• Shared early warning systems and crisis communication channels could significantly improve preparedness against North Korean cyber operations – as well as other threats.
• Developing domestic certification standards aligned with EU benchmarks could protect Korea’s global market competitiveness while ensuring resilience.
• In Korea’s context, a cyber crisis playbook with especially the U.S. could help streamline joint responses to attacks.

Over the past decade, South Korea has considerably deepened its relations with Europe and NATO in the areas of cybersecurity and cyber defence. On the one hand North Korea’s increasingly hostile cyber posture is not seen in Europe as a regional nuisance but as a global threat capable of disrupting financial markets, stealing critical technologies, and destabilizing international institutions. For instance, DPRK’s global WannaCry malware attack already in 2017 had its role in mobilising EU in the area of cybersecurity, leading the Union and Member States to initiate several groundbreaking agreements aimed at enhancing the EU’s acting in unison and solidarity – such as the Cyber Diplomacy Toolbox, a new cybersecurity strategy, the proposal of a cybersecurity certification scheme etc.

At the same time South Korea has been active in building bridges with European and NATO countries in practical cybersecurity capacity development, such as for instance joining the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Estonia as the first non-NATO country from Asia, including contributing to the Centre’s technical cyber defence exercises such as Locked Shields and Crossed Swords. The CCDCOE in turn has supported the Seoul-based exercise APEX since 2024, in terms of exercise design, scenario development, and critical system simulation such as power grids, web services etc.

The growing number of cybersecurity cooperation avenues between the geographically remote but likewise liberal and democratic parties is complemented by the European Union and Republic of Korea Cyber Dialogue which to date has taken place already seven times, bringing together the European External Action Service, the EU member states representatives as observers and several institutions from the Korean side, including the Ministry for Foreign Affairs, the National Cyber Security Centre (NCSC), the Supreme Prosecutors’ Office, the Korean National Police Agency, and the Korea Internet & Security Agency (KISA).

As a conclusion, with some exaggeration, it may be said that on one hand the linkage between Locked Shields and APEX, and on the other hand the cyber dialogues symbolically include Korea in a broader allied cyber defence framework that includes most of the democracies in East Asia, North America and Europe. Concurrently however, it would be of value to shed light on one of the most recent steps that the EU has taken in building its capacity for cross-border collective action in responding to cyber threats – the 2025 Cybersolidarity Act (CSoA). What is it about and how might it be of benefit for South Korea in developing its cybersecurity policies and posture?

Regulating cybersecurity in Europe

European history has since the second half of the 20^th century been one of increasing integration and collaboration between nation states. With the majority of European countries today being members of both NATO and the EU, both the need and the capacity for collective action against threats in cyberspace have been a matter of discussion in both organisations. Whereas NATO in 2016 agreed to cyberspace being one of the Alliance’s domains of operations (i.e. an area where it should prepare sufficient capacity for cyber operations, including those in the context of collective defence), EU’s approach can be said to have focussed more on shaping the cybersecurity-related legal and regulatory framework that applies Union-wide (e.g. agreeing on directives such as the NIS and the NIS2 that every individual member state will need to transpose to national legislation).

Against this background, the 2025 EU Cybersolidarity Act offers important insights. By framing cybersecurity as a collective good and embedding cooperation into institutional frameworks, the EU has created a model that holds relevance beyond Europe’s borders. For South Korea, examining this approach provides a timely opportunity to reflect on how to enhance its own cyber posture — both at home and through international partnerships.

EU’s new cybersecurity capabilities

For Europe, the CSoA marks a paradigm shift in cybersecurity policy. When earlier EU initiatives emphasised harmonisation of national frameworks and information sharing, the CSoA introduces operational tools intended to enable joint detection, response, and recovery in the face of major cross-border cyber threats.

In short, with generous EU funding support, the new regulation calls upon the member states to develop the following three main pillars:

• A cybersecurity alert system (earlier also referred to as the European Cybersecurity Shield) which stands for a new network of cross-border Security Operations Centers (SOCs) designed to provide real-time threat detection, AI-driven monitoring, and intelligence sharing. These SOCs aim to create a “radar” for cyber threats across the EU, pooling resources to protect smaller member states as effectively as larger ones.

• A Cyber Emergency Mechanism framework for joint preparedness and response to large-scale cyber incidents, including funding support, coordinated assistance, and deployment of a “cybersecurity reserve” of trusted private-sector providers.

• A Testing and Certification Infrastructure which brings together the EU-wide capacity to test, audit, and certify critical technologies and infrastructures (e.g., energy, health, transport, telecom), ensuring they meet high security standards.

Taken together, the Act underscores Europe’s commitment to solidarity — treating cyber resilience not as a national issue but as a shared regional good. Furthermore, the solidarity and assistance capacity to be developed will also be available to non-EU countries which at the same time are members of the Digital Europe Programme. Today they include Moldova and the inclusion of Ukraine is currently in progress.

Korea’s current cybersecurity posture (from a European perspective)

Cybersecurity challenges that South Korea faces are not 1:1 identical to those of the EU as a whole, or to individual member states. Whereas especially since Russia’s aggression against Ukraine, the former has also become the number one cyber threat for Europe (“supported” by continued malicious efforts also from the other “usual suspects”), undiscriminating any of the member states, the key specifics of the ROK cybersecurity landscape include the following:

• The Persistent Threat from North Korea - the Lazarus Group and affiliated cyber units that conduct operations ranging from intellectual property theft to crypto-financed sanctions evasion. These activities directly target South Korea’s defence, financial, and critical infrastructure sectors. The DPRK views cyber operations as a core asymmetric weapon making ROK’s challenge qualitatively more severe.
• A Hyper-Digitalized Economy - ROK ranks among the world’s most advanced countries in internet penetration, smart city infrastructure, and adoption of emerging technologies such as 5G. This interconnectedness magnifies vulnerability to disruptions. As is often the case with Western tech companies that are global rather than national, there could be the challenge of being globally advanced but often siloed from public cybersecurity efforts.
• Alliance-Centric Security – apart from the Europe and NATO-focussed initiatives mentioned before, Korea’s cyber defence posture has largely been developed through its alliance with the United States, including joint exercises, information sharing, and bilateral agreements. Yet regional cooperation in East Asia remains underdeveloped compared to Europe’s model.

Key takeaways from CSoA

Although Europe and Korea therefore face different threat environments, the EU Cybersolidarity Act provides at least four lessons that could be of use for South Korea.

1. The Value of Regional Solidarity

Europe recognizes that cyber resilience cannot be achieved in isolation. By pooling resources and creating regional SOCs, the EU ensures that even smaller states can benefit from cutting-edge detection and response mechanisms. Geography and political systems make EU-like integration in Asia unlikely but cooperation between liberal democracies in East Asia could create a foundation. Shared early warning systems and crisis communication channels could significantly improve preparedness against North Korean cyber operations – as well as other threats.

2. Institutionalized Crisis Response

The EU’s Cyber Emergency Mechanism ensures that when a member faces a severe incident, others can step in to provide technical and financial assistance. In Korea’s context, a cyber crisis playbook with especially the U.S. could help streamline joint responses to attacks.

3. Embedding Cybersecurity in Critical Sectors

The EU’s focus on certification and testing emphasizes that cyber resilience must be built across the society and beyond the defence establishments, to include civilian infrastructure and high-tech industries. For Korea, this is particularly relevant given its reliance on semiconductors and next-generation telecoms. Developing domestic certification standards aligned with EU benchmarks could protect Korea’s global market competitiveness while ensuring resilience.

4. Diplomatic Cybersecurity Alliance with EU

As the world’s biggest single market, the EU and its regulations have proven their potential to serve as role models for other regions and shape global norms. Aligning more closely with EU initiatives could strengthen Korea’s role in forums such as the UN’s cyber dialogues, while positioning Seoul as a bridge between Western and Asian approaches.

Conclusion

Adapting EU’s solutions in Korea would not be easy or straightforward. In the EU, achieving pan-European consensus on an issue is often based on multi-month (if not multi-year) negotiations between the member states, in the European Parliament and including the European Commission. However, as 2025 has shown, the world is changing rapidly and there could be merit in building new frameworks, including for the purpose of thereby also enforcing the existing alliance structures. Therefore, with the author’s all due respect for Korea’s choices, the following avenues could be explored: 

• In engagements with EU counterparts, expand the dialogues on cybersecurity to include structured cooperation on threat detection, certification, and joint exercises.

• In building domestic cyber resilience, leverage EU frameworks to build resilience in sectors like semiconductors, cloud computing, and AI governance.

• In regional relations explore options for creating foundations for cyber solidarity among likeminded democracies.

• Champion the idea of cyber solidarity as a principle of international cooperation, positioning Korea as a thought leader in global digital governance.