The European Union and the United States held the 9^th EU-U.S. Cyber Dialogue in Brussels, Belgium, December 6-7, 2023. The European Union and the United States reaffirmed their continued commitment to an open, free, interoperable, secure, and reliable Internet, respecting human rights and fundamental freedoms. We are committed to advancing international security and stability in cyberspace and enhancing the ability of all states to reap the benefits that modern technologies provide.

Underlining the strong transatlantic partnership on cyber issues, the European Union and the United States exchanged views on the global cyber threat environment, marked by Russia’s aggression against Ukraine, and expressed concern about the increase of malicious cyber activities targeting supply chains, critical infrastructure, and intellectual property, as well as a rise in ransomware attacks against businesses and citizens. We strongly condemn these malicious activities and remain determined to strengthen cybersecurity, address cybercrime and ransomware attacks, enhance global cyber resilience, and promote responsible state behaviour in cyberspace.

Advancing International Security and Stability in Cyberspace

Fortifying our strong partnership, the Cyber Dialogue also included exchanges on international cyber policy discussions, including in the United Nations, regional organisations such as the Organization on Security and Co-operation in Europe and the ASEAN Regional Forum, and the G7 and G20.

Strengthening our ability to address malign behaviour in cyberspace, the Cyber Dialogue included exchanges on cyber defence, and identified further action to strengthen our cooperation to hold states accountable for and to prevent, deter, and respond to malicious cyber activities. In this context, the European Union and the United States seek broader cross-regional cooperation, including with states in Latin America, the Indo-Pacific, and Africa, to raise awareness and promote responsible state behaviour through diplomatic action and engagement.

We continue to be strongly committed to the UN framework of responsible state behaviour in cyberspace, grounded in the application of international law and norms of responsible state behaviour. We also continue to promote the establishment of the UN Cyber Programme of Action to advance and support states in its implementation.

Enhancing Cybersecurity and Resilience

To enhance cyber security and resilience to address these challenges, the European Union and the United States exchanged updates on several key priorities set out in the January 2023 Joint Statement by Department of Homeland Security Secretary Alejandro Mayorkas and EU Commissioner for Internal Market Thierry Breton. These priorities included the security of digital products and related cybersecurity standards, cyber resilience of critical infrastructure, impact and opportunities of emerging technologies, and cooperation between the respective cybersecurity agencies. The Cyber Dialogue also included sector-specific discussions on space cybersecurity and the cybersecurity of energy infrastructures.

During the Cyber Dialogue, the European Union Agency for Cybersecurity (ENISA) and the United States Cybersecurity and Infrastructure Security Agency (CISA) formalised a Working Arrangement covering themes such as cyber awareness and training, best practice exchange, and knowledge sharing for common situational awareness. 

The European Union and the United States took stock of joint efforts to improve the resilience of critical infrastructure as well as the security of hardware and software products, acknowledging the leading roles of the European Union and the United States in this field. Following the October 2023 U.S.-EU Summit, the European Union and the United States advanced discussions on a Joint CyberSafe Products Action Plan to work together on achieving mutual recognition of their respective government-backed cybersecurity labelling programs and regulations for Internet of Things (IoT) devices, namely the EU Cyber Resilience Act and the U.S. Cyber Trust Mark.

Furthermore, building on a firm commitment to reduce administrative burden for companies and organisations on both sides of the Atlantic, the European Union and the United States and explored possibilities to approximate, where possible, the cybersecurity incident reporting mechanisms.

The European Union and the United States also took stock of best practices in software security, with a focus on security-by-design, open-source security, and Software Bills of Materials, and outlined priorities to deepen cooperation in the coming year.

International Cyber Capacity Building as Priority

As a priority, the European Union and the United States reaffirmed their strong commitment to further enhance global cyber resilience and to implement cyber capacity building and solidarity activities supporting partners including Ukraine and Moldova, as well as in the Western Balkans, Africa, the Indo-Pacific, and Latin America. We are dedicated to further increase coherence between our global actions, and to work through platforms such as the U.S.-EU High Level Consultations on the Indo-Pacific, to further strengthen our cooperation with and within regions.

Cooperation on Emerging Technologies

The European Union and the United States also decided to further deepen their cooperation to address cybersecurity challenges related to emerging technologies, with specific focus on artificial intelligence (AI) and post-quantum cryptography. The cooperation between the European Union and the United States will seek to foster secure use of AI in critical infrastructure. Cyber Dialogue participants also discussed potential joint activities in the transition towards post-quantum cryptography, including standardisation.

Pilot EU-U.S. Cyber Fellowship

As a deliverable from the January 2023 Joint Statement by Department of Homeland Security Secretary Alejandro Mayorkas and EU Commissioner for Internal Market Thierry Breton, the Pilot EU-U.S. Cyber Fellowship was launched with representatives from the U.S. Department of Homeland Security and agencies meeting European and EU Member State officials working in cybersecurity.

The 9th Cyber Dialogue was co-chaired by Joanneke BALFOORT, Director for Security and Defence Policy, European External Action Service (EEAS); Lorena BOIX ALONSO, Director for Digital Society, Trust and Cybersecurity, Directorate General for Communications Networks, Content and Technology (DG CONNECT), European Commission; and Liesyl FRANZ, Deputy Assistant Secretary for International Cyberspace Security in the U.S. Department of State’s Bureau of Cyberspace and Digital Policy.

Industry representatives from the United States and European Union joined a dedicated session, discussing the key role of public private partnerships in keeping cyberspace secure.

The United States will host the next U.S.-EU Cyber Dialogue in Washington in 2024.

End text