News
European Commission Unveils Plan to Use AI to Strengthen Cybersecurity

The European Commission has announced an action plan linking the AI Act and Cyber Resilience Act regulations, aimed at preparing the EU for attacks carried out and enhanced by advanced AI models. A new EU capability for assessing models on cybersecurity grounds is set to launch in 2027.
Contents
On July 7, the European Commission presented an action plan for cybersecurity and artificial intelligence, aiming to bring together existing EU legal frameworks, including the AI Act, the Cyber Resilience Act, and the NIS2 directive, into a coherent response to threats posed by advanced AI models.
Two sides of the same technology
The Commission stresses that advanced AI models are a double-edged sword in cybersecurity. On one hand, they can help detect vulnerabilities and automate system defenses; on the other, the same capabilities let attackers identify weaknesses, automate attacks, and scale up the speed and scope of incidents beyond what existing safeguards can handle.
Artificial intelligence is changing what cybersecurity means. We need to keep pace with that speed. The European Union has strong foundations. - Henna Virkkunen, Executive Vice-President of the European Commission for Technological Sovereignty
A new model assessment capability
A key element of the plan is building an EU capability to assess AI models before they reach the market, in line with AI Act requirements. The Commission has announced a call for proposals to create a dedicated capability for assessing models on cybersecurity grounds, set to become operational in 2027. This means that new, powerful models entering the EU market will undergo additional vetting for digital security risks before reaching companies and institutions.
The Commission also announced it will work with the European Union Agency for Cybersecurity (ENISA) to develop a European plan for secure access to advanced AI systems used in cybersecurity. The goal is to give companies and institutions clear guidance on using such tools without exposing themselves to additional risk.
Testing platform for critical sectors
The plan calls for launching a secure testing platform where organizations in the energy, transport, health, finance, and public administration sectors will be able to test and deploy AI solutions under controlled conditions. This responds to concerns that critical sectors are adopting AI tools faster than security procedures can keep up.
The document explicitly ties together five pieces of legislation in force or coming into force across the EU: the AI Act, the Cyber Resilience Act, the NIS2 directive, the DORA regulation covering the financial sector, and the Cyber Solidarity Act. The Commission wants these regulations to function as a coherent system rather than a set of independent requirements that companies must handle separately.
What this means for Poland
For Polish companies and institutions, the plan means in practice another layer of compliance requirements, but also a chance to access the EU testing platform and shared standards for model assessment. Sectors such as energy and public administration, which in Poland are only just beginning to roll out AI at scale, will be able to draw on ready-made security frameworks instead of building them from scratch. At the same time, the national regulator, the newly formed Komisja ds. Rozwoju i Bezpieczeństwa Sztucznej Inteligencji (Commission for the Development and Security of Artificial Intelligence), will need to align its work with the new EU plan.
The Commission's plan fits into the broader debate over European technological sovereignty, in which the EU is trying to reduce its dependence on American and Chinese AI model providers while building its own assessment and oversight capabilities. The coming months will show whether the model assessment capability promised for 2027 launches on schedule and whether it will meaningfully affect the pace at which new AI systems enter the EU market.
Sources: European Commission - Digital Strategy (digital-strategy.ec.europa.eu), European Commission (commission.europa.eu), Euronews (euronews.com)


