Source: European Parliament
The Recovery and Resilience Facility (RRF) is at the core of Next Generation EU (NGEU), the EU’s recovery instrument. NGEU was created to help its Member States address the socioeconomic consequences of the coronavirus pandemic and tackle key EU challenges, including the green and digital transitions. RRF implementation has been ongoing since 2021, and just over a year is left until the deadline to meet its objectives in August 2026. EU Member States have so far received, on average, 47.8 % of the total grants and loans in their national allocation. The milestones and targets associated with the payments made so far stand at 30 % of the total. Digital transformation is among the RRF’s core priorities, and one that is shared across EU Member States. An average of 26 % of RRF funding is dedicated to digital objectives in several policy areas, of which digital public services is the largest. In its guidance at the launch of the RRF, the European Commission encouraged Member States to include investment in several digital categories. The priority of enhancing cybersecurity and cyber resilience can be found across several national recovery and resilience plans as a separate reform or investment measure. However, in many of them, it is part of a broader measure addressing, for instance, the digitalisation of public administration, digital-related investment in research and development, investment in digital capacities and deployment of advanced technologies, or supporting small companies to reposition themselves with digital tools that take into account cybersecurity needs. Thus, while not always a manifest objective, cybersecurity considerations are an integral feature of many of the RRF digital measures found across the individual national plans. Implementation of these measures, as of the RRF more generally, is underway and gaining speed. The Commission’s preliminary positive assessments of payments disbursed allow for an examination of the fulfilled implementation steps. Without being exhaustive, they offer an indication of cybersecurity developments in Member States that have been made possible with RRF funding and carried out in the first half of the RRF’s lifetime.