Language switcher

You are here

European Union Members Share Advice on Cyber Security of Elections

Over 20 EU Member states have together compiled a compendium on cyber security of democratic processes. The document is a broad set of practical and workable measures that can be applied by both election management bodies and cyber security authorities.

“Elections are crucial to the functioning of representative democracy and election processes being compromised can delegitimize a whole political system. At the same time, elections have become an increasingly frequent target in the modern digital era, coming under attack across the globe,” highlights the compendium drafted under the auspices of the Cooperation Group of the Network and Information Security (NIS) Directive. 

The guidelines take a comprehensive view of cyber security of elections, starting with candidate and voter registration and ending with broadcasting the results. Cyber-enabled threats, often combined with information operations, must be reflected in election planning and risk management, emphasize the authors. “All elections are expected to be free, open and fair, and based on secret ballot; technology cannot be introduced at the cost of compromising these requirements,”  the document highlights. Even electoral systems that exclusively rely on pen and paper in voting can take advantage of digital tools and services in compiling voter rolls, candidate registration or result tabulation and communication, the compendium explains. 

The compendium on cyber security of election technology is designed to share experiences and provide guidance as well as give an overview of tools, techniques and protocols to detect, prevent, and mitigate such threats.

It is a broad sum of guidelines that are based on the experiences and best practices of contributors. Thus, cyber security measures are reviewed as pertaining to:

  • the specifics of European Parliament elections, including the communication of results from capitals to the European Parliament;
  • universal development and security principles as applicable to election technology, including testing and auditing;
  • security measures specific to elections;
  • voter and candidate registration and databases;
  • electronic tools used in gathering or aiding the gathering of votes;
  • digital tools to transmit, process and count votes;
  • systems to publish or communicate election results;
  • relevant auxiliary systems and services.

More than 20 EU Member states as well as the European Commission, ENISA and the staff of the European Parliament contributed in an effort led by the Estonian Information System Authority and Cyber and Information Security Agency of the Czech Republic.

The compendium on cyber security of the election process (1.24 MB, PDF)

For more information, please contact the lead editors Liisa Past of Estonian Information System Authority (liisa.past(at) or Viktor Paggio of Czech National Cyber and Information Security Agency (v.paggio(at)

More news on the same subject


RIA has concluded a Mobile-ID contract for five years

10.5.2022 – To ensure the continuation of the Mobile-ID service, the Information System Authority (RIA) and the certification service provider SK ID Solutions AS (SK) entered into a five-year contract, which will enter into force on 2 July.


Large-scale denial-of-service attacks have ended

29.4.2022 – According to the assessment of the Information System Authority (RIA), the denial-of-service attacks that began on 21 April concluded by the evening of 25 April. The purpose of the denial-of-service attacks was to disrupt the operation of 13 websites, but due to the countermeasures applied, the effect of the attacks was insignificant.