Language switcher

You are here

European Union Members Share Advice on Cyber Security of Elections

Over 20 EU Member states have together compiled a compendium on cyber security of democratic processes. The document is a broad set of practical and workable measures that can be applied by both election management bodies and cyber security authorities.

“Elections are crucial to the functioning of representative democracy and election processes being compromised can delegitimize a whole political system. At the same time, elections have become an increasingly frequent target in the modern digital era, coming under attack across the globe,” highlights the compendium drafted under the auspices of the Cooperation Group of the Network and Information Security (NIS) Directive. 

The guidelines take a comprehensive view of cyber security of elections, starting with candidate and voter registration and ending with broadcasting the results. Cyber-enabled threats, often combined with information operations, must be reflected in election planning and risk management, emphasize the authors. “All elections are expected to be free, open and fair, and based on secret ballot; technology cannot be introduced at the cost of compromising these requirements,”  the document highlights. Even electoral systems that exclusively rely on pen and paper in voting can take advantage of digital tools and services in compiling voter rolls, candidate registration or result tabulation and communication, the compendium explains. 

The compendium on cyber security of election technology is designed to share experiences and provide guidance as well as give an overview of tools, techniques and protocols to detect, prevent, and mitigate such threats.

It is a broad sum of guidelines that are based on the experiences and best practices of contributors. Thus, cyber security measures are reviewed as pertaining to:

  • the specifics of European Parliament elections, including the communication of results from capitals to the European Parliament;
  • universal development and security principles as applicable to election technology, including testing and auditing;
  • security measures specific to elections;
  • voter and candidate registration and databases;
  • electronic tools used in gathering or aiding the gathering of votes;
  • digital tools to transmit, process and count votes;
  • systems to publish or communicate election results;
  • relevant auxiliary systems and services.

More than 20 EU Member states as well as the European Commission, ENISA and the staff of the European Parliament contributed in an effort led by the Estonian Information System Authority and Cyber and Information Security Agency of the Czech Republic.

The compendium on cyber security of the election process (1.24 MB, PDF)

For more information, please contact the lead editors Liisa Past of Estonian Information System Authority (liisa.past(at) or Viktor Paggio of Czech National Cyber and Information Security Agency (v.paggio(at)

More news on the same subject


Head of RIA: last year was proof that securing the digital lifestyle requires investing in the security of information systems

6.6.2018 – The number of cyber incidents registered in Estonia has been increasing for several years. There are several reasons for this.


Estonia Offers Recommendations in the Light of eID Vulnerability

14.5.2018 – Estonian Information System Authority reviews the recent crypto vulnerability and offers recommendations to improve readiness for similar cases. The ROCA (Return of the Coppersmith Attack) cryptographic vulnerability became known in the autumn of 2017 and is a weakness that would have eventually allowed the private key of a key pair to be calculated from the public key in affected devices. In the Estonian electronic identity scheme, it made it theoretically possible to impersonate a user and sign or decrypt documents.