ENISA serves as the CyCLONe Secretariat boosting cooperation among national Cyber Crises Liaison Organisations.


The European cyber crisis liaison organisation network (EU-CyCLONe), is a cooperation network for Member States national authorities in charge of cyber crisis management. The network was launched in 2020 and formalized on 16th of January 2023 with entrance into force of NIS2 art 16.

The aim is to collaborate and develop timely information sharing and situational awareness based on tools and support provided by the EU Agency for Cybersecurity, which serves as the CyCLONe Secretariat. The Chair is a representative of the MS holding the Presidency of the Council of the EU.

EU-CyCLONe is composed of the representatives of Member States’ cyber crisis management authorities as well as, in cases where a potential or ongoing large-scale cybersecurity incident has or is likely to have a significant impact on services and activities falling within the scope of this Directive, the Commission. In other cases, the Commission shall participate in the activities of EU-CyCLONe as an observer.

The main tasks of EU CyCLONe are to:

  • Support the coordinated management of large-scale cybersecurity incidents and crises at operational level and to ensure the regular exchange of relevant information among Member States and Union institutions, bodies, offices and agencies;
  • Increase the level of preparedness of the management of large-scale cybersecurity incidents and crises;
  • Develop a shared situational awareness for large-scale cybersecurity incidents and crises;
  • Assess the consequences and impact of relevant large-scale cybersecurity incidents and crises and propose possible mitigation measures;
  • Coordinate the management of large-scale cybersecurity incidents and crises and support decision-making at political level in relation to such incidents and crises;
  • Discuss, upon the request of a Member State concerned, national large-scale cybersecurity incident and crisis response plans.

ENISA provides the Secretariat, infrastructures and tools to enable effective cooperation to respond to large scale and cross-border cyber incidents, attacks and crisis.

ENISA also supports the organisation of exercises for CyCLONe members, such as CySOPex (played by officers) and BlueOLEx (played by executives). These exercises aim to identify improvements and potential gaps in the standardised way of responding to incidents and crises (i.e. Standard Operating Procedures), train on situational awareness and information sharing processes.

Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies