EU Commission Unveils AI-and-Cybersecurity Action Plan With Pre-Market Model Testing

Brussels published an Action Plan on Cybersecurity and AI on July 7, 2026, promising an EU capacity to evaluate advanced models before release, a secure testing platform with ENISA, and a Grand Challenge to fund European AI-for-cyber solutions.

Key Takeaways

  • The European Commission published an Action Plan on Cybersecurity and AI on July 7, 2026, its first structured attempt to treat frontier AI models as dual-use cyber assets.
  • The plan creates an EU capacity for third-party pre-market evaluation of advanced AI models, backstopping the AI Office's role under the AI Act.
  • ENISA and the Joint Research Centre will build a secure testbed with simulated environments so critical-infrastructure operators in energy, transport, health, finance and public administration can trial AI defenses before live deployment, targeted to run before the end of 2026.
  • An EU Grand Challenge on AI for cybersecurity will fund European AI-for-cyber solutions using existing streams: Horizon Europe, the Digital Europe Programme and the European Cybersecurity Competence Centre; no new budget line was attached.
  • The plan layers on top of the AI Act, Cyber Resilience Act, NIS2 Directive and Cyber Solidarity Act, and ties into sovereign AI investments via AI Factories, Gigafactories and the Tech Sovereignty Package.

EU Commission Unveils AI-and-Cybersecurity Action Plan With Pre-Market Model Testing

The European Commission on Tuesday unveiled an Action Plan on Cybersecurity and Artificial Intelligence that promises pre-market evaluation of advanced AI models, a shared testing platform for critical infrastructure operators, and a Grand Challenge to fund European AI-for-cyber solutions — the bloc's first structured attempt to treat frontier models as dual-use cyber assets.

What the Plan Actually Does

Under the plan, the Commission will build an EU evaluation capacity that strengthens third-party assessment of AI capabilities and risks, backstopping the AI Office's regulatory role under the AI Act. It will also work with the EU Agency for Cybersecurity (ENISA) to write a European blueprint for structured access to advanced AI systems for cybersecurity teams in energy, transport, health, finance and public administration.

ENISA and the Commission's Joint Research Centre will jointly stand up a secure testbed — including simulated environments — so operators of essential services can trial AI defenses before deploying them on live networks. The Commission will also launch an EU Grand Challenge on AI for cybersecurity, aimed at pulling companies, researchers and public bodies into shared innovation projects.

Robotic hand touching a digital padlock representing cybersecurity and AI

Framing: AI as Both Weapon and Shield

"AI is transforming the meaning of cybersecurity. And we must keep pace," Executive Vice-President for Tech Sovereignty, Security and Democracy Henna Virkkunen said. The plan explicitly recognizes that advanced models can be misused to identify vulnerabilities, automate attacks and multiply the speed and scale of incidents — while also being the most promising defensive tool available to European critical-infrastructure operators.

Sovereignty and Scale

The plan explicitly ties EU cybersecurity ambitions to continued investment in sovereign AI via the AI Factories and future Gigafactories network, plus the European Tech equity capacity announced in the Tech Sovereignty Package. It layers on top of the AI Act, the Cyber Resilience Act, the NIS2 Directive and the Cyber Solidarity Act. Related themes appear in Ukraine's parallel move to on-premise AI and the broader wave of recent critical CVE activity that CISA and European agencies are tracking together.

What Comes Next

The Commission did not attach a firm budget line to the plan but pointed to existing funding streams — Horizon Europe, the Digital Europe Programme and the European Cybersecurity Competence Centre — as the immediate sources of Grand Challenge and testbed money. ENISA is expected to publish operational guidance within months, with a stated goal of a running secure testing platform before the end of 2026.

Reporting based on coverage from the European Commission press corner and Shaping Europe's Digital Future.

Category: Cyber Security

Tags: AI Cybersecurity artificial intelligence European Union AI Regulation AI Act

Related Articles

Frequently Asked Questions

What is the EU's new Action Plan on Cybersecurity and AI?

Unveiled by the European Commission on July 7, 2026, it promises pre-market evaluation of advanced AI models, a secure testing platform built with ENISA and the Joint Research Centre for critical-infrastructure operators, and a Grand Challenge to fund European AI-for-cyber solutions.

Who will be able to use the secure AI testing platform?

Operators of essential services in energy, transport, health, finance and public administration will be able to trial AI defenses in simulated environments before deploying them on live networks, with a stated goal of a running platform before the end of 2026.

How will the plan be funded?

The Commission attached no firm budget line, instead pointing to existing funding streams: Horizon Europe, the Digital Europe Programme and the European Cybersecurity Competence Centre.

How does the plan relate to existing EU regulation?

It layers on top of the AI Act, the Cyber Resilience Act, the NIS2 Directive and the Cyber Solidarity Act, with the new EU evaluation capacity strengthening third-party assessment that backstops the AI Office's regulatory role under the AI Act.