Author: Maria Giulia Mariotti
Committee: Cybersecurity Strategic Committee
Date: 12/11/2025
Summary: 1.1 Introduction; 1.2 Cybersecurity Threats; 1.3 The role of EU in the protection of the cyberspace; 1.4 Cybersecurity as a common goal.
1.1 Introduction
On October, the 2025 annual Global Cybersecurity Forum (GCF) took place in Riyadh, Saudi Arabia, bringing together Global Leaders and decision-makers to discuss the complex matter of collaboration and priorities in the Cyberspace.
During the 2 days convention, different panelists shared their contribute to the subject, increasing awareness on how important cybersecurity is nowadays.
One of the panels faced the “Next Gen Cyber Resilience”, with the presence of Dr. Marcus Fowler, CEO of Dark Trace, a British company that provides cybersecurity, and Ultan Mulligan, Chief Services Officer of the European Telecommunications Standards Institute (ETSI).
1.2 Cybersecurity Threats: the role of cybersecurity companies
Dr Fowler[1] explained the current changing of cybersecurity strategies and the risk of weaponizing of emerging technologies such as AI. The world is becoming more and more unpredictable and unreliable, which is why defenders are committing to embrace AI more quickly and to understand which are the best possible applications and how it could be implemented in the most trustful way.
At the present time, there is a high level of security alerts that need to be faced daily.
The question is: “how can we improve the investigative process to make it faster and more efficient?”
Dr Fowler introduced the concept of a “cyber AI investigator” in his own company: the idea has been developed by “training” the AI system based on the expertise of the company’s real investigator and analyst.
The Cyber AI Analyst mirrors the human investigative process, autonomously investigates alerts, streamlines investigations and prioritizes incidents, reducing workload and alert fatigue.
The objective is to provide the investigator currently assigned to the case with a comprehensive report autonomously prepared by the artificial intelligence system for his review and use.
This process has been created to face the high demand of support requests that many companies ask to cybersecurity agencies. It also proves of how AI can be used in a way to genuinely enhance security.
1.3 The role of the EU in the protection of the cyberspace
Mulligan[2] talked about the significance boost of the Cyber Resilience subject in the European Union and remarked the upcoming profound changes that are meant to happen when the Cyber Resilience Act[3] approved by the European Union will become fully into force by December 2027.
This Regulation will apply to every connected or digital product placed on the European consumer market and aims to address critical security challenges by introducing essential requirements for such products — including rules governing the development of the software embedded in them.
The European Telecommunications Standards Institute (ETSI) has been tasked by the European Commission (along with other partners) to develop “harmonized standards” to make this Regulation effective, meaning that the Cyber Resilience Act sets the level of standards that companies have to respect to guarantee cybersecurity, while ETSI has the task to translate those standards in a way that the people can understand, in order to be sure of what to do and what to not do. The European Commission is reaching out to specific Institutes to do this important “translating” job because the effects of the Regulation need to be written by people who know the pragmatical consequences for the industry and how to explain it to the world.
1.4 Cybersecurity as a common goal
As we can see, both private companies and public Institutes are all cooperating to protect the cyberspace, together with the European Institutions, where an important role is also played by the European Public Prosecutor’s Office (EPPO).
The EPPO faces threats of different kinds but the cybersecurity ones are increasing nowadays and they severely impact the financial assets of the European Union.
As the last annual report shows, in 2024, the EPPO increased its security capabilities by creating a Security Unit that also includes “information security”, meaning that the EPPO is keeping up with the raise of cybersecurity alerts, developing a security strategy to protect itself and therefore the investigations pursued by the Office.
The European Public Prosecutor’s Office represents a flagship initiative in the fight against cross-border crime. However, limiting its jurisdiction to financial offences affecting the European Union’s financial interests must not be regarded as the final outcome. What is needed, therefore, is a European Prosecutor’s Office with competence over cybercrime.[4]
The growing centrality of digital infrastructure demands a coordinated, ambitious and future-oriented legal architecture. In this sense, extending the mandate of the EPPO to cyber-enabled offences would reaffirm the European Union’s commitment to defend the integrity of its digital environment and the rule of law in the online space.
[1] Dr. Marcus Fowler, CEO of Darktrace Federal and also serves as the Senior Vice President of Strategic Engagements and Threats at Darktrace.
[2] Ultan Mulligan, Chief Services Officer at ETSI (European Telecommunications Standards Institute), responsible for ETSI’s software and Open Source groups, testing and interoperability, preparation and publication of standards, and new tools and working methods.
[3] Cyber Resilience Act (CRA) https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R2847
[4] Professor Corrado Giustozzi discussed this topic during the Steppo’s 2025 Closing Conference. Resource Steppo E-book 2025: https://www.steppo-eulaw.com/wp-content/uploads/2025/10/Ebook-STEPPO-2025-upd.-28-Oct.pdf
References: Global Cybersecurity Forum, 2025 annual meeting held in Riyadh