Brussels' AI Cyber Plan to Regulate AI
EU's strategy to assess AI models for cybersecurity
Model Diplomat8 min readEurope

Brussels' AI Cyber Plan Is a Bid to Regulate What the US Won't
The EU's July 7 Action Plan on Cybersecurity and AI turns frontier-model testing into public infrastructure — a direct answer to Washington's chaotic Anthropic ban and China's rising cyber-capable models.
The European Commission on July 7, 2026 unveiled an Action Plan on Cybersecurity and Artificial Intelligence that commits the bloc to a public capability, operational in 2027, to evaluate frontier AI models for cyber-offensive potential before they reach the single market. Stripped of the Brussels boilerplate, the plan does one thing that matters: it converts pre-release model testing from a voluntary favour US labs grant Washington into a legal precondition of EU market access. That reframing — arriving four weeks after the Trump administration's export ban on Anthropic's Claude Mythos scrambled allied access to frontier AI, and 26 days before the AI Act's general-purpose model obligations start biting on August 2, 2026 — is the EU's clearest attempt yet to convert cybersecurity anxiety into leverage over the US-dominated AI stack.
What the plan actually does
The Commission press release, delivered by Executive Vice-President for Tech Sovereignty Henna Virkkunen, sets three objectives: promoting the safe use of advanced AI, reinforcing EU cyber resilience, and scaling European AI cybersecurity capacity, according to the official statement. The operational core sits under the first objective. Brussels commits to building an EU capability to assess advanced AI models before they enter the market and, jointly with the EU Agency for Cybersecurity (ENISA) and the Joint Research Centre, a secure testing platform for five critical sectors: energy, transport, health, finance and public administration.
That capability plugs directly into obligations that already exist on paper. The general-purpose AI rules of the AI Act — including model evaluation, adversarial testing and cybersecurity duties for providers of "systemic-risk" models — start applying on August 2, 2026, an implementation calendar the Commission's AI Act page still lists as binding. The Cyber Resilience Act's product-security regime kicks in by late 2027. Until now, EU regulators had rules without a laboratory. The Action Plan is the laboratory.
Two design choices matter. First, the platform is being built inside ENISA and the JRC — public bodies, not a US-style network of "trusted partner" labs. Second, it is scoped to "advanced" or systemic-risk models, tracking the AI Act threshold rather than any US concept of a "covered frontier model." That divergence, which looks technical, is the diplomatic centre of gravity of the plan.
Why now: the Mythos shock
The context is not subtle. On April 7, 2026, Anthropic revealed that Claude Mythos had autonomously identified high-severity vulnerabilities "in every major operating system and web browser," restricting the model to 42 partners through an initiative it called Project Glasswing, as documented by the BBC. Central bankers went into crisis mode; Bank of England Governor Andrew Bailey told the BBC the development had to be taken "very seriously."
Two months later, the picture darkened for Europe. On June 12, 2026, the US Commerce Department ordered Anthropic to disable Mythos 5 and Fable 5 for all foreign nationals, cutting off around 200 institutions across 15 countries overnight, as Al Jazeera reported. President Emmanuel Macron called the ban a "wake-up call" at the G7. Canadian Prime Minister Mark Carney warned that "we will have done something wrong if we just accept this." On July 1 — six days before Brussels' plan — the Commerce Department reversed itself, a U-turn Chatham House
flagged as a "mixed signal" that "further erodes confidence" in US AI export governance.
That whiplash is what the Action Plan is priced against. Brussels is selling predictability as a public good. European critical infrastructure operators — hospitals, TSOs, clearing houses — cannot plan around a US model that can be unplugged by executive order on a Friday night. A public EU testing platform, run by ENISA and the JRC and anchored in statute, offers them something the US voluntary regime structurally cannot: an evaluation the American executive branch cannot revoke.
The regulatory contrast with Washington
The Trump administration's June 2 executive order — "Promoting Advanced Artificial Intelligence Innovation and Security" — travels in the same policy space but from the opposite direction. It asks AI companies to voluntarily grant the federal government access to "covered frontier models" for a cybersecurity review of up to 30 days before release, coupled with a Treasury-led clearinghouse, according to a Council on Foreign Relations assessment by Chris Miller and colleagues. CSIS characterised the order as "light-touch," an "expansion of existing industry practice" rather than a real regulatory shift, in
an analysis by Gregory Allen and colleagues.
The EU plan is not obviously heavier — it explicitly builds on existing legislation and creates no new statute — but its evaluation capability sits inside a legal framework that already has teeth. The AI Act carries fines of up to 7% of global turnover for prohibited uses and 3% for systemic-risk model breaches. The Cyber Resilience Act imposes product-level obligations enforceable through national market-surveillance authorities. The Digital Operational Resilience Act (DORA), whose oversight framework the IMF assessed as needing to operationalise in early 2026, gives EU financial regulators direct authority over critical ICT third-party providers, including cloud and AI vendors.
Put together, the EU is stitching a de facto pre-market cybersecurity review for frontier AI out of five existing regulations, then giving it a laboratory. The White House is running a bilateral, discretionary review out of the executive branch. The regime difference is the story.
Who wins, who loses
The obvious loser is the US frontier lab that expected the AI Act to be enforced softly. OpenAI, Anthropic, Google DeepMind and xAI now have a second, independent evaluation gate to walk through — after the AI Security Institute in the UK, after the US Commerce Department's Center on AI Standards and Innovation, and now after ENISA. Providers of "GPAI models with systemic risk" — the Article 55 category — will be subject to model evaluation, adversarial testing and mandatory cybersecurity protection, requirements that CSIS's Laura Caroli described as effectively demanding a pre-market external risk assessment.
The less obvious winner is the European AI-security services stack. The Commission is coupling the plan with an "EU Grand Challenge on AI for cybersecurity" and channelling procurement toward the AI Factories and future Gigafactories, initiatives whose scope was set out in the April 2025 AI Continent Action Plan and analysed by CSIS. Paris-based Mistral is the immediate beneficiary — the Al Jazeera reporting identifies it as "the EU's only major homegrown frontier-model competitor" — but so are cybersecurity incumbents such as Thales, Airbus CyberSecurity, Sopra Steria and the sovereign-cloud coalition around Gaia-X, all of which now have a plausible product story to sell European critical-infrastructure operators looking for AI security tools that will not be revoked by Washington.
The second-order winner is Beijing. When Commerce banned Mythos and Fable, CSIS's Emily Benson and colleagues warned that "the inaccessibility of the most powerful AI models provides an opportunity for China to make inroads on international adoption of its models." The EU testing regime does not solve that; if anything, by increasing compliance friction for US labs it accelerates the pluralisation of the global model market that DeepSeek's V4 release — which the CFR's
Sam Winter-Levy noted sits three to six months behind US frontier models — was already normalising.
The clear loser is the illusion that the EU can regulate frontier AI on the cheap. Chatham House researchers Rowena Wilkinson and colleagues, in a March 2026 report, noted that the AI Act allocated just €1 billion for its enforcement and implementation while industry estimates put 2026 hyperscaler capital spending at $527 billion globally. ENISA's staffing gaps in cyber-risk expertise, flagged in the IMF's DORA review, will not be filled from the same labour market where private labs pay multiples of civil-service wages. If Brussels wants a credible AI evaluator by 2027, the number to watch is the Multiannual Financial Framework 2028–2034, whose first draft proposals landed in autumn 2025.
The Brussels Effect, this time with cyber
There is a further political calculation. The Commission has watched the "Brussels Effect" — its ability to set global regulatory standards through market power — sputter on AI. Chatham House notes that "many potential emulators of EU regulatory approaches have turned elsewhere," to bilateral deals with Washington or Beijing. The Action Plan is designed to work through a different vector: not by exporting rules but by exporting a public evaluation service.
If ENISA-branded model evaluations become a credential foreign regulators trust — the way EMA drug approvals became a benchmark for smaller health authorities — the EU acquires soft power the US cannot match through executive orders. That is why the plan's most consequential paragraph is not the one on evaluation but the one on the "European Blueprint" for secure access to advanced AI for cybersecurity purposes: a template designed to be copied.
The European Parliament will quiz the Commission on the package in plenary, according to its own agenda. Expect member-state pushback on funding and on the perennial question of whether ENISA — whose 2019 mandate was reinforced but whose resources, as EUR-Lex's
Cybersecurity Act evaluation concedes, have been strained by delays and complexity — can operate a frontier-model testing platform by 2027 without a fresh mandate revision. France and Germany will want the platform's compute anchored in national supercomputers; smaller states will want assured access.
What to watch next
- August 2, 2026. AI Act obligations for general-purpose AI models with systemic risk start applying. The first enforcement decision — plausibly against a US lab — will define how aggressive Brussels intends to be.
- September–October 2026. European Parliament plenary debate and Council conclusions on the Action Plan. Watch whether member states commit fresh money or repackage Digital Europe Programme funds (€1.9 billion for cybersecurity through 2027).
- Q4 2026. ENISA's operational blueprint for the secure testing platform; JRC procurement notices for compute.
- 2027. EU evaluation capability declared operational; Cyber Resilience Act obligations for hardware and software products become applicable.
Diplomat View
The Action Plan will not, on its own, close the capability gap between EU regulators and US frontier labs — the €1 billion enforcement envelope against $527 billion in hyperscaler capex is not a rounding error, it is a category mistake. But that is the wrong test. The plan's value is diplomatic, not technical: it gives European critical-infrastructure operators a public, statutory alternative to a US voluntary regime that Washington has now demonstrated it will weaponise on notice. Expect the Anthropic episode to be cited in every industrial-policy paper coming out of Paris and Berlin for the next 18 months, and expect Mistral, Thales and the Gaia-X coalition to convert that narrative into contracts. Our forecast: the Commission's evaluation capability will slip past its 2027 target — ENISA hiring and JRC procurement point that way — but the AI Act's August 2 obligations, combined with the political oxygen from the Mythos affair, will produce at least one high-profile enforcement action against a US frontier lab before the end of 2027. Revision conditions: if the US and EU strike a mutual-recognition deal on frontier-model evaluations (a live proposal inside the G7 "trusted partner" track), the plan's leverage collapses and Brussels reverts to being a rule-taker; if China ships a Mythos-equivalent open-weight model before ENISA is operational, the political demand shifts from evaluation to outright deployment restrictions, and this plan will look undersized.
The bottom line
The bottom line: the EU is not trying to build a better frontier model — it is trying to become the world's trusted evaluator of everyone else's. In a market where the US will ban and unban access at 24 hours' notice and China will race to fill the gap, being the neutral laboratory is the most defensible piece of AI sovereignty Europe can realistically claim by 2027.
Discover more

Tech Policy
OpenAI's GPT-5.6 Launch and US AI Control
OpenAI's GPT-5.6 release on July 9, 2026, marks a shift to US preclearance for AI models, reflecting new government oversight.

Tech Policy
Mexico's Cybersecurity Plan Faces World Cup
Mexico's National Cybersecurity Plan faces challenges as the World Cup reveals gaps in defense against cyber threats, including AI-driven breaches.

Tech Policy
Kash Patel's 113 Spy Arrests Explained
FBI's Kash Patel claims 113 spy arrests, but the numbers reflect a shift to semiconductor export enforcement amid unresolved cyber threats.

Tech Policy
Iran's MuddyWater Exploits Ransomware Tactics
Iran's MuddyWater APT disguises espionage as ransomware, challenging global cybersecurity frameworks established since 2021.