Defence capability planning has historically run on a separate vocabulary from civilian cyber resilience work, even when the underlying technical capabilities overlap. The v3 framework makes that overlap explicit in places — incident response, threat intelligence, secure communications — and is therefore a natural anchor when civilian agencies and defence ministries try to build shared exercises, shared catalogues of suppliers or shared workforce pipelines.

The ENISA Threat Landscape is the reference reading for risk teams, national authorities and EU institutions when prioritising defensive investments and incident-response capacity. It is included in DECEO as a synergy outcome because COcyber stakeholders use it as a shared baseline when assessing civilian-defence overlaps in threat actor activity and in critical-sector exposure.

COcyber spent two years observing how civil-defence cyber cooperation works in practice across the Union, and the recommendations turn that into specific asks: which instruments to align, which governance gaps to close, which incentives are missing. The document is meant for the next Multiannual Financial Framework cycle and the implementation of the Cyber Solidarity Act, so it speaks the language of programme owners rather than of researchers.

EU cybersecurity funding is delivered through dozens of programmes and instruments, and project teams spend significant effort discovering peer initiatives by accident. The mapping makes those connections explicit, identifies where COcyber feeds into ECCC, ENISA, EDA and CCN activities, and gives the Commission a structured view of where the next coordination effort should focus. The prioritised list is updated as collaborations mature.

Most cross-community events are organised one at a time and lose their learning. The toolkit captures the operational know-how — agenda patterns, role briefs, Chatham House framings, follow-up templates — so partners across the consortium and the wider community can run their own events without restarting from a blank page. It is designed for non-specialist organisers as much as for experienced facilitators.

Hackathons are usually civilian or defence, rarely both. Running them in the same room — virtually — produced two outcomes that mattered: it surfaced real, operational problems where the two sides clearly benefit from talking, and it gave young teams a way into the dual-use space that does not require an existing security clearance or industry contract. The event itself is one-off; the team list, the challenges and the open-source artefacts are the lasting outputs.

Civil-defence cooperation in cybersecurity is often blocked not by policy but by the lack of usable templates: who signs what, what can and cannot be shared, how to run a joint exercise, how to handle classified outputs. The guidelines collect what works into checklists, role descriptions and reusable governance patterns, so organisations spending public money on coordination can build on a shared baseline rather than reinvent it each time.

Member States approach civil-defence technology transfer in very different ways, and most of that experience is invisible at EU level. The case studies surface concrete arrangements, governance mechanisms and incentives that have been tried in four different countries, so other Member States and EU programmes can learn from them rather than redesign from scratch. The cases are written for practitioners — ministries, agencies and clusters — not just academic readers.

Cybersecurity policy is usually discussed one dimension at a time — a new regulation here, a market trend there. This report puts the six dimensions side by side so decision-makers can see how, for instance, the Cyber Resilience Act, skills shortages and dual-use export rules interact. It is meant as a working document for impact assessments, market studies and strategic roadmaps rather than a one-off academic snapshot.

The European cyber landscape is large, fragmented and changing. The map gives policymakers, project officers and prospective collaborators one shared picture of who does what and how they are connected, so funding decisions and partnership choices can start from facts rather than personal networks. It is also designed to interoperate with the ECCC Cybersecurity Atlas and the ECCO knowledge base, so its data does not stay locked inside COcyber.