The Externalisation of the EU’s Cybersecurity Regime:The Cyber Diplomacy Toolbox

It is often claimed that there is a blurring line between external and internal security in the EU with both being increasingly intertwined. Apart from providing the state of affairs in EU cybersecurity law and policy, the argument of this contribution is that these internal-external links are also visible in a growing tendency towards the externalisation of the EU’s cybersecurity policy. Typical interior policy fields in that area that were tackled through the internal market and the Area of Freedom Security and Justice (AFSJ) legal bases, are now penetrating the field of action of the Common Foreign and Security Policy (CFSP). This tendency towards a growing externalisation of the EU cybersecurity will be demonstrated by analysing the emblematic EU’s Cyber Diplomacy Toolbox and its deterrence instrument: restrictive measures in response to cyber-attacks. Our analysis pinpoints a number of limitations for the EU’s common action under the CFSP, including problems of attribution and evidence collection. Our Article questions whether the CFSP is fit for the digital age and what repercussions cyber threats may have for the future of the EU CFSP and its Cyber Diplomacy Toolbox