Back to Frameworks

EU Cyber Solidarity Act (Regulation (EU) 2025/38)

European Union
v2025
5 domains
18 controls

Regulation (EU) 2025/38 (the Cyber Solidarity Act, CSA) builds Union-level cybersecurity solidarity and response capacity through three pillars. Pillar 1 - the European Cybersecurity Alert System - establishes a Union-wide network of National Cyber Hubs and Cross-Border Cyber Hubs (deployed SOC consortia) for early detection of significant cyber threats and incidents across critical sectors, with information sharing inside and across the network and into Union-level networks (CSIRTs network, EU-CyCLONe). Pillar 2 - the Cybersecurity Emergency Mechanism - supports coordinated preparedness testing of essential and important entities under NIS2, establishes the EU Cybersecurity Reserve of certified private incident-response services available to Member States, Union institutions and DEP-associated third countries, supports mutual assistance and is coordinated with Union crisis management mechanisms. Pillar 3 - the European Cybersecurity Incident Review Mechanism - mandates post-incident review of significant or large-scale cybersecurity incidents, run by ENISA at the request of the Commission, EU-CyCLONe or the NIS Cooperation Group, with lessons-learned reports.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (5)

CSA - Cybersecurity Emergency Mechanism (Ch III)

5 controls
Controls in the CSA - Cybersecurity Emergency Mechanism (Ch III) domain of EU Cyber Solidarity Act (Regulation (EU) 2025/38)5 controls
CodeTitle
CSA-Art.10_11Establishment of the Cybersecurity Emergency Mechanism and types of action (Articles 10-11)
CSA-Art.12_13Coordinated preparedness testing and other preparedness actions (Articles 12-13)
CSA-Art.14_15_16_17EU Cybersecurity Reserve and trusted providers (Articles 14-17)
CSA-Art.18Actions supporting mutual assistance (Article 18)
CSA-Art.19_20Support to DEP-associated third countries and coordination with Union crisis-management mechanisms (Articles 19-20)

CSA - European Cybersecurity Alert System (Ch II)

6 controls
Controls in the CSA - European Cybersecurity Alert System (Ch II) domain of EU Cyber Solidarity Act (Regulation (EU) 2025/38)6 controls
CodeTitle
CSA-Art.3Establishment of the European Cybersecurity Alert System (Article 3)
CSA-Art.4National Cyber Hubs (Article 4)
CSA-Art.5Cross-Border Cyber Hubs (Article 5)
CSA-Art.6_7Information sharing within and between Cyber Hubs and Union-level networks (Articles 6-7)
CSA-Art.8Security of the Alert System (Article 8)
CSA-Art.9Funding of the European Cybersecurity Alert System (Article 9)

CSA - European Cybersecurity Incident Review Mechanism (Ch IV)

1 controls
Controls in the CSA - European Cybersecurity Incident Review Mechanism (Ch IV) domain of EU Cyber Solidarity Act (Regulation (EU) 2025/38)1 controls
CodeTitle
CSA-Art.21European Cybersecurity Incident Review Mechanism (Article 21)

CSA - Final Provisions (Ch V)

4 controls
Controls in the CSA - Final Provisions (Ch V) domain of EU Cyber Solidarity Act (Regulation (EU) 2025/38)4 controls
CodeTitle
CSA-Art.22Amendments to Regulation (EU) 2021/694 (Article 22)
CSA-Art.23_24Exercise of the delegation and committee procedure (Articles 23-24)
CSA-Art.25Evaluation and review (Article 25)
CSA-Art.26Entry into force (Article 26)

CSA - General Provisions (Ch I)

2 controls
Controls in the CSA - General Provisions (Ch I) domain of EU Cyber Solidarity Act (Regulation (EU) 2025/38)2 controls
CodeTitle
CSA-Art.1Subject matter and objectives (Article 1)
CSA-Art.2Definitions (Article 2)

Maps to 4 other frameworks

18 total controls
NIS2 Directive
6 source controls mapped|2 target controls covered
33%
EU Network Code on Cybersecurity for the Electricity Sector
3 source controls mapped|2 target controls covered
17%
DORA
1 source controls mapped|2 target controls covered
6%
GDPR
1 source controls mapped|1 target controls covered
6%

Frequently Asked Questions

What is EU Cyber Solidarity Act (Regulation (EU) 2025/38)?

EU Cyber Solidarity Act (Regulation (EU) 2025/38) is a compliance framework from European Union with 5 domains and 18 controls. Regulation (EU) 2025/38 (the Cyber Solidarity Act, CSA) builds Union-level cybersecurity solidarity and response capacity through three pillars. Pillar 1 - the European Cybersecurity Alert System - establishes a Union-wide network of National Cyber Hubs and Cross-Border Cyber Hubs (deployed SOC consortia) for early detection of significant cyber threats and incidents across critical sectors, with information sharing inside and across the network and into Union-level networks (CSIRTs network, EU-CyCLONe). Pillar 2 - the Cybersecurity Emergency Mechanism - supports coordinated preparedness testing of essential and important entities under NIS2, establishes the EU Cybersecurity Reserve of certified private incident-response services available to Member States, Union institutions and DEP-associated third countries, supports mutual assistance and is coordinated with Union crisis management mechanisms. Pillar 3 - the European Cybersecurity Incident Review Mechanism - mandates post-incident review of significant or large-scale cybersecurity incidents, run by ENISA at the request of the Commission, EU-CyCLONe or the NIS Cooperation Group, with lessons-learned reports. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does EU Cyber Solidarity Act (Regulation (EU) 2025/38) have?

EU Cyber Solidarity Act (Regulation (EU) 2025/38) has 18 controls organised across 5 domains. The largest domains are CSA - European Cybersecurity Alert System (Ch II) (6 controls), CSA - Cybersecurity Emergency Mechanism (Ch III) (5 controls), CSA - Final Provisions (Ch V) (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does EU Cyber Solidarity Act (Regulation (EU) 2025/38) map to?

EU Cyber Solidarity Act (Regulation (EU) 2025/38) maps to 4 other compliance frameworks. The top mapping partners are NIS2 Directive (33% coverage), EU Network Code on Cybersecurity for the Electricity Sector (17% coverage), DORA (6% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with EU Cyber Solidarity Act (Regulation (EU) 2025/38) compliance?

Start your EU Cyber Solidarity Act (Regulation (EU) 2025/38) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about EU Cyber Solidarity Act (Regulation (EU) 2025/38) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 18 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.

Get Started Free →

Free forever — no credit card required