SAFE) loan instrument, designed to support Member States in investing in crucial defense sectors such as missile defense, drones and cybersecurity. The plan also emphasizes the importance of investing in advanced technologies, such as artificial intelligence, to enhance the EU’s defense capabilities, recognizing the increasing relevance of cybersecurity in the context of modern day threats. Among the solutions outlined in the ReArm Europe Plan and the SAFE initiative, the extension of the European Public Prosecutor’s Office (EPPO) competence to matters of cybersecurity is not contemplated.
Cybersecurity is one of the most urgent and complex challenges today, as cybercrime continues to evolve in both scale and sophistication. While the EPPO does not have direct authority over cybersecurity, it could still play a key role in tackling digital crime. Thanks to its ability to coordinate cross-border investigations and its EU-wide structure, the European Public Prosecutor’s Office is well-positioned to address complex offenses that cross national borders and exploit weaknesses in the cyberspace.
The EPPO, established by Regulation (EU) No. 2017/1939, was designed to protect the European Union’s financial interests. However, its role could potentially expand to include a wider spectrum of digital crimes. Its relevance is particularly evident in relation to key legal frameworks such as the PIF Directive, which already provides mechanisms to tackle digital fraud, and the DORA Regulation, which enhances cybersecurity by strengthening the financial sector’s operational resilience. With targeted legislative reforms, the EPPO could play a crucial role in addressing cross-border cybercrime.
The increasing digitalization of society has made it essential to adopt highly specialized and complex regulations to safeguard critical infrastructures and sensitive data. The main European cybersecurity laws include the NIS Directive and its successor NIS 2, the General Data Protection Regulation (GDPR) and the Artificial Intelligence Act (AI Act). These frameworks are key instruments for strengthening Europe’s resilience against cyber threats. However their success depends on how well they are implemented in a coordinated way across different institutions, including the EPPO.
The coordination between the EPPO and other European agencies, such as Europol, ENISA and the Computer Emergency Response Team EU (CERT-EU) is another key issue. Working together is crucial, especially when dealing with complex cybercrimes that cross borders. Several real-world examples highlight the urgency of a coordinated approach between the EPPO and cybersecurity agencies. With its investigative reach and ability to connect Member States, the EPPO could play a vital role in identifying and prosecuting those behind cyber offenses that harm the EU and its citizens.
The future of cybersecurity in Europe will depend on the ability of institutions to anticipate threats and respond swiftly. With the right legal framework and expanded competences, the EPPO could play a crucial role in combating cybercrime. Its involvement in tackling financial offenses committed in the cyberspace presents a unique opportunity to enhance the EU’s economic and digital security. While Europe has made significant progress in building an integrated cybersecurity system, much remains to be done. With its innovative and cross-border approach, the EPPO could be a key player in addressing future digital challenges and ensuring greater security for both citizens and businesses. Looking ahead, as the European Union continues to implement major security initiatives (such as the Readiness 2030 plan) it should place greater emphasis on the role of the EPPO. Expanding its involvement in cybersecurity matters would not only reinforce the EU’s ability to combat cybercrime but also ensure a more integrated and strategic approach to security, protecting both its institutions and citizens in a rapidly advancing technological era.