Europe Takes the Lead in Global Cybersecurity While Trump Weakens US Federal Efforts

New executive order from Trump cancels key cybersecurity initiatives from the Biden era, while the approach to cybersecurity on the other side of the Atlantic is markedly different – Europe is accelerating its digital security program.

On June 6, 2025, President Trump personally signed an executive order that canceled fundamental cybersecurity initiatives – from mandatory software security attestations for federal contractors, through AI-powered cyber defense research priorities, to accelerated planning for the transition to post-quantum cryptography. "These are problematic and distracting issues where the White House focuses on checklists instead of real security investments," the White House said about these initiatives.

The policy difference leads to a regulatory difference with serious consequences. Federal contractors in the US may feel less bureaucracy, but those operating in European markets will face a tightening EU environment. The EU's holistic approach includes the NIS2 directive, which sets cybersecurity requirements for all 27 member states, and the EU Cybersecurity Strategy for the Digital Decade, which focuses on technological sovereignty and the implementation of quantum-resistant encryption.

Where Europe Leads the World in Cybersecurity 

The EU's cybersecurity framework emphasizes the importance of digital technologies and global connectivity as foundations of growth and competitiveness. However, the more connected and digital society becomes, the more vulnerable it is to disruptions and cyber attacks. Hybrid threats and cyber attacks can have a direct impact on security, economy, and society within the EU. Member states bear primary responsibility for handling cyber incidents and crises, but large-scale events can cause disruptions that exceed their operational capabilities or affect more than one member state.

The EU Crisis Management Plan for Cybersecurity specifies when crisis frameworks are triggered, as well as the role of relevant European networks, actors, and mechanisms (for example, ENISA – the EU Agency for Cybersecurity, or EU-CyCLONe – the European Cyber Crisis Liaison Organisation Network) in crisis coordination and the EU's contribution to crisis response as part of EU tools under the 2018 Coordinated Plan on the development and use of AI. The framework clearly establishes the need to coordinate public communication before, during, and after crisis incidents and recognizes the importance of civil-military cooperation in the context of cyber crisis management, for example through cooperation with NATO and maximized information sharing.

Market Implications and Post-Quantum Leadership 

Most importantly, while the US is canceling its quantum-resistant encryption procurement requirements, European companies are already using these technologies. Global organizations today must address this regulatory complexity with advanced strategies and often duplicate security investments. The cancellation of federal AI security research priorities in the US may lead to a return of talent and investment to European projects, which could strengthen European innovation in key areas of cybersecurity.

European enterprises remain under regulatory pressure in the area of post-quantum technologies and may gain a significant first-mover advantage in this key security area. This experience includes practical implementation of cryptographic migrations that American institutions potentially lack, giving them a competitive advantage in global markets.

Context and Future Outlook 

The threat environment and legal framework of the EU for cybersecurity have evolved dramatically since 2017 through multiple cybersecurity management tools, such as the NIS2 directive and the Cyber Solidarity Act. The 2017 plan needed to be updated accordingly. Discussion of the European cybersecurity plan gained momentum during the Polish presidency, with the Polish Prime Minister leading a very successful informal TTE Council meeting on March 4-5 in Warsaw on cybersecurity.

The policy difference between the US and Europe may change the nature of global leadership in cybersecurity, with European standards potentially defining the worldwide standard for multinational enterprises. As the US federal government moves away from prescriptive cybersecurity requirements, the EU's continued expansion in security frameworks makes the Union the standard bearer for responsible cybersecurity practices.

Accessed: 12. 6. 2025