European Internal Security Strategy
STRATEGY2025-04-01
EU Internal Security Threat Analyses: The Commission will produce and present regular threat analyses for EU internal security, drawing on SOCTA, TE-SAT, JCAR, and financial crime assessments, to inform agile and responsive security policy, feed into Security College discussions, and contribute to the all-hazards risk assessment under the Preparedness Union Strategy. [from 2025]
Commission Integrated Security Operations Centre (ISOC): The Commission will establish an Integrated Security Operations Centre to protect people, physical assets, and operations across all Commission sites, while revising its corporate security governance framework and boosting analytical capacity for identifying and mitigating hybrid threats. [from 2025]
Europol Mandate Overhaul: The Commission will present a legislative proposal to transform Europol into a fully operational police agency, expanding its mandate to cover sabotage, hybrid threats and information manipulation, strengthening its technological capacity, enhancing coordination with other agencies, and reinforcing oversight arrangements. [2026]
Eurojust Mandate Revision: The Commission will present a legislative proposal to strengthen Eurojust's mandate for more effective judicial cooperation, enhancing its analytical capacity and proactive support to national judiciaries, and deepening its complementarity and cooperation with Europol. [2026]
Frontex Reinforcement: The Commission will present a legislative proposal to reinforce Frontex's role and tasks, including tripling the European Border and Coast Guard to 30 000 over time, equipping it with advanced surveillance technology and intelligence capabilities, and strengthening its support for returns of third-country nationals posing security risks. [2026]
European Critical Communications System (EUCCS): A legislative proposal will establish a harmonised pan-European communications system linking Member States' next-generation critical communications networks, built on operational mobility, resilience and strategic autonomy, and extended via the IRIS² satellite system to ensure interoperability for first responders across borders. [2026]
Roadmap on Lawful and Effective Access to Data: The Commission will present a roadmap setting out legal and practical measures to ensure law enforcement authorities can access data lawfully and effectively, prioritising a review of EU data retention rules and a Technology Roadmap on encryption to identify solutions enabling lawful access while safeguarding cybersecurity and fundamental rights. [Roadmap H1 2025; encryption roadmap 2026]
Data Retention Rules Review: The Commission will prepare an impact assessment on updating EU data retention rules, with a view to rebalancing investigative access to digital evidence against fundamental rights safeguards in a manner consistent with Court of Justice jurisprudence. [2025]
High-Level Group on Operational Law Enforcement Cooperation: The Commission will create a high-level group to develop a shared strategic vision for cross-border operational law enforcement cooperation, addressing challenges faced by law enforcement officers conducting surveillance and urgent interventions across internal borders and in countering hybrid threats.
Security Research and Innovation Campus (JRC): The Commission will establish a Security Research and Innovation Campus at its Joint Research Centre to shorten the cycle from research to innovation and deployment, reducing development and validation costs for internal security solutions including AI-based tools for law enforcement. [2026]
EMPACT Architecture Strengthening: Working with Council Presidencies and Member States, the Commission will maximise the potential of the European Multidisciplinary Platform Against Criminal Threats for the 2026–2029 cycle, strengthening its focus on the most threatening criminal networks, cross-border intelligence, joint investigations, follow-the-money approaches, and anti-recruitment measures. [from 2025]
Interoperability Architecture and Prüm II Rollout: The Commission, Member States and eu-LISA will work towards swift deployment of the EU's large-scale information system interoperability architecture and the Prüm II automated data exchange system, enabling secure cross-border sharing of fingerprints, DNA, vehicle registration data, facial images, and police records. [from 2025]
Travel Information Framework Strengthening: The Commission will extend passenger data collection and transfer requirements to private flights, evaluate PNR processing rules, assess maritime travel information streamlining, and explore expanded use of Automatic Number Plate Recognition systems with SIS integration, to close the current gap in tracking criminal and terrorist movements across transport modes. [from 2025]
Schengen Information System (SIS) Enhancement: The SIS will be updated to enable Member States to enter alerts about third-country nationals involved in terrorism and serious crime based on data shared by third countries through Europol, strengthening external border checks and identity verification for individuals posing security threats. [2026]
Cybersecurity Act Revision: The Commission will revise the Cybersecurity Act to simplify the EU cybersecurity framework, modernise ENISA's mandate, improve the European Cybersecurity Certification Framework for timely scheme adoption, and address ICT supply chain security risks and strategic dependencies on high-risk providers. [2025]
Cloud and Telecom Cybersecurity Measures: The Commission will take action to encourage critical entities to choose cloud and telecom services offering appropriate cybersecurity levels, considering both technical and strategic risks, complementing the NIS2 Directive and Cyber Resilience Act obligations. [from 2025]
Strategic Planning for Coordinated Cybersecurity Risk Assessments: Building on existing sectoral assessments covering 5G, telecoms, electricity, renewable energy, and connected vehicles, the Commission and Member States will develop a joint strategic framework for coordinated cybersecurity risk assessments across critical sectors.
Post-Quantum Cryptography (PQC) Transition: The Commission is working with Member States to implement the 2024 PQC Roadmap, requiring critical entities to identify high-risk cases and achieve quantum-safe encryption by 2030 at the latest, while also developing the EuroQCI quantum communication infrastructure as part of IRIS² for secure data transmission and storage. [by 2030]
Counter-Drone Centre of Excellence: The Commission will develop a harmonised testing methodology for counter-drone systems, establish a dedicated counter-drone Centre of Excellence, and assess the need to harmonise Member States' laws and procedures on drone threats used for espionage and attacks. [from 2025]
Submarine Cable Integrated Surveillance Mechanism: The Commission will work with Member States to develop and deploy, on a voluntary basis, an integrated surveillance mechanism for submarine cables per sea basin, beginning with a Nordic/Baltic regional hub, to prevent, detect, respond to, and deter threats to undersea infrastructure. [from 2025]
EU Ports Strategy: Building on the EU Ports Alliance public-private partnership, the Commission will propose an EU Ports Strategy exploring ways to strengthen maritime security legislation, harmonise national practices, reinforce background checks at ports, and extend air cargo security protocols to the maritime transport chain. [2025]
Aviation Security Occurrence System: The Commission will work with Member States to amend implementing legislation in the field of aviation security to enable sharing of classified information on aviation security occurrences, and will consider regulatory measures to address new threats including air cargo incidents and reinforce aviation security standards (AVSEC). [from 2025]
Multi-Agency Transport and Supply Chain Security Alert Mechanism: The Commission will propose a multi-agency mechanism to guarantee secure and timely sharing of information needed to anticipate and counter threats to transport and supply chains, drawing on customs, law enforcement, border management, and intelligence sources. [from 2025]
Defence and Security Procurement Rules Revision: The Commission will revise EU procurement rules for defence and security to assess whether existing provisions adequately address law enforcement and critical entity resilience needs, including security-by-design requirements for detection equipment, biometric technologies, and drones. [2026]
CBRN Preparedness and Response Action Plan: The Commission will present a new CBRN Action Plan to boost preparedness and response capabilities against chemical, biological, radiological and nuclear threats, covering threat prioritisation, innovation funding for countermeasures, rescEU capacities, and stockpiling of medical countermeasures, complemented by the EU Strategy on Medical Countermeasures. [2026]
Renewed Legal Framework on Organised Crime: The Commission will propose modernised legislation replacing outdated rules to strengthen the criminal justice response to high-risk criminal networks, updating definitions, enforcement tools, and cross-border cooperation mechanisms. [2026]
EU Anti-Corruption Strategy: The Commission will present a dedicated EU Anti-Corruption Strategy to foster integrity and strengthen coordination among relevant authorities and stakeholders, complementing the pending Directive on combating corruption. [from 2025]
EU-Wide System to Track Organised Crime Profits and Terrorist Financing: The Commission will explore the feasibility of a new integrated EU-wide tracking system covering organised crime profits and terrorist financing, including intra-EU and SEPA transactions, crypto asset transfers, and online payments, to complement the EU-US TFTP Agreement and strengthen Financial Intelligence Unit information flows to law enforcement.
Drug Precursors Legal Framework Revision: The Commission will present a legislative proposal to revise the rules on drug precursors to close loopholes exploited by criminal networks in the manufacturing of illicit drugs. [2025]
Common Criminal Law Standards on Illicit Firearms Trafficking — The Commission will present a legislative proposal establishing common criminal law standards for illicit firearms trafficking, accompanied by a new EU Action Plan against firearms trafficking targeting the licit market, criminal supply chains, intelligence, and international cooperation with Ukraine and the Western Balkans. [legislation 2025; Action Plan 2026]
EU Drugs Strategy and Action Plan against Drug Trafficking: The Commission will propose a new EU Drugs Strategy covering the full drug policy cycle and present an Action Plan against drug trafficking to disrupt trafficking routes and business models, while expanding the EU Ports Alliance to cover smaller and inland ports. [Action Plan 2025]
EU Action Plan on Online Fraud: The Commission will present a dedicated Action Plan on Online Fraud to support prevention, more effective law enforcement action, and recovery of funds for victims of online financial crime. [from 2025]
DSA Guidelines on Protection of Minors: The Commission will adopt guidelines for online platform providers on ensuring a high level of privacy, safety and security for minors, covering age verification, risk management, and content moderation obligations under the Digital Services Act. [2026]
EU Privacy-Protective Age Verification Solution: The Commission will facilitate an interim EU age verification solution to protect minors online ahead of the full rollout of the EU Digital Identity Wallet by end of 2026. [2025]
Action Plan on Protection of Children against Crime: The Commission will present a comprehensive Action Plan covering online and offline dimensions of crimes against children, including child sexual abuse, grooming, cyberbullying, and radicalisation, building on the forthcoming EU Centre to prevent and combat child sexual abuse. [2027]
Action Plan against Cyberbullying: The Commission will present an EU Action Plan against cyberbullying to support victims, strengthen platform responsibilities, and coordinate Member State and stakeholder responses to online harassment. [2026]
EU Strategy on Combatting Trafficking in Human Beings (2026–2030): The Commission will present a renewed anti-trafficking strategy covering prevention, prosecution and victim support at EU and international levels, building on the recently updated legal framework. [2026]
EU Strategy on Victims' Rights: The Commission will present a new EU Strategy on Victims' Rights to reduce harm from crime and terrorism, strengthen support services, and build societal trust in justice systems, building on the existing Victims' Rights Directive. [2026]
EU Agenda on Preventing and Countering Terrorism and Violent Extremism: The Commission will adopt a new comprehensive counter-terrorism agenda setting out future EU action on radicalisation prevention, online terrorist content, financing, public space protection, and crisis response, complemented by a new Joint Action Plan with the Western Balkans. [2025]
EU Crisis Protocol Amendment: The Commission will amend the EU Crisis Protocol for a joint law enforcement and tech industry response to terrorist attacks, ensuring scalability and flexibility to address the growing online dimension of attacks in coordination with the EU Internet Forum. [2025]
Explosives Precursors Regulation Revision: The Commission will present a legislative proposal to revise the Regulation on the marketing and use of explosives precursors, extending coverage to high-risk chemicals used by terrorists, complementing parallel action on firearms. [2026]
EU Visa Policy Strategy: The Commission will present a dedicated Visa Policy Strategy to fully integrate security considerations into the EU's visa regime, including measures on misuse of visa-free arrangements and strengthening information-sharing requirements for third countries on individuals posing security threats. [from 2025]
Joint Operational Teams and Fusion Centres in Third Countries: The Commission, with the High Representative, will set up joint operational teams and fusion centres bringing together EU and local law enforcement experts in strategic third countries to support real-time information sharing and joint investigations. [from 2025]
Joint Inspections in Third Country Ports: The Commission, with the High Representative, will coordinate joint inspections in third country ports to help strengthen the security of logistics hubs abroad and disrupt illicit trafficking at source. [by 2027]
EU-Interpol International Agreement: The Commission will finalise negotiations on an EU-Interpol international cooperation agreement to ensure a more unified approach to global security threats and transnational crime. [from 2025]
Action items (4)
EU Critical Communication System (EUCCS)
Planned for Q3 2026.The Commission will propose legislation to interconnect Member States’ next-generation critical communications used by police, civil protection, emergency medical, border and security authorities. EUCCS will set harmonised requirements for operational mobility, strong resilience and strategic autonomy, enabling secure cross-border voice/data, priority services and roaming, including satellite back-up via IRIS². It will modernise national systems, ensure interoperability and encrypted communications, and support crisis coordination from terrorism to large-scale disasters. Governance will link with the Preparedness Union’s all-hazards approach and ERCC, with EU-funded pilots building capabilities using European providers.
Skills Academies
The EU will deploy a targeted network of Skills Academies anchored by a flagship AI Skills Academy and complemented by a Quantum Skills Academy, a Cybersecurity Skills Academy (with an Industry–Academia network and cyber-campuses), and Net-Zero Industry Academies. Academies will offer one-stop training, apprenticeships and fellowships, returnships for women, and competitions. Building on Large-Scale Partnerships, a rollout will serve strategic sectors: defence, automotive, grids, wind, food, AI, quantum, virtual worlds and semiconductors. Coordinated under the Union of Skills and linked to the Clean Industrial Deal, the EIT will equip 1 million learners by 2028, with gender and mobility targets across Europe.
Public Procurement Reform
Planned for Q2 2026.The Commission will overhaul the EU procurement framework to make public spending a strategic lever for competitiveness, security and innovation. The revision will enable sustainability, resilience and European-preference criteria in strategic sectors, while staying consistent with EU and international commitments. It will simplify and digitise procedures, embed once-only data reuse, curb overspecification, and promote innovation-friendly tools (e.g. outcome-based/R&D purchases, clearer IP clauses). Rules will be consolidated across legislation to ease use by all administrations and open tenders to startups and SMEs. Defence and security procurement will be modernised and cross-border aggregation strengthened to create lead markets and scale.
European Democracy Shield
Planned for Q4 2025.It will harden democratic resilience by combining early detection of foreign information manipulation, coordinated analysis and rapid response across the Union. A new European Centre for Democratic Resilience will pool national expertise and capacities as the hub for monitoring, attribution and joint action with partners. The Shield will leverage the EU’s FIMI toolbox and the Digital Services Act, expand media- and digital-literacy efforts, and strengthen crisis communication to counter disinformation systematically. It complements a forthcoming Media Resilience Programme supporting independent journalism, and is anchored in upgrades to EU internal-security governance. Work will also address harmful social-media design and youth well-being through expert advice on safeguards and enforcement.