EU Cyber Solidarity Act (Regulation (EU) 2025/38)
Regulation (EU) 2025/38 (the Cyber Solidarity Act, CSA) builds Union-level cybersecurity solidarity and response capacity through three pillars. Pillar 1 - the European Cybersecurity Alert System - establishes a Union-wide network of National Cyber Hubs and Cross-Border Cyber Hubs (deployed SOC consortia) for early detection of significant cyber threats and incidents across critical sectors, with information sharing inside and across the network and into Union-level networks (CSIRTs network, EU-CyCLONe). Pillar 2 - the Cybersecurity Emergency Mechanism - supports coordinated preparedness testing of essential and important entities under NIS2, establishes the EU Cybersecurity Reserve of certified private incident-response services available to Member States, Union institutions and DEP-associated third countries, supports mutual assistance and is coordinated with Union crisis management mechanisms. Pillar 3 - the European Cybersecurity Incident Review Mechanism - mandates post-incident review of significant or large-scale cybersecurity incidents, run by ENISA at the request of the Commission, EU-CyCLONe or the NIS Cooperation Group, with lessons-learned reports.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (5)
CSA - Cybersecurity Emergency Mechanism (Ch III)
| Code | Title |
|---|---|
| CSA-Art.10_11 | Establishment of the Cybersecurity Emergency Mechanism and types of action (Articles 10-11) |
| CSA-Art.12_13 | Coordinated preparedness testing and other preparedness actions (Articles 12-13) |
| CSA-Art.14_15_16_17 | EU Cybersecurity Reserve and trusted providers (Articles 14-17) |
| CSA-Art.18 | Actions supporting mutual assistance (Article 18) |
| CSA-Art.19_20 | Support to DEP-associated third countries and coordination with Union crisis-management mechanisms (Articles 19-20) |
CSA - European Cybersecurity Alert System (Ch II)
| Code | Title |
|---|---|
| CSA-Art.3 | Establishment of the European Cybersecurity Alert System (Article 3) |
| CSA-Art.4 | National Cyber Hubs (Article 4) |
| CSA-Art.5 | Cross-Border Cyber Hubs (Article 5) |
| CSA-Art.6_7 | Information sharing within and between Cyber Hubs and Union-level networks (Articles 6-7) |
| CSA-Art.8 | Security of the Alert System (Article 8) |
| CSA-Art.9 | Funding of the European Cybersecurity Alert System (Article 9) |
CSA - European Cybersecurity Incident Review Mechanism (Ch IV)
| Code | Title |
|---|---|
| CSA-Art.21 | European Cybersecurity Incident Review Mechanism (Article 21) |
CSA - Final Provisions (Ch V)
| Code | Title |
|---|---|
| CSA-Art.22 | Amendments to Regulation (EU) 2021/694 (Article 22) |
| CSA-Art.23_24 | Exercise of the delegation and committee procedure (Articles 23-24) |
| CSA-Art.25 | Evaluation and review (Article 25) |
| CSA-Art.26 | Entry into force (Article 26) |
CSA - General Provisions (Ch I)
| Code | Title |
|---|---|
| CSA-Art.1 | Subject matter and objectives (Article 1) |
| CSA-Art.2 | Definitions (Article 2) |
Your Compliance Coverage
If you comply with EU Cyber Solidarity Act (Regulation (EU) 2025/38), you already cover:
Maps to 4 other frameworks
Frequently Asked Questions
What is EU Cyber Solidarity Act (Regulation (EU) 2025/38)?
EU Cyber Solidarity Act (Regulation (EU) 2025/38) is a compliance framework from European Union with 5 domains and 18 controls. Regulation (EU) 2025/38 (the Cyber Solidarity Act, CSA) builds Union-level cybersecurity solidarity and response capacity through three pillars. Pillar 1 - the European Cybersecurity Alert System - establishes a Union-wide network of National Cyber Hubs and Cross-Border Cyber Hubs (deployed SOC consortia) for early detection of significant cyber threats and incidents across critical sectors, with information sharing inside and across the network and into Union-level networks (CSIRTs network, EU-CyCLONe). Pillar 2 - the Cybersecurity Emergency Mechanism - supports coordinated preparedness testing of essential and important entities under NIS2, establishes the EU Cybersecurity Reserve of certified private incident-response services available to Member States, Union institutions and DEP-associated third countries, supports mutual assistance and is coordinated with Union crisis management mechanisms. Pillar 3 - the European Cybersecurity Incident Review Mechanism - mandates post-incident review of significant or large-scale cybersecurity incidents, run by ENISA at the request of the Commission, EU-CyCLONe or the NIS Cooperation Group, with lessons-learned reports. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does EU Cyber Solidarity Act (Regulation (EU) 2025/38) have?
EU Cyber Solidarity Act (Regulation (EU) 2025/38) has 18 controls organised across 5 domains. The largest domains are CSA - European Cybersecurity Alert System (Ch II) (6 controls), CSA - Cybersecurity Emergency Mechanism (Ch III) (5 controls), CSA - Final Provisions (Ch V) (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does EU Cyber Solidarity Act (Regulation (EU) 2025/38) map to?
EU Cyber Solidarity Act (Regulation (EU) 2025/38) maps to 4 other compliance frameworks. The top mapping partners are NIS2 Directive (33% coverage), EU Network Code on Cybersecurity for the Electricity Sector (17% coverage), DORA (6% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with EU Cyber Solidarity Act (Regulation (EU) 2025/38) compliance?
Start your EU Cyber Solidarity Act (Regulation (EU) 2025/38) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about EU Cyber Solidarity Act (Regulation (EU) 2025/38) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 18 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.
Get Started Free →Free forever — no credit card required