Enhancing the Resilience of Critical Infrastructures in Europe: Key Takeaways from the ATLANTIS and SUNRISE Projects

As Europe faces increasingly complex risks — from pandemics and cyberattacks to climate change and hybrid threats — the resilience of critical infrastructures (CI) has become a central concern for EU institutions, industry leaders and society. In response, the EU has supported two major research and innovation projects under the Horizon Europe programme: ATLANTIS and SUNRISE.

Launched in 2022, both projects bring together public and private sector experts to strengthen the protection of essential services across Europe. Through large-scale pilot activities in key sectors, including transport, energy, water, health, and finance, they have developed, tested and validated innovative tools and strategies to improve crisis preparedness and response capabilities.

Policy recommendations for a more resilient Europe

The two projects have jointly published a policy brief offering actionable recommendations to support EU and national decision-makers, regulators, and infrastructure operators. Based on real-world testing and aligned with evolving EU policy frameworks, the brief calls for:

• Scenario-based preparedness planning: Regular, cross-sector simulations of systemic threats, from pandemics to climate-related crises, can help identify cascading risks and critical interdependencies. These exercises should align with the NIS2 and CER Directives to foster a common operational culture across Member States.
• Deployment of AI-driven Decision Support Systems (DSS): Integrating real-time, cross-sectoral data into AI-enhanced tools will support faster, evidence-based decisions during emergencies. To ensure effectiveness, EU-wide harmonization, training, and capacity-building are essential.

Vicomtech’s contribution: AI models for real-time cyber risk assessment and tools to interpret neural network security.

Vicomtech contributes to ATLANTIS through two main lines of work. First, it is developing a cyber risk assessment methodology for network communications that considers real-time risks based on AI models, as well as cascading effects. Second, it is creating explainability and interpretability tools that allow AI experts to assess the security of trained neural network models by exploring the behaviour of the model’s internal filters.

Key challenges and policy alignment

Despite progress, several barriers remain. A lack of harmonized standards, limited data sharing, outdated technologies, and slow implementation of EU directives (such as NIS2) continue to hinder coordinated responses. ATLANTIS and SUNRISE aim to address these gaps while supporting EU policies including the Cyber Resilience Act, AI Act, and the EU Disaster Resilience Goals.

Shared commitment for long-term impact

The joint policy brief was presented at a dedicated workshop on Standardisation and Policymaking (SPM) held on 10 December 2024. The event brought together key stakeholders, including the European Commission (Joint Research Centre), international organisations (e.g. OECD, United Nations University), and members of the ECSCI community. It marks the start of an ongoing collaborative effort to build a more unified and risk-informed approach to protecting Europe's critical infrastructure.

This publication is part of a wider SPM initiative, with two additional policy briefs to be released by July 2025. These will address specific political impact areas identified by ATLANTIS, including information sharing for collaborative risk management, the role of space technologies in DSS, and the integration of security standards across traditional, cyber, and natural hazard domains.

This coordinated effort reflects the shared commitment of the ATLANTIS and SUNRISE projects to inform and support evidence-based policymaking, encourage cross-sectoral dialogue, and promote the adoption of harmonized standards and innovative tools for CI protection and resilience across the EU.