Challenge

Across Europe, critical infrastructures and essential services are under increasing pressure from a rapidly evolving and highly complex cyber threat landscape. While recent initiatives by the European Union, including the NIS2 Directiveand the Directive (EU) 2022/2557 on the resilience of critical entities, have strengthened the regulatory foundation, they also highlight a clear reality: current cybersecurity capabilities are not keeping pace with emerging risks.

A key challenge lies in the growing sophistication and frequency of cyberattacks, particularly those linked to hostile state actors. These threats are no longer isolated incidents, they are coordinated, persistent, and capable of disrupting essential services at scale. As infrastructures become more interconnected, vulnerabilities in one sector can quickly cascade into others, amplifying the overall risk.

At the same time, organisations face a critical shortage of cybersecurity expertise. Advanced systems such as Security Information and Event Management (SIEM) platforms remain difficult to operate without specialised knowledge, limiting their effectiveness and slowing response times. This creates a dangerous gap between the complexity of threats and the ability of organisations to detect and respond to them efficiently.

Another pressing issue is Europe’s reliance on non-EU cybersecurity technologies. The limited availability of European-made, AI-driven cybersecurity platforms, particularly those aligned with strict EU regulatory requirements, poses risks to both security and technological independence. Strengthening European digital sovereignty has therefore become a strategic priority.

Additionally, organisations struggle with data overload and limited actionable insight. Vast volumes of security data are generated daily, yet identifying subtle indicators of compromise requires advanced analytical capabilities that many organisations currently lack. Without proactive detection and guided risk management, threats often remain unnoticed until they escalate.

Finally, there is a need for continuous preparedness, training, and regulatory alignment. EU Member States and organisations must regularly assess risks, improve response strategies, and ensure compliance with evolving frameworks such as the Cyber Resilience Act. However, existing tools often fall short in providing accessible, scalable, and user-friendly solutions to support these ongoing efforts.

The LLM4CIP project is designed to address these interconnected challenges, by delivering a next-generation, AI-driven cybersecurity platform. That will enhance preparedness, will empower a broader range of users, and will strengthen Europe’s technological sovereignty and long-term resilience.

Our Role

EUNL plays a key role in ensuring that the project is firmly aligned with the European legal and ethical landscape. It will lead the analysis of applicable legal and ethical requirements, mapping them against major EU frameworks such as the NIS2 Directive, the Cyber Resilience Act, and the AI Act, while identifying practical challenges in their implementation.

In addition, EUNL will oversee compliance management and continuous monitoring throughout the project’s lifecycle, ensuring that all research and innovation activities adhere to relevant regulations and ethical standards. To support long-term impact, EUNL will also develop comprehensive training materials, equipping stakeholders with the knowledge needed to understand and apply legal and ethical principles within the project’s context.