The EU’s international politics of cyberspace in an emerging post-liberal order


Peace, Security & Defence

Picture of André Barrinha
André Barrinha

Senior Lecturer in International Relations at the University of Bath, UK

Picture of Thomas Renard
Thomas Renard

Senior Research Fellow at the Egmont Institute and Adjunct Professor at the Vesalius College, Brussels

Far from the utopian dreams of being a ‘normative power’, the European Union has in recent years become a more pragmatic actor in the international arena, as enunciated in the 2016 Global Strategy. To cite Ursula von der Leyen, the new ambition is to become even more ‘geopolitical’ in the coming years. This evolution partly reflects an adjustment to a changing global order, which is progressively shifting towards a ‘post-liberal’ reality. This new system will be defined by global power shifts, competing norms and values, and different visions of global governance – and commitment to it.

In external relations, the EU’s self-distancing from a purely normative stance, remains at least partly constrained by two somewhat paradoxical features. On the one hand, it seems to display a more relaxed attitude towards a change in the international order than the US, as it is not competing for international hegemony. On the other hand, its dependence on the values and principles of the liberal order means that the EU has a vested interest in safeguarding as much as it can from the fading liberal order.

These dynamics also play out in cyberspace, which is increasingly considered to be one of the main geopolitical arenas of the 21st century. The last decade has witnessed the EU’s development of a more strategic approach to cyberspace. Although it was initially committed to the proactive promotion of liberal values, it has gradually shifted towards a more ‘geopolitical’ understanding of the (cyber)world.

The diplomacy toolbox was given teeth with the approval of a sanctions regime

In 2013, the EU issued its first Cyber Security Strategy, in which it outlined the aim to create a “coherent international cyberspace policy” where it could promote core values such as “human dignity, freedom, democracy, equality, the rule of law and the respect for fundamental rights.” A couple of years later, the Council Conclusions on Cyber Diplomacy reiterated some of these points, but added a more political dimension to it, as it was emanating from the Council.

In 2017, the EU’s Cyber Diplomacy toolbox signalled a shift towards a greater focus on the EU’s own cybersecurity. This included a clear mandate to devise an EU-wide sanctions regime for those guilty of attacking the EU’s information infrastructures. The following year the Council issued its Conclusions on malicious cyber activities. There, the EU defended upholding international law in cyberspace and engaging in cooperative multilateral and bilateral relations, but mostly took the opportunity to condemn cyber-attacks such as WannaCry and NotPetya.

Finally, in 2019, the diplomacy toolbox was given teeth with the approval of a sanctions regime. This was welcomed as a clear mark of the EU’s more assertive stance in this field. However, it should also be greeted some caution, given the unclear implications of the regime on relations with third states.

A topic that was largely neglected over a decade ago, is now very much central to the EU’s sense of security

In practice, it is now possible for the EU to impose sanctions on specific individuals without attributing a cyber-attack or its sponsorship to state actors. This will be problematic, not only in terms of relations with the state of origin of that citizen, but also in terms of how individual EU member states may be affected by such a decision. Smaller member states, in particular, could be exposed to pressures from external strategic partners in case one or more of its citizens are at the receiving end of the EU’s targeted restrictive measures. In a progressively post-liberal order, the price of action –  or inaction –  can be equally high.

Indeed, and to conclude, the EU’s shift towards a more (geo)political stance on the international stage has become far more visible in the realm of cyberspace. A topic that was largely neglected over a decade ago, is now very much central to the EU’s sense of security and international activity. Even if much has been achieved, both on the domestic front – with the NIS Directive being its flagship initiative – and in the foreign policy realm, it is still necessary to increase resources and trust between member states so as to better shape the international agenda on these matters. With the sanctions’ regime, the EU has certainly moved up a notch in that regard, but greater effort, investment and diplomacy will be needed in an increasingly competitive and aggressive world.

Related activities

view all
view all
view all
Track title


Stop playback
Video title


Africa initiative logo