The internet age has brought the civilian and military worlds closer than ever – the EU needs to catch up

While the internet may not have united the world, it has made our actions and environments more similar; people from Svalbard to Johannesburg are responding to the same viral TikToks, getting deluged with unwanted emails, and sharing secrets in chats in everything from Esperanto to Ossetian. Digital behaviours often cross other borders as well: both civilians and military personnel are, officially and unofficially, online. The barbed wire of a military installation may establish it as a thing apart from the world outside, but there is commonality in the digital spaces we all occupy that defies and transcends such separation, blurring the lines between the two spaces. 

Cyberattacks targeting critical infrastructure, from ports to the energy sector, mirror an intertwining of civil and military spheres, as both are required to coordinate responses. This is also reflected in forums such as panels on EU-level civil-military cooperation in cybersecurity at CyberCon25; in EU-funded initiatives like CoCyber, which seeks to enhance exchange and coordination between civilian and defence cybersecurity communities across Europe; and in projects such as ReArm Europe, which channels substantial funding into innovations with both civilian and military applications.

EU cyber policy continues to call for closer civil-military relations, but the institutional rigidity of EU structures often struggles to keep pace with the dynamic nature of digital spaces shared by both civilian and military actors. 

If the EU wants to strengthen its cyber defences, it must move beyond bureaucracy and forge a true culture of civilian-military coordination.

A two-way street

Military and civilian society are connected through cyber operations as well as through engagement in policy and governance. In the past, European security policymaking was largely the domain of civilian actors, with militaries expected to remain apolitical. Now, the European Defence Agency openly acknowledges that military needs are part of the policy conversation, reshaping civil-military relations from the inside out.

Despite their growing interconnection, civilian and military actors in the EU often operate in silos and face significant challenges in working together effectively. Of the 34 Common Security and Defence Policy missions to date, only one has been designed as a joint civilian-military operation. Officially, the rest remain exclusively civilian or exclusively military. 

Existing frameworks rarely foster a genuine culture of collaboration, resulting in gaps that undermine preparedness for emergencies such as public health crises and cyberattacks, as highlighted in the European Preparedness Union Strategy. Meanwhile, militaries are still largely excluded from discussions on emerging technologies like AI – initiatives such as the EU AI Act do not cover the military’s role.

The EU needs to make a cultural shift, moving beyond strict hierarchies and roles toward the agile, flexible approaches that cyberspace demands. At present, civil-military collaboration is reactive, fragmented, and ill-prepared for the realities of modern cyber conflict.

Civil-military relations today 

As the European Union Agency for Cybersecurity (ENISA) notes in its guidance on cyber crisis management, the cyber domain consists of ‘a mixture of conventional and unconventional, military and non-military, overt and covert actions that can be coordinated by state or non-state actors to achieve specific goals, all while staying below the threshold of officially declared warfare’.

This fusion is intended to enable pre-emptive action against threats, accelerate the restoration of essential services when disrupted, and secure the operational integrity of defence functions in the face of cyber aggression.

Building on this logic, European policymakers are investing in dual-use projects, technologies such as software for real-time processing of acoustic data or radar reflectivity, designed to serve both civilian and military needs, on the premise that technological superiority will shape the future of warfare. 

Yet they must be aware that dual-use technologies do more than add new strengths: they fundamentally alter the rules governing the interaction between civilian and military spheres as they create new forms of coordination and interdependence, forcing an urgent collaboration between generals and tech developers, between worlds that rarely move at the same pace or speak the same language.

But what do civil-military relations actually look like in the EU? When discussing EU enlargement, the European Commission emphasises the need to ‘bring the framework of civil-military relations closer to practice in EU Member States,’ grounding it in shared political culture and democratic values. Yet, despite this endorsement, the concept is rarely explored in depth, often limited to issues of civilian control over the military and its budget.

This approach anchors the EU in a model where civil-military coordination is often reactive and developed ad hoc during operations. The Bosnia and Herzegovina experience is a case in point: the initial deployment of a civilian mission, followed by the subsequent launch of a military mission, was marked by significant coordination challenges, with effective mechanisms only being forged experimentally over time. 

While some coordination mechanisms were eventually established, they were half-hearted reforms created under pressure – makeshift solutions rather than fully developed, institutionalised capabilities.

Room for improvement

Two fundamental flaws undermine the EU’s model. It prioritises formal, bureaucratic cooperation over fostering a genuine collaborative culture between civilian and military spheres. Furthermore, its framework is inflexible, designed for a static checklist of requirements rather than the dynamic and varied realities of modern security challenges.

The difficulty lies not in the existence of separate structures but in the lack of genuine interaction between them. Civilian bodies such as the Civilian Planning and Conduct Capability – responsible for strategic planning and oversight of EU civilian crisis management missions – remain largely detached from military counterparts like the Military Planning and Conduct Capability, which handles operational planning and execution of non-executive military missions. The Politico-Military Group, created to bridge this gap through policy recommendations and information exchange, mainly facilitates reporting rather than sustained dialogue, joint decision-making, or integrated civilian-military planning.

Moreover, member states’ varying willingness and capacity to develop coherent cyber strategies directly shape civil-military relations in the EU, as differing strategies require different arrangements, limiting the union’s ability to achieve coordinated governance.

After all, since Article 5(3) TEU enshrines subsidiarity, member states are granted significant leeway in how they conduct their civil-military relations. This flexibility preserves national traditions but also fosters strategic ambiguity and conceptual fatigue.

Time to build a culture of collaboration

For the EU to craft credible cyber policies, it must advance beyond rhetoric to achieve genuine civil-military integration. This requires more than formal structures or committees but a fundamental cultural shift capable of bridging differences in history, priorities, and willingness to work together.

Effective civil-military cybersecurity integration depends on a professional community built on trust, shared language, and skilled personnel. This could potentially be fostered through joint training, personnel exchanges, innovation hubs, and coordinated resource allocation, as frameworks like Permanent Structured Cooperation (PESCO) (which organises cyber rapid response teams and military cyber education platforms) might enable. Refining communication protocols and mapping vulnerabilities could help validate readiness and enhance cross-sector coordination through new initiatives within ENISA. Standardised incident reporting, harmonised technical standards, and joint certification schemes – potentially improved via the European Cybersecurity Competence Network – could establish a common operational grammar, while continuous threat intelligence sharing through diplomatic channels (the European External Action Service) could help civilian and military actors act proactively together in crises. Crucially, efforts such as these would ensure that cooperation becomes a daily habit, rather than an emergency response.

In a world where civilians and militaries share the same digital environments and cyber threats span both domains, the EU must transform ad hoc coordination into a continuous, embedded culture of civil-military collaboration, turning shared digital spaces into shared capacity to act effectively.