Cybersecurity and AI: EU Commission action plan targets energy, transport and industry
On 7 July 2026 the European Commission unveiled an action plan linking cybersecurity and AI: an advanced-model evaluation capacity by 2027, an ENISA reference framework for structured access to AI in cybersecurity, and a secure testing platform for critical-sector operators (energy, finance, health, transport, public administration).
On 7 July 2026, the European Commission unveiled an action plan explicitly linking cybersecurity and artificial intelligence. The goal is twofold: govern the risks advanced AI models pose to digital security while accelerating their defensive use to strengthen critical infrastructure resilience. A European capacity to evaluate models before market entry is expected to be operational by 2027, with an explicit focus on cyber vulnerabilities. In parallel, the Commission and ENISA are building a reference framework giving public and private organisations structured, transparent access to advanced AI capabilities for cybersecurity purposes.
The key point for aerospace, O&G and energy: ENISA and the Joint Research Centre will open a secure testing platform letting critical-sector operators — energy, finance, health, transport, public administration — trial AI applications in simulated environments without exposing production systems. This is a rare entry point: testing high-risk AI use cases (intrusion detection on SCADA systems, predictive maintenance on sensitive infrastructure) in an EU-backed sandbox rather than on one's own operational assets.
Cardan-AI's take: this plan reflects a structural shift. AI is no longer seen purely as a cyber risk surface but as a genuine defensive tool — the Commission explicitly recommends leveraging open-source models to detect and fix vulnerabilities faster, under a security-by-design logic. For heavily regulated, exposed industries such as energy, aerospace and defense, this is a strong signal: tomorrow's cyber compliance will natively embed an AI component, and operators who anticipate this convergence gain both a regulatory and operational head start.
Cardan-AI recommendation: from the plan's entry into force on 2 August 2026, map your existing AI-cybersecurity use cases and identify which could benefit from the future ENISA/JRC testing platform — an opportunity to validate sensitive deployments with EU framework support rather than facing the regulator alone.
Analysis by
Cardan-AI Intelligence
Our research and analysis unit, dedicated to applied AI for business, industry and regulatory compliance.
Let's talk about your next competitive edge
A 30-minute conversation to identify your most profitable AI use cases.
