This presentation by Paul Timmers and debate with James Morrison will investigate whether EU cybersecurity policy provides an effective response to the growing call for strengthening sovereignty. The debate on sovereignty is heating up across the world, nationally and certainly also in Europe. The recent State of the Union of President Juncker of the European Commission carried the headline “The Hour of European Sovereignty.” Sovereignty is threatened by a confluence of increasing international tensions, growing dependency on digital technologies, and mounting cyber-threats and cybercrime. State and non-state actors threaten the traditional system of states. As Lucas Kello says: there is a sovereignty gap.
In order to build and safeguard sovereignty and bridge that gap, states (or alliances like the EU) need to have the capacities and capabilities to decide and act upon essential aspects of their longer-term future in the economy, society and their institutions, i.e. have strategic autonomy. On the one hand, EU cybersecurity policy seems sufficiently comprehensive to deliver such strategic autonomy. It ranges from cyber-resilience, cyber-industrial policy, combatting cybercrime and fake news, to cyberdefence and norms and values in cyberspace. On the other hand, cyberpolicy in Europe has largely been developed at a time when the debate about sovereignty in a digitized world – cyber sovereignty – was not yet ‘Chefsache’. Nor is the debate settled about the meaning of sovereignty, in a cyberworld, but also in a changing Europe. Can EU cybersecurity policy then be politically forceful enough? Is EU the right level? Is the policy adequately resourced, timely, and internationally relevant?