European Cybersecurity Skills Framework

ECSF Profile Icons Banner.png

The cybersecurity workforce shortage and skills gap is a major concern for both economic development and national security, especially in the rapid digitization of the global economy.

The development of a European Cybersecurity Skills Framework is an essential step towards Europe’s digital future.

Europe lags behind in the development of a comprehensive approach to define a set of roles and skills relevant to the cybersecurity field, as described in the ENISA Report “Cybersecurity Skills Development in the EU”. Though cybersecurity is a worldwide challenge affecting all countries, there are many differences in the ways it is approached by each state. For this reason, existing national cybersecurity frameworks may be incompatible or in general not targeted to the European needs, laws and regulations.

The development of a European Cybersecurity Skills Framework that would take into account the needs of the EU and each one of its Member States is considered an essential step towards Europe’s digital future.

The European Cybersecurity Skills Framework aims to create a common understanding of the roles, competencies, skills and knowledge used by and for individuals, employers and training providers across the EU Member States, in order to address the cybersecurity skills shortage. Additionally, it will help to further facilitate cybersecurity-related skills recognition and support the design of cybersecurity-related training programmes for skills and career development. Consequently, the European Cybersecurity Skills Framework will boost employment and employability in cybersecurity- related positions.

The ECSF resulted from the joint work of ENISA and a relevant Ad Hoc Working Group on the European Cybersecurity Skills Framework. The Group was formed in July 2020, following an ENISA public call for the creation of a multi-disciplinary group of experts that would promote harmonization in the ecosystem of cybersecurity education, training, and workforce development and develop a common European dialect for cybersecurity skills. The Ad Hoc Working Group on the European Cybersecurity Skills Framework began working in December 2020, analysed - in a methodological manner - other frameworks available at national, European and international level, and conducted a market analysis.

On April 5, 2022, a consolidated draft version of the European Cybersecurity Skills Framework was presented to the public through a webinar, during which the framework structure and benefits were presented, along with various use cases.

Following its presentation, ENISA is now releasing the draft version of the European Cybersecurity Skills Framework, along with the explanatory material presented during the webinar:

On 20 & 21 September 2022, ENISA will organize a conference titled “Cybersecurity Skills - Building a Cybersecurity Workforce”.  National, European and international stakeholders will meet in Athens and share best practices in building a cybersecurity workforce, in order to tackle current and future cybersecurity threats. The ENISA Ad-Hoc Working Group on Skills Framework will also present the final version of European Cybersecurity Skills Framework (ECSF), which is a tool that will sustain the effort to build a skilled and diverse cybersecurity workforce.

An open call for speakers to contribute to this conference has been launched. Should you be interested in contributing, please fill in the application form by 15 June 2022.

The draft agenda and the registration page are available here.

ECSF Next Steps.png

For any questions or further enquiries please contact us at

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information