Citizens, companies and governments across the European Union agree that everyone should be free to live their lives and use technology without fear that their information will be stolen or held ransom by cybercriminals or other malicious actors.

But with each passing week, cyber threats are growing more costly and more aggressive, undermining the trust essential to a vibrant, inclusive digital society. This is a moment that calls for international leadership, which is why it’s notable that the European Commission has featured security at the center of its vision for digital transformation.

Today, Google is publishing a set of recommendations and white paper supporting the Commission’s efforts, and we commit to extending our full capabilities to help secure Europe’s “digital decade”.

The need

We applaud the European Commission’s effort to meet this moment, and believe that companies should step up to do their part as well.

The stakes have never been clearer. Even before Russia’s invasion of Ukraine — a ground assault accompanied by an attack on Europe’s cyberspace — there were troubling signs that Europe’s democratic values were being challenged by authoritarian governments.

I spoke about the importance of these values recently at the Copenhagen Democracy Summit. Democracies provide fertile ground for advances in science and technology. Technology owes its success to the conditions — openness, pluralism, free exchange — that democracy creates, enabling inventors to take risks and pursue new avenues for inquiry and collective innovation. So it’s no surprise that Ukraine’s tech sector thrived in recent years under the flag of a free European democracy.

But how can technology, in turn, contribute to the defense of Europe’s digital space? We have been reflecting on lessons we learned the hard way more than a decade ago, and how we used them to create a next-generation security infrastructure.

In the months ahead, we plan to share our experience in proactive digital defense with leaders in Europe. We are keenly aware of our responsibility to support the work of Europe’s democratic governments and institutions on economic progress, national security, and defense of the public square.

Google’s role

Our white paper recommends several areas where the European Union can make progress in securing Europe’s digital space, including:

  • Open security: Driving European resilience through “open security,” on the principle that openness and interoperability encourage scrutiny, threat sharing, and rapid adoption of best practices and new technologies.
  • Security by default: Promoting systemic investments in digital transformation, zero-trust architectures, and operating systems and devices that are secure by default, helping organizations overcome an overreliance on outdated and hard-to-patch technology infrastructures and devices that lie open to risks of espionage and extortion.
  • Partnership: Engaging partners by facilitating public-private threat information exchanges and briefings involving EU policymakers and technical experts — and by increasing dialogue to explore new areas of cooperation, such as applying artificial intelligence to improve security.
  • Encryption: Prioritizing strong encryption as superior means of protecting sensitive data compared to data localization requirements, which can have the unintended effect of actually undermining security and resilience.

These recommendations reflect both our decades of security expertise and our deep interest in the EU’s digital defense. Some of our leading security initiatives, and top security researchers, are based in Europe.

At the Google Safety Engineering Centers (GSEC) in Munich and Dublin, Google engineers don’t just talk about digital safety, they build it. And they do so on Europe’s distinctive strengths: respected technical universities, many thousands of Google employees, and top expertise in fields including privacy and computer science.

VirusTotal, a Google team that began as a small Málaga-based startup in 2004 and grew into a European champion before its acquisition by Google in 2012, helps millions in the public sector, commerce and research to understand malware and cybersecurity trends. In 2023, VirusTotal will open a brand new headquarters in the heart of Andalusia’s tech hub.

And, as we announced last week, Mandiant, one of the world’s premier cybersecurity teams, has now joined Google — bringing with it hundreds of industry-leading European experts in the field of threat intelligence and incident response.

These teams and others like them will ensure we’re countering tomorrow’s challenges with tomorrow’s tools. And our commitment to Europe’s digital security will be accompanied by a commitment to collaboration — building on the kind of innovation that has always made democracies stronger than their adversaries.