ENISA International Strategy 2026 aligns global partnerships with EU cyber policy, higher cybersecurity standards - Industrial Cyber

Attacks and Vulnerabilities Critical infrastructure Industrial Cyber Attacks Malware, Phishing & Ransomware News Regulation, Standards and Compliance Threat Landscape ENISA International Strategy 2026 aligns global partnerships with EU cyber policy, higher cybersecurity standards February 10, 2026 The European Union Agency for Cybersecurity (ENISA) released a revised International Strategy, renewing its approach to engagement with international partners. The ENISA International Strategy 2026 sets out how the agency works with international partners to strengthen cybersecurity across the European Union. The update reinforces alignment with the EU’s international cybersecurity policies, promotes EU values, and supports the objective of achieving a higher common level of cybersecurity across Europe. The strategy defines ENISA’s approach to engaging with international partners, including non-EU countries and international organisations, with the primary aim of raising cybersecurity levels within the European Union. ENISA undertakes international engagement where such cooperation supports this mission. The ENISA International Strategy 2026 also specifies the agency’s focus areas and priorities for international engagement, based on guidance from its management board and informed by ENISA’s experience in international cooperation over recent years. This update of the International Strategy fine-tunes the previous approach and aligns it with ENISA’s current overall Strategy as well as its Stakeholder Strategy. Together, these two strategies serve as key guiding documents for the Agency, providing direction and coherence to ENISA’s efforts in fulfilling its mandate. The International Strategy should be seen as a complementary addition to the Stakeholder Strategy, as it addresses ENISA’s international partners. “International cooperation is essential in cybersecurity. It complements and strengthens the core tasks of ENISA, to achieve a high common level of cybersecurity across the Union,” Juhan Lepassaar, ENISA executive director, stated in a media statement. “Together with our Management Board, ENISA determines how we engage at international level to achieve our mission and mandate. ENISA stands fully prepared to cooperate on the global stage to support the EU Member States in doing so.”  International cooperation is based on long-term investments that materialise over time. The ENISA International Strategy 2026 dictates the focus and priorities for the agency’s international engagements.  The Management Board, the European Commission, and the European External Action Service (EEAS) support ENISA in maintaining the various levels of engagement with its international (cooperation) partners; intensifying engagement levels with targeted partners within the context of working arrangements; and selectively seeking contacts with new actors in close alignment with the Union. This is translated into annual priorities, which are re-evaluated and updated when deemed necessary and appropriate, according to the working modalities described above. The current priorities under an assisting or outreach approach are therefore divided into continuing focus and priority areas, and into new focus and priority areas.  ENISA’s previous International Strategy, adopted by its Management Board in November 2021, provided a framework and guidance structure that enabled the Agency to handle a gradually growing number of international requests and engagements. This empowered the Agency to invest its resources in activities of a higher-value and priority. Cooperation currently covers more tailored working arrangements with specific countries, including Ukraine and the U.S., with a focus on capacity building, the exchange of best practices, and information and knowledge sharing. It also includes support for the European Commission and the European External Action Service in the EU’s cyber dialogues with partners, such as Japan and the U.K. ENISA supports EU candidate countries in the Western Balkans region, with plans from 2026 to extend specific ENISA frameworks and tools. This includes the development of comparative cyber indexes, exercise methodologies, and the provision of targeted training. Cooperation further involves making the EU Cybersecurity Reserve, established under the 2025 EU Cyber Solidarity Act, operational for third countries associated with the Digital Europe Programme, such as Moldova. Additionally, ENISA contributes to the cybersecurity work of the G7 Cybersecurity Working Group by providing EU-level expertise where required and continues to explore deeper cooperation with like-minded partners. Given the rapidly evolving nature of the cybersecurity landscape and international environment, the agency must be able to respond in an agile and timely manner while being guided by key principles that will govern all its international actions.  The overarching principle is that ENISA engages at the international level to advance cybersecurity in the EU and advance the agency’s objectives as defined in the overall ENISA Strategy and acts within its legal mandate.  The ENISA International Strategy 2026 also laid down eight additional principles that guide the agency’s international engagement. First, ENISA focuses its international cooperation on actors with which the European Union has strategic relationships and that share the Union’s values. Second, ENISA refrains from engaging with international actors where contacts or cooperation would be incompatible with the Union’s interests or policy objectives. Third, the agency’s international cooperation activities are intended to add value to the partnerships of EU member states and the Union as a whole. Fourth, where cybersecurity cooperation between the Union and an international actor is explicitly set out in an agreement, ENISA primarily follows an outreach approach, while respecting the limits, provisions, and working modalities of that agreement. Fifth, where relevant, ENISA may pursue an outreach approach across all of its strategic objectives with partner countries within the European Economic Area. Sixth, ENISA proportionally evaluates the resources required for involvement in international activities, whether under an assisting or outreach approach, as an integral part of its single programming document process. Seventh, in line with Union law, ENISA’s values, and its operating principles, the agency engages with international actors within the scope of this strategy in a transparent, coordinated, open, and non-discriminatory manner. ENISA and its staff engage with stakeholders with integrity and respect, in accordance with good administrative practice and the ENISA Code of Conduct. Eighth, while maintaining its operational autonomy and independence within the remit of its mandate, ENISA may only endorse, co-sign, or attach its name to initiatives prepared by international external parties following prior consultation with the European Commission, alignment with the single programming document process, and consultation with the ENISA Executive Board. The revised ENISA International Strategy 2026 mentioned that the agency will report on a regular basis to the Management Board on its international activities and adhere to its strategic guidance, as set in this International Strategy. In its annual activity report, ENISA will outline the international activities it has pursued under the three different approaches. In particular, it will evaluate and provide an assessment of the added value of international activities under an assisting or outreach approach in pursuit of its strategic objectives. ENISA will continue its cooperation with Ukraine following the operationalisation of the working arrangement with its agency counterparts. In response to evolving cybersecurity needs, developments, and operational realities, the arrangement will be adjusted to meet its objectives in capacity building, the exchange of best practices, and the sharing of information and knowledge. The ENISA International Strategy 2026 mentioned that the agency intends to continue its cooperation with the U.S. following the operationalization of the working arrangement with its agency counterparts. As cybersecurity needs and threat dynamics evolve, the arrangement will be adapted to support ENISA’s objectives. The agency will maintain its support for the European Union’s cyber dialogues with non-EU countries and international organisations, including the United Kingdom and NATO. Such support is provided at the request of the European Commission and the European External Action Service, with the level of engagement determined by ENISA’s available resources and planning. ENISA will further continue to support the European Commission’s participation in the G7 Cybersecurity Working Group, providing EU-level cybersecurity expertise where required and in line with guidance from its Management Board. The ENISA International Strategy 2026 also laid down that the agency will support EU candidate countries in the Western Balkans region by enabling cybersecurity capacity-building activities from 2026 onwards, through a contribution agreement with the European Commission. In line with its principles and working modalities, and in consultation with the European Commission under the Cybersecurity Act and the European External Action Service, ENISA will seek to develop cooperation with like-minded international partners and other aligned global actors. Under the provisions of the European Cyber Solidarity Act, ENISA supports the European Commission in assessing requests from Digital Europe Programme-associated third countries for the activation of the EU Cybersecurity Reserve. ENISA has also been entrusted with administering and operating the Reserve as the contracting authority for all Reserve users, including DEP-associated third countries, where the relevant agreements are in place. The Executive Director shall take and impose effective measures and nominate roles and responsibilities that are necessary to implement this Strategy. ENISA will prepare a review of this Strategy whenever the Management Board reviews the overall ENISA Strategy or at the latest by the end of 2028.  Last December, ENISA invited industry stakeholders and other interested parties to provide feedback on its draft SBOM Landscape Analysis and the Technical Advisory for the Secure Use of Package Managers. The initiative focuses on strengthening cybersecurity across the EU market by reinforcing cybersecurity by design and cybersecurity by default. It reflects the region’s broader priority to secure digital products and protect end users, helping to safeguard the shared connected ecosystem. Anna Ribeiro Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT. Related Forescout 4D Platform segmentation to bridge IT and OT security gaps without agents, redesign, or vendor lock-in ODNI report: US critical infrastructure faces escalating cyber risks from China, Russia, Iran, and North Korea  CRI pilot reveals water utilities show strong interest in improving cybersecurity but face persistent gaps in execution Bitsight SPM launched to connect cyber risk with business outcomes as pressure to prove resilience grows Kai appoints Alfredo Hickman as CISO amid AI-driven security challenges Armis benchmark exposes systemic security gaps in AI-generated code across leading models Crisis lessons from OT incident response as cyber-physical attacks unfold within normal industrial operations Pathlock reports governance gaps widen attack surface in manufacturing as access controls lag digital transformation TÜV SÜD introduces OT-RaaS to strengthen OT security and compliance, manage evolving cyber threats NIST NCCoE publishes six final 5G cybersecurity guides to address critical infrastructure risks beyond network interfaces