login
login
Image header Agence Europe
Europe Daily Bulletin No. 13902
SECTORAL POLICIES / Digital

European Commission to propose its own AI model evaluation capacity and a common approach for access to AI models

The European Commission is expected to present, on Tuesday 7 July, a new ‘Action Plan on Artificial Intelligence and Cybersecurity’ aimed at equipping the EU with its own capacity to evaluate artificial intelligence models, including from a cybersecurity perspective, and to accelerate the development of European AI-based cybersecurity solutions. This initiative follows revelations that the Mythos model developed by Anthropic is capable of detecting concealed software vulnerabilities, fuelling fears that it could be used as a cyberweapon, as well as the decision by the United States to restrict access to this model to non-American users.

‘Frontier AI’ capabilities are mainly developed outside the European Union and their availability often depends on opaque foreign processes. Knowledge of these capabilities and access to them therefore constitute not only an issue of digital resilience, but also one of European technological sovereignty. To preserve this sovereignty, the Union must ensure that the deployment of advanced AI-based cybersecurity capabilities does not create new strategic dependencies”, states a draft action plan seen by Agence Europe.

The document is structured around three priorities: making ‘frontier AI’ safe, accessible, and deployable in the service of European cybersecurity; preparing the European cybersecurity ecosystem for the age of artificial intelligence; and strengthening European capabilities in AI applied to cybersecurity.

A European capacity to evaluate AI models. The Commission is first proposing to create, in 2027, a European capacity to evaluate AI models. The objective is to enable the Union “to evaluate ‘frontier AI’ models before they are placed on the market, including from a cybersecurity perspective”. This capacity would support the regulatory activities of the European AI Office, by offering “a European solution for third-party evaluations concerning AI models and the mitigation measures associated with them”. To that end, the Commission will propose criteria applicable to independent evaluators.

A European framework for structured access to advanced AI capabilities for cybersecurity purposes. By the fourth quarter of 2026, and in cooperation with the European Union Agency for Cybersecurity (ENISA), the Commission will draw up a European framework (European Blueprint) designed to organise access to advanced AI capabilities for cybersecurity purposes so that European organisations can access them “safely” and “without undue delay”. This initiative comes in the wake of restrictions imposed by the United States concerning access to Mythos and Fable models from Anthropic, and then, more recently, to the GPT-5.6 model from OpenAI.

These guidelines will specify the criteria to be taken into account when granting access to AI models with advanced cyber capabilities to the different categories of European organisations – Union institutions, national authorities, operators of critical infrastructures, cybersecurity providers, and research bodies. This framework should also include contingency measures applicable in the event of a restriction or withdrawal of access to an advanced model by its provider or by the authorities of a third country. If access to a ‘frontier AI’ model were to prove necessary for purposes of general interest, the Commission, in cooperation with the Member States, would examine the possibility of resorting to existing financial instruments, including joint procurement procedures in order to obtain collective access to these models.

A secure European platform for testing advanced AI models. ENISA and the Commission’s Joint Research Centre (JRC) will develop, in the fourth quarter of 2026, a secure European testing platform intended to evaluate AI models with advanced cyber capabilities in cybersecurity-related use cases in order to accelerate their deployment under optimal security conditions.

Accelerating the preparedness of critical sectors and SMEs in the face of AI-driven cyber threats. As part of the second pillar of the plan, the Union intends to accelerate measures designed to strengthen companies’ resilience to cyberattacks exploiting artificial intelligence. It will encourage the use of “the full range of available AI capabilities” in order to strengthen organisations’ cybersecurity and correct the most critical vulnerabilities.

From the third quarter of 2026, ENISA will publish, in cooperation with the other competent Union bodies, guidelines, recommendations and best practices relating to protection against AI-based threats and the secure integration of this technology into cybersecurity operations.

In the fourth quarter of 2026, ENISA will launch, with the Commission, the Member States, open source communities, and industrial players, an initial pilot project for a critical open-source software resilience campaign, aimed at accelerating the patching of vulnerabilities, notably thanks to AI.

An ‘EU Grand Challenge’ to foster the emergence of European AI-based cybersecurity solutions. As part of the legislative package on ‘Tech Sovereignty(see EUROPE 13880/1), the Commission has already begun consultations with the Member States and the European Investment Bank Group on the possible creation of a new European equity investment capacity intended to finance strategic projects, notably in the field of ‘frontier AI’.

In order to accelerate the development of European AI-based cybersecurity solutions, it will launch, in the fourth quarter of 2026, a EU Grand Challenge, bringing together European companies specialising in AI and cybersecurity, research bodies, operators of critical infrastructures, and open source communities.

According to the draft plan, this initiative will help bring research and operational deployment closer together, test promising solutions in realistic environments and, ultimately, make them available to European organisations.

The Commission also plans to open access to the computing power of ‘AI Factories’ in order to test, train and deploy advanced and ‘frontier’ AI models intended to strengthen cyber resilience on sovereign computing infrastructures.

Lastly, it will work with the Member States and industry on the development of training modules on the use of AI in cybersecurity within the framework of the Cybersecurity Skills Academy, also from the fourth quarter of 2026.

Strengthening cooperation with like-minded partners. The European Union intends to strengthen its cooperation with “like-minded” partners, in order to promote “a trustworthy and safe global approach to ‘frontier AI’ and cybersecurity”, notably within the G7, but also to step up its exchanges with NATO on the opportunities and risks linked to ‘frontier AI’ capabilities in the cyber field. (Original version in French by Ana Pisonero Hernández)

Contents

IRISH PRESIDENCY OF THE COUNCIL OF THE EUROPEAN UNION
EXTERNAL ACTION
SECURITY - DEFENCE
SECTORAL POLICIES
ECONOMY - FINANCE - BUSINESS
INSTITUTIONAL
FUNDAMENTAL RIGHTS - SOCIETAL ISSUES
NEWS BRIEFS