Aug. 29, 2025 –
The European Commission has officially handed the reins of the EU Cybersecurity Reserve to ENISA, the European Union Agency for Cybersecurity, with a €36 million, three-year contribution agreement. The deal formalizes ENISA’s role in administering and operating this new rapid-response mechanism to support Member States during major cyberattacks.
This announcement is especially relevant to eeNews Europe readers working in critical sectors, managed security services, and digital infrastructure, as it highlights future procurement opportunities, MSS certification, and a growing reliance on public-private cyber defense partnerships.
The EU Cybersecurity Reserve, introduced under Article 14 of the EU Cyber Solidarity Act, is designed to provide incident response support in the event of significant or large-scale cybersecurity incidents. The reserve will be powered by services contracted from trusted managed security service providers (MSSPs), selected through public procurement calls.
These pre-arranged services will be available to operators in critical sectors covered under the NIS2 Directive, EU institutions and agencies, and even third countries associated with the Digital Europe Programme. National CSIRTs or cyber crisis authorities will route support requests, and CERT-EU will handle them for Union institutions.
ENISA will oversee the procurement, monitor the execution of these services, and evaluate incoming requests. The agency will leverage its prior experience managing the ENISA Cybersecurity Support Action, which concludes in 2026.
One notable feature of the reserve is its flexibility: if no incidents require response services during the commitment period, ENISA reallocates those services to preparedness and prevention—ensuring efficient use of EU funding.
“ENISA will be procuring services for the EU Cybersecurity Reserve,” the agency stated, emphasizing its operational readiness to manage support requests, including those from DEP-associated third countries. The Commission has also worked closely with ENISA and EU-CyCLONe to streamline request submission procedures for rapid response during crises.