The future European cybersecurity strategy, which the Commission plans to present before the end of the summer, left an unusual feeling in the European Parliament on Tuesday: for once, almost nobody questioned the diagnosis.
It seems that the discussion is no longer about whether a European technological gap exists but how much time remains before that gap turns into a structural security problem.
The first to set the tone of the debate in the EP today was the Commission’s executive vice president, Henna Virkkunen, who opened the debate with a far from reassuring message. She admitted that there is “no reason to wait” to adopt advanced cyber defence tools and acknowledged something even more significant: Europe does not want to remain dependent on defence tools developed by others.
Whether it can actually avoid that is another matter. Europe still depends on American technology, foreign infrastructure, and AI models developed outside the continent. And in this debate, the giant shadow hanging over the chamber had a name: Mythos.
The new artificial intelligence system developed by Anthropic repeatedly surfaced during the parliamentary discussion. Several MEPs warned that the system is capable of identifying vulnerabilities in applications and infrastructure at a speed previously unseen. Tasks that once required months of specialised work could now be reduced to days or even hours.
The underlying problem is not only technological. It is geopolitical. Much of the debate revolved around an idea that very few openly articulated just a few years ago: restricted access means strategic dependency. If the most advanced models remain under American control and are only accessible to selected actors, Europe loses control over part of its own digital security.
This is where ideological differences are clear.
Among Patriots and sovereignists, the message was relatively consistent: Europe needs its own industrial base, less regulation, and greater use of existing national technological capabilities before creating new bureaucratic layers. Czech MEP Valeriya Yamanova warned that Europe is “not prepared” and called for real national resilience exercises.
Diego Solier of the ECR was even more direct. His intervention summed up a large part of the conservative bloc’s position: “Artificial intelligence is developing at great speed and we are moving at a snail’s pace.” He also repeated a line heard several times throughout the morning, one that may become increasingly common in the years ahead: “Regulation is not what we need.”
The idea proposed by the Right is to create a European technological fortress built through cooperation between states and national industrial capacity, not necessarily through new centralised structures.
On the other side of the chamber, socialists, greens and part of the federalist groups insisted on expanding common European instruments: new agencies, shared mechanisms, European cyber-defence forces, and stronger central coordination. Some even proposed permanent structures specifically focused on artificial intelligence and digital security.
And once again, it highlighted how every crisis seems to end with calls for more European institutional architecture. More competencies, more coordination, more integration. In Brussels, even the headaches caused by an algorithm seem to be solved through the creation of a new agency.
Yet the most revealing discussion was not about AI models or agencies. It focused on something much more basic: energy, capital, and talent.
Several MEPs repeated uncomfortable figures. China produces up to five million technical engineers every year. The United States concentrates computing power, data centres, and private investment. Europe, meanwhile, continues debating regulation, energy costs, and procedures, while importing low-skilled labour.
The conclusion hanging over Strasbourg was difficult to ignore: Europe wants digital sovereignty, but it is still using other people’s technology to try to build it.
And in security, depending on others usually works … until it no longer does.
