Cybersecurity Study on the Western Balkans

Albania | Bosnia and Herzegovina | Kosovo | Montenegro | North Macedonia | Serbia
Albania | Bosnia and Herzegovina | Kosovo | Montenegro | North Macedonia | Serbia
01/2022 - 07/2022
599 116 €
Project manager
Funded by
European Commission

The overall objective of the project is to support the EU’s actions in strengthening and improving the cyber resilience capacities of the Western Balkan countries in order to better address the challenges of cyber threats and improve their overall security, in compliance with EU acquis and best practice.

Highlighted by the European Union’s Cybersecurity Strategy for the Digital Decade, „Improving cybersecurity is essential for people to trust, use and benefit from innovation, connectivity and automation, and for safeguarding fundamental rights and freedoms, including the rights to privacy and to the protection of personal data, and the freedom of expression and information. Cybersecurity is indispensable to the network connectivity and the global and open Internet that must underpin the transformation of the economy and society in the 2020s.“ (European Union 2020, 4) Both the 2017 Joint Communication on ‘Resilience, deterrence and defence: Building strong cybersecurity for the EU’ as well as the 2020 ’EU’s Cybersecurity Strategy for the Digital Decade’ recognised the significance of capacity building in third countries to increase the global level of cybersecurity.

Additionally, the 2018 Western Balkans Strategy and its Digital Agenda flagship note the EU Commission’s intention to support cybersecurity capacity building. Thus, the EU and the Western Balkan region have a common objective to improve online security and trust.

The project will identify and analyse the cybersecurity capacity building needs of Western Balkans economies and opportunities for the European Commission engagement. The analysis will set clear priorities, baselines and targets for a potential future action.

The study will cover the following:

  • Legislative, policy and institutional framework on cybersecurity and alignment with EU acquis;
  • Operational capabilities of competent authorities and Computer Emergency Response Teams (CERTs)/Computer Security Incident Response Teams (CSIRTs) to deal with cyber threats and incidents and to mitigate risks (including through regional and international cooperation);
  • Identification of operators of essential services (as per NIS Directive and proposed revised NIS Directive) and their cooperation with CERTs/CSIRTs within and between beneficiaries;
  • Legislative and policy framework covering operators of essential services and alignment with EU acquis and alignment of the the Western Balkan regulatory framework with the Directive (EU), 2016/1148 concerning measures for a high common level of security of network and information systems across the European Union (NIS Directive) and a revised NIS Directive,
  • Public-private cooperation in the area of cybersecurity.




* The designation of Kosovo is without prejudice to positions on status, and is in line with UNSCR 1244/1999 and the ICJ Opinion on the Kosovo declaration of independence.