06 December 2019

Cybersecurity plays a fundamental role in ensuring that advantages, rather than risks, arise from the digitalisation of our society.


If we try to define what cybersecurity is, however, we soon realise that there is not, yet, a standardised definition, nor a clear identification of its domain of application.

This consideration lies at the origin of the technical report by JRC (the European Commission’s science and knowledge service), proposing an alignment of terminologies, definition and domains related to cybersecurity into a consistent taxonomy.

The concepts have been selected from an extensive literature review and with the help of key EU cybersecurity stakeholders including ECSO.


The European Common Cybersecurity Taxonomy is based on evidence for:

  • supporting knowledge management activities
  • enabling effective communication among EU institutions and the cybersecurity community
  • serving as a cornerstone in future cooperation efforts among cybersecurity stakeholders
  • supporting the governance of future EU initiatives

The first application of this taxonomy will be on defining cybersecurity competencies, also leading to an increased competitiveness of EU cybersecurity capabilities.

The taxonomy is organised with a three-dimensional approach, associating Knowledge domains, Sectors and Technologies/Use Cases.

  • Research domains represent different areas of knowledge, including human, legal, ethical and technological aspects.
  • Sectors refer to the application domain of the cybersecurity assets (for example health, energy or transport).
  • Technologies and Use Cases represent the technological enablers to enhance the development of the different sectors.

Four pilot projects were selected to assist the Commission: the four cybersecurity competence centres ECHO, CONCORDIA, SPARTA and Cybersec4Europe, counting over 160 members from industry and academy.


Click here to access the full report.