European Commission welcomes G7 cybersecurity declaration to strengthen global digital resilience

The European Commission welcomes the adoption of the G7 Cybersecurity Working Group Declaration, an important step towards fortifying collective cyber defences against evolving digital threats.

Under France's G7 Presidency, and with the leadership of the Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI), the Declaration underscores the urgent need for coordinated action on post-quantum cryptography, AI-related cybersecurity risks, telecoms resilience, and the protection of SMEs - key priorities that align closely with the EU's cybersecurity strategy.

Key priorities outlined in the Declaration:

• Post-Quantum Cryptography (PQC) Migration: With the advances in quantum computing, the G7 calls for a coordinated action across industry and government to mitigate risks and enable secure adoption of PQC, and considers the transition to PQC an urgent priority, that organizations can no longer afford to postpone. The EU adopted a roadmap in 2025 to ensure a coordinated transition to PQC, setting out clear deadlines for critical use cases.
• Cybersecurity risks from and to AI Systems: The declaration highlights the dual-edged nature of generative AI, and specifically Large Language Models (LLMs) - both as a tool for cyber offenders and a target themselves (e.g., model poisoning, data breaches). The G7's Minimum Elements for an AI Software Bill of Materials (SBOM), led by Germany and Italy, can help assess and reduce the cybersecurity risks to and from AI systems. The Commission will continue working with partners to engage on the topic of AI and cybersecurity. The declaration further highlights the role that emerging AI cyber capabilities, such as AI-assisted vulnerability discovery and AI-assisted code generation, will have on software security and the patching of vulnerabilities. The Commission is working on an action plan on AI and cybersecurity that will include concrete actions to support Member States and companies in Europe to address cybersecurity risks from AI and to bolster Europe's advanced AI cybersecurity capabilities.
• Telecoms cybersecurity: Recognising telecoms as critical infrastructure and highlighting the systemic risk created by the technical complexity and growing interdependency of our networks, the G7 Cybersecurity Working Group will serve as a forum to coordinate the digital security policies among partners. The EU's Network and Information Security (NIS2) Directive already sets high standards for telecoms resilience, and the Commission's proposal for the revised Cybersecurity Act aims to increase the security of ICT supply chains in the telecommunication sector.
• Empowering SMEs: SMEs are the backbone of the economy yet remain vulnerable to cyberattacks. The declaration's focus on "secure by design" principles for products to help secure our critical SMEs echoes the EU's Cyber Resilience Act, which mandates cybersecurity in digital products throughout their lifecycle. The Commission is working jointly with ENISA to develop support measures targeted at SMEs, including accessible cybersecurity guidance and tools to reduce burdens on SMEs.

Regarding the next steps, the Commission will actively engage in the G7 Cybersecurity Working Group's autumn meeting to advance these priorities, leveraging EU frameworks, to finalise the work prior to transitioning the presidency of the G7 Cybersecurity Working Group to the United States of America for 2027.

Related topics