The Council today adopted conclusions which set priorities and guidelines for EU cooperation in the field of countering hybrid threats and enhancing resilience to these threats, building on the progress made in recent years.
Hybrid threats refer to a wide range of methods or activities used by hostile state or non-state actors in a coordinated manner in order to target the vulnerabilities of democratic states and institutions, while remaining below the threshold of formally declared warfare. Some examples include cyber attacks, election interference and disinformation campaigns, including on social media.
The conclusions call for a comprehensive approach to security to counter hybrid threats, working across all relevant policy sectors in a more strategic, coordinated and coherent way. They are part of the implementation of the EU's Strategic Agenda for 2019-2024 which calls for a comprehensive approach with more cooperation, more coordination, more resources and more technological capacities in order to address this challenge.
We are very pleased with the strong commitment of the member states to continue efforts to counter hybrid threats and enhance resilience. Such measures are vital for building comprehensive security for our citizens. Although the primary responsibility in this field lies with the member states, we face common threats. Building awareness and coordinating our efforts across policy areas is essential.
Tytti Tuppurainen, Minister for European affairs of Finland
In its conclusions, the Council underlines the need to continue developing cooperation with international organisations and partner countries on enhancing resilience and countering hybrid threats, in particular EU-NATO cooperation and cooperation with countries in the EU's neighbourhood.
In order to ensure the coherence of this work, the conclusions call for enhancing resilience against hybrid threats across different policy areas, for instance when developing and using new and emerging technologies, including artificial intelligence and data-gathering techniques, and when assessing the impact of foreign direct investment or future legislative proposals. The Council also stresses the importance of continuously improving the cooperation between national authorities, as well as EU institutions, bodies and agencies, across the internal-external security nexus.
A key priority is protecting national and European critical infrastructure as well as functions and services which are critical to the proper functioning of the state, the economy and society. The Council stresses that this work needs to take into account, among other things, the strong interdependencies between different critical functions and services, including financial services, and the key role of the private sector. To enhance the protection of critical infrastructure with cross-border importance in the EU, the Commission is invited to consult with member states on a possible proposal for a revision of Directive 2008/114/EC for the identification and designation of European critical infrastructure early in the new legislative cycle.
As regards countering disinformation, the Council recalls the importance of the continued implementation of the Action Plan Against Disinformation. It underlines the need for sufficient resources for the three Stratcom Task Forces (East, Western Balkans, South) of the European External Action Service and invites the EEAS to assess the needs and possibilities for reinforcing its strategic communication work in other geographical areas, such as sub-Saharan Africa. The Commission and the EEAS are also urged to further develop, together with the member states, the Rapid Alert System towards a comprehensive platform for cooperation, coordination and information exchange for member states and EU institutions. As regards social media platforms, the Commission is invited to consider ways to further enhance the implementation of the Code of Practice on Disinformation, including possible enforcement mechanisms.
To enhance the security of EU information and communication networks and decision-making processes, the EU institutions, bodies and agencies are invited to develop and implement a comprehensive set of measures for countering hybrid threats and other malicious activities.
The conclusions also recall that efforts to counter hybrid threats must always respect fundamental rights, including the protection of personal data, freedom of expression and information and freedom of association, as enshrined in the Charter of Fundamental Rights.