The European Commission has officially launched the ENISA European Vulnerability Database (EUVD), a new platform designed to centralize vulnerability data and enhance cybersecurity across Europe. Managed by the European Union Agency for Cybersecurity (ENISA), the EUVD aims to facilitate the collection, analysis, and sharing of information about security vulnerabilities within the region.
This initiative is aligned with the NIS2 Directive, a forthcoming legal framework aimed at improving security measures for critical infrastructure sectors—including energy, transport, and health—against cybersecurity threats. Additionally, the EUVD supports the implementation of the Cyber Resilience Act, which mandates that digital products distributed in Europe adhere to specific security standards.
Henna Virkkunen, Executive Vice President of the European Commission and responsible for technology sovereignty, security, and democracy, emphasized the significance of the EUVD in safeguarding Europe’s digital environment. She noted that the platform will centralize vulnerability data relevant to the EU market and foster collaboration between public and private sectors, thereby enhancing the protection of the digital ecosystem.
ENISA states that by consolidating data into a single platform, organizations will find it easier to access, analyze, and respond to vulnerabilities, ultimately strengthening cyber defenses throughout the continent. The EUVD features three main dashboards that provide insights into critical vulnerabilities, exploited bugs, and issues coordinated by European Cyber Incident Response Teams (CSIRTs). The platform’s data combines information from open sources with contributions from national CSIRTs.
Starting in September 2026, the European Union will mandate hardware and software manufacturers to report exploited vulnerabilities. While not directly linked to the US Common Vulnerabilities and Exposures (CVE) database, the implementation of the EUVD is seen as a strategic response to potential reductions in US cybersecurity funding. If the CVE system encounters challenges, data from the EUVD could be transferred to ensure the continuity and availability of crucial information for the global cybersecurity community.