Cyber Europe 2026 tests the revised EU Cyber Blueprint and triggers the first live activation of the EU Cybersecurity Reserve

The eighth edition of ENISA's biennial Cyber Europe exercise ran on 10–11 June and put the 2025 EU Cyber Blueprint to the test alongside the first exercise activation of the EU Cybersecurity Reserve established under the Cyber Solidarity Act (ENISA, 2026-06-11). More than 5,000 participants from national cybersecurity agencies, EU institutions, the private sector and partner countries — including Switzerland, the UK, Norway and Ukraine — worked through a multi-stage scenario in which attacks on interconnected European rail and maritime transport networks escalated into a declared cross-border cyber crisis (Brussels Morning, 2026-06-11). The drill exercised the Reserve's standard operating procedure — the pathway by which a Member State CSIRT can request pre-vetted incident-response services and ENISA activates them within hours — and the political-level escalation procedures of the Blueprint.

Why it matters to us: Swiss federal defenders (BACS/NCSC-CH) took part as a partner country, and the scenario (ransomware against cross-border transport OT layered with disinformation) maps directly onto the threat picture in ENISA's NIS360 and NCSC-CH's mandatory-reporting data. Knowing the Reserve activation pathway — who can invoke it, the severity threshold, and the hours-scale SOP — is the operational takeaway for anyone who might one day need EU-level surge support during a major incident.