Regulation (EU) 2025/37 reinforces the Union’s cybersecurity framework by defining MSS, establishing certification schemes, and enhancing cooperation for resilience against cyberattacks. To unify and strengthen the market, European cybersecurity certification schemes for MSS will be established, ensuring services like penetration testing and threat intelligence meet rigorous security objectives. Certification fosters trust and transparency, benefiting public and private sector entities when selecting MSS providers.

Cybersecurity incidents are unpredictable and of transnational nature, and include supply chain attacks, ransomware, and cyberespionage.

Regulation (EU) 2025/38 seeks to:

1. Enhance the Union’s detection and situational awareness of cyber threats.
2. Strengthen preparedness, response, and recovery capabilities for significant and large-scale cybersecurity incidents.
3. Foster cooperation among Member States, private sectors, academia, and civil society.

Collaboration with like-minded international partners, adhering to principles of democracy, human rights, and rule of law, is encouraged. The Cyber Solidarity Act aims to protect critical assets, support digital transformation, and enhance the EU’s overall cyber resilience.