COcyber National Case Studies Booklet on Cybersecurity Technology and Information Transfer

This deliverable presents a consolidated overview of the cybersecurity landscapes of Lithuania, Spain, Hungary, and Slovenia, focusing specifically on how each country organises technology transfer, supports the development of cybersecurity capabilities, and structures national mechanisms for sharing information and managing dual-use innovation.

Developed within the COcyber project under Work Package 4 and led by AMETIC, it brings together the key national characteristics that shape governance, institutional maturity, innovation ecosystems, and operational practices in these Member States. By comparing these distinct environments, the report provides a clear picture of the differences that influence how cybersecurity knowledge, technologies, and structures evolve across Europe, highlighting the elements that enable progress and those that continue to limit national and cross-border development. 

                                              Read the full report

National Cybersecurity Contexts

The four national case studies reveal distinct trajectories shaped by institutional design, regulatory choices, and levels of stakeholder coordination:

• Lithuania demonstrates strong alignment with EU norms, a centralised governance model, active CERT coordination, and increasing investment in research and development.
• Spain operates within a mature regulatory framework and benefits from multi-stakeholder participation, innovation clusters, and high levels of international engagement.
• Hungary completed NIS2 transposition early but through a national model that differs significantly from other Member States, influencing how obligations and supervisory practices operate.
• Slovenia continues to strengthen its system through updated legislation and emerging ISAC

Technology Transfer and Information Sharing

The report shows that the conditions enabling effective technology transfer differ substantially among the four countries. Spain and Lithuania benefit from stronger innovation ecosystems supported by digital hubs, academic–industry collaboration, and sector-specific clusters. These environments create clearer pathways for cybersecurity technologies to move from concept to operational deployment. Hungary still contends with regulatory fragmentation and institutional gaps that complicate the transfer process, while Slovenia lacks the financial incentives and comprehensive institutional linkages needed to mobilise innovation at scale. These disparities illustrate why technology transfer in the cybersecurity field remains uneven across the EU.

Information-sharing mechanisms show similar variation. Lithuania and Spain have well-established practices grounded in structured CERT activity and, in Spain’s case, robust platform-based exchange and international cooperation. Hungary performs better within its public-sector structures than across sectors, reflecting varying levels of trust and engagement. Slovenia is gradually developing sector bridges, but the absence of a fully centralised intelligence hub limits the system’s cohesion. These differences underline the importance of trust, interoperability, and stable governance arrangements for effective information exchange. 

Dual-Use Technologies

The treatment of dual-use cybersecurity technologies, those relevant to both civilian and defence domains, varies considerably across the four Member States. Lithuania and Spain provide clearer definitions and incorporate dual-use considerations directly into their innovation policies, creating more predictable conditions for development and commercialisation. 

Hungary approaches dual-use predominantly from a defence perspective, which narrows opportunities for civilian application and innovation. Slovenia recognises the relevance of dual-use technologies but lacks operational frameworks and incentives to translate this recognition into practical outcomes. These inconsistencies across Member States highlight the need for greater clarity and harmonisation in national and EU-level approaches to dual-use cybersecurity capabilities. 

Final Remarks

Across the four national contexts, COcyber’s analysis points to a shared need for stronger governance structures that establish clear coordination between civilian and defence stakeholders. Divergent legal and regulatory interpretations also hinder cooperation, making harmonisation an essential step to reduce fragmentation and facilitate technology mobility.

Improving trust-based information sharing, supporting innovation ecosystems, and clarifying dual-use frameworks collectively contribute to a more coherent European cybersecurity environment and enhance the ability of Member States to respond to evolving cyber threats.