Collective cyber situational awareness in EU. A political project of difficult legal realisation?

From 2020 onward, the European cybersecurity strategy has seen a major reformulation of its objectives given the changed international environment. The policy documents reveal an interest in the establishment of an increasingly integrated overall security system, in which the relevant institutions of the Union have a central role. Among the various aspects considered is the establishment of a “collective situational awareness” based on the exchange of security information between Member States and European authorities, as well as between the Union authorities themselves. The sharing of security information is certainly an expression of the capacity for cooperation among Member States in the “Area of Freedom, Security and Justice” of the European Union. The analysis proposed in this contribution aims to study the organisation and procedures of information exchange to counter cyber threats (cybersecurity information sharing) in light of recent legislative interventions in the field of cybersecurity. After analysing the evolution of European administrations, and the tools employed in cybersecurity information sharing practices, the investigation focuses on the dynamic profiles related to the treatment of personal data and sensitive and classified information contained in said information by the different actors involved in the sharing process (private entities, single points of contact, law enforcement agencies, European institutions). The conclusions aim to formulate some considerations on the current state of the art in cybersecurity information sharing practices.