The EU is above all a community of law based on the largest single market in the world. Its competence to act in cybersecurity derives from the Treaty on European Union (TEU) as well as from the Treaty on the Functioning of the European Union (TFEU) and from the internal market principles ("cybersecurity through regulation"). Formally, it only has a coordinating function in cybersecurity. In fact, however, the EU’s competencies encompass a number of key areas. Its objectives are to make European initiatives and those of its member states more coherent and to increase the resilience of society against cyber risks. It pursues these tasks in a range of areas
- in the Single Market Policy;
- the Area of Freedom, Security and Justice;
- the Common Foreign and Security Policy (CFSP);
- and the Common Security and Defence Policy (CSDP).
Since 2013, the EU has also been developing a “cybersecurity taxonomy.“ In recent years, the changing global political environment has brought cyber diplomacy, and here the "Cyber Diplomacy Toolbox" and the “Cyber Defence Policy,” to the forefront. A new item on the agenda is currently a comprehensive "EU Cyber Posture.“