2026 ENISA International Strategy

ENISA just shared an updated International Strategy four years after the original, with new priority areas reflecting changing geopolitics. 

On February 9th, 2026, the European Union Agency for Cybersecurity (ENISA) published its 2026 International Strategy to lay out “the Agency’s approach to engaging strategically with international partners, such as non-EU countries and international organizations,” with the main goal being increasing cybersecurity levels in the European Union (EU). The document is not the first of its kind - in early 2022, ENISA shared its original 2021 International Strategy with largely similar goals, even with shifting cyber threats from 2021 to the present day. The original plan likewise covered ENISA’s “cooperation with international organisations and with non-EU countries”.

ENISA’s 2026 Strategy describes the Agency’s commitment of resources with three levels: the limited approach, the assisting approach, and the outreach approach.

• In the lowest level approach, ENISA will share information with relevant stakeholders on a provisional basis but “will not commit dedicated resources to pursue this approach beyond its mission or conference costs.”
• The assisting approach is more for non-EU countries or international organizations promoting cooperation in cybersecurity, “when the request is deemed to add significant value to a specific strategic objective and is in line with the Union’s policies”. In such cases, the Agency can share expertise, help coordinate cybersecurity training, work with the EU to develop formal EU cybersecurity Dialogues, and aid international actors with singular cybersecurity activities.
• The final approach hinges on ENISA reaching out to other countries, which permits the Agency to use their own resources or request more funding “to proactively engage with specific international actors”. This may mean setting up a capacity-building program for nearby countries or making working arrangements with relevant nations.

The Strategy’s main guiding principle (a clarifying point that was not included in the 2021 Strategy) is that “ENISA engages at international level to advance cybersecurity in the EU and to advance ENISA’s strategic objectives as defined in the overall ENISA Strategy and acts within its legal mandate.”

ENISA’s priority areas are creating working arrangements with Ukraine and the United States, along with sustaining support for cyber dialogues and cybersecurity in the G7 Cybersecurity Working Group. The Agency’s focus areas also include providing cybersecurity capacity building in the Western Balkans, investing in cooperation opportunities with like-minded groups, and helping non-EU countries associated with the Digital Europe Programme use the EU Cybersecurity Reserve.

As the EU continues to support Ukraine after four years of war, there have been more allocations to strengthen the nation’s cybersecurity specifically. While the US has been aiming for an end to the war by June, it does not seem like the fighting will end soon. In either case, Ukraine will need a working arrangement with ENISA to help with cyber defense, either in the continued war or in the aftermath.

ENISA’s goal of a working agreement with the United States may be a bit tenuous in the next few months. The EU has been working to “de-risk” the continent’s ties to the US, concerned about the Union’s dependence on the US during the Trump administration. In late November, Switzerland essentially banned the use of public hyperscale clouds and Software-as-a-Service (SaaS), prohibiting American companies like Microsoft 365 from being used. French President Emmanuel Macron recently pressed that “Europe must become a power” in light of Trump’s stretch for Greenland. More and more technology tools from the US are being viewed disfavorably as Europeans look for digital sovereignty.

Despite these tensions, ENISA officials still value global collaboration. In the press release for the 2026 International Strategy, the Agency’s Executive Director, Juhan Lepassaar, stressed this belief: “International cooperation is essential in cybersecurity. It complements and strengthens the core tasks of ENISA, to achieve a high common level of cybersecurity across the Union. Together with our Management Board, ENISA determines how we engage at international level to achieve our mission and mandate. ENISA stands fully prepared to cooperate on the global stage to support the EU Member States in doing so.”

Just two months in, 2026 has already shown itself to be an eventful year for testing the EU’s cybersecurity. At the end of January, mobile devices used by staff members of the European Commission were subjected to a cyber intrusion, though quick action prevented any compromise or data theft. On February 6th, 2026, the Dutch government also announced hacks to the Dutch Data Protection Authority and the Judicial Council due to critical Ivanti vulnerabilities. Hopefully, Lepassaar’s confidence in ENISA’s abilities will be well supported by the updated International Strategy.