Hybrid threats, and cyber threats in particular, have become an integral part of modern warfare, as the war in Ukraine has shown since 2022. They pose a particular challenge to Europe's two military and security organisations, NATO and the EU. However, the state of readiness of the two organisations in terms of cyber defence is very different. The aim of this paper is therefore to examine the division of responsibilities between the EU and NATO and the common challenges they face in this area. The paper will analyse the strategic discourses they deploy by relating them to the institutional frameworks that shape them, in order to identify how the two organisations have shaped their cyber defence policies ahead of 2022. The second part will then seek to shed light on how cyber defence governance is organised in the two organisations, in order to better explore the points of convergence and divergence between them, as well as the common challenges they face in terms of cyber defence. The main idea is to explore how an ecternal shok (the war in Ukraine) combined with internal turmoil within NATO since Trump's return to power tends to shape the evolution of cyberdefence bewteen the EU and NATO, and to assess if the EU's cyberdefence policy has strated to draw lessons to incease EU's strategic autonomy in the cyberspace.

Private companies are now central to cybersecurity management and resilience across Europe. Never has public-private cooperation been so important to national security policy. The success or failure of cybersecurity depends crucially on this relationship and its ability to steer complex technologies. Yet there is a remarkable dearth of knowledge about this process at the national level and how it can be theorised. Whilst the literature on the European Union (EU) as a cybersecurity actor has surged in recent years, in particular following its ‘technologically sovereignty’ turn (Farrand et al 2024; Barrinha and Christou 2022) we know much less about the European nation-state landscape. Here, private companies not only provide key ‘public’ services, including cybersecurity, but also shape policy (Carrapico and Farrand 2016). This interplay between public and private actors creates what has been described as "hybrid sovereignty" (Srivastava 2022), where traditional notions of state sovereignty are redefined through collaborative and interdependent governance frameworks. Our paper aims to expand the concept of hybrid sovereignty by further exploring how it can operationalised to explain the dynamics present in the field of European cybersecurity, in particular comparing ‘idealised sovereignty’ and ‘lived sovereignty’.

Over the past decade, the European Union (EU) has increasingly framed its cybersecurity policy as “human-centred”, linking digital security to citizens, trust, fundamental rights and societal resilience. Despite the growing prominence of this language, the concept remains conceptually ambiguous and has received limited systematic analysis in the academic literature. Existing research on EU cybersecurity has primarily focused on geopolitics, digital sovereignty, regulatory power or risk management, often treating the human-centred dimension as a rhetorical element rather than as an analytical object in its own right. This paper addresses this gap by asking: what does “human-centred” mean in EU cybersecurity policy? It then explores the broader political implications of this articulation for understanding the EU’s role as an international cyber actor. Empirically, the paper draws on a qualitative thematic analysis of selected EU cybersecurity policy documents from 2013 to 2025, identifies, analyses, and reports meaningful patterns within their discourses. The analysis follows an inductive approach and is theoretically informed by the human security literature, which provides a people-centred understanding of security focused on individuals as the referent object of security. This framework is used to interrogate how security referent objects, protection mechanisms and governance logics are constructed in EU cybersecurity discourse. Following the identification of key themes, a second analytical step examines the broader political implications of these themes for understanding the EU’s positioning and role as an international cyber actor This paper contributes to debates on EU cybersecurity governance by clarifying the substantive meaning of the human-centred label. It shows how this articulation shapes the EU’s broader positioning and ambitions in the international cyber domain, and how it supports the EU’s role as a distinctive international cyber actor.

Against the backdrop of increasing tech-nationalism where technology becomes a central terrain of geopolitical competition, the question of access to supply chains becomes fundamental. The paper investigates the politics of these supply-chains by asking how is it possible that on the one hand we observe an increasing discourse over the nationalisation of supply-chains while on the other hand these supply-chains are necessarily globalised in order to stay economically and technologically competitive?

In this paper I argue that core to this tension is a renegotiation of the relationship between public and private actors. Public actors, especially governments, proclaim the need to secure national access to crucial supply-chains of for example raw materials or high-tech components necessary for AI. Governments are reliant on private companies within these supply chains. However, companies providing high-end technology also rely on national governments for subsidies and non-monetary support. Multinational corporation (MNCs) face the increasing need to position themselves within the geopolitical rivalry as evidenced by the ever-growing policy departments of MNCs and the publicly visible withdrawal from certain market (i.e. Russia). However, the MNCs are embedded in a thoroughly globalised industry that cannot (easily) be nationalised. For example, in order to stay competitive, the production of high-end semiconductors needs to be globalised as the different raw materials, chemicals and processing steps take place in different parts of the world. Even this short note already highlights that relationship between public and private actors is multi-layered and constantly renegotiated.

Methodologically, the paper draws on a qualitative case-study of two companies that are both parts of the semiconductor supply-chain: Avantor (chemicals) and ASE Technology (packaging and testing). Through an in-depth case study of legal regulations, technical primers and press releases an in-depth understanding of the relationship of these companies and their relationship to geopolitical struggles becomes possible. This paper is unique in its ability to provide a political analysis of a crucial part of the supply chain of semiconductors that are essential for innovative AI and other technologies. The paper will thus offer an innovative empirical study combined with a timely conceptual analysis.

The rapid development of digital technology has disrupted almost every aspect of contemporary life. The question of how governments should respond to the pervasion of digital technology over daily life is still open, especially when global governance faces disruption and cooperation is becoming increasingly unstable. This essay focuses on the currency of that technological change, which is now by extension the dominant currency of all relations: data. In a world of heightened competition, the governance of data has become a battlefield for governments, with the US and China rising as dominant data ecosystems affording them enormous power.

Responding to these combined disruptions of the digital revolution and unstable international relations, this essay proposes the creation of a ‘European Data Community’ (EDC) based on the principles of solidarity, sovereignty and commoning, as a comprehensive framework for data governance in Europe. As the most powerful political community without a well-developed data ecosystem, EU states are reliant on US data companies for the management of trillions of data points concerning their citizens on a daily basis. The EDC would establish regulatory control, public ownership and collective use over data generated in participating states, allowing European societies to align data governance with their values and needs, creating a commercially successful data innovation ecosystem, and protecting Europe from reliance on external actors. As a long-term strategy, an EDC would provide Europe with significant benefits and minimise the risks that current approaches have for Europe’s economy, society and political institutions. This essay will first discuss the contemporary discourse on data governance in the context of global politics. It will then explore emerging critical perspectives in data governance, outlining ‘data solidarity’, ‘data sovereignty’ and ‘data commoning’ as key concepts. Finally, it will outline the proposal of an EDC based on those values, justifying its necessity and then outlining the policy implications and benefits the agreement would have.