Milan Sekuloski: Securing the digital future of the Western Balkans

Very few would dispute the claim that the future of Western Balkans’ socio-economic development is profoundly shaped by two key factors: the speed and success of EU integration, and the ability to effectively harness the potential of digitalisation and the new technologies.

As of 2023, the Western Balkans’ EU accession path is marked by a “multi-speed” momentum, driven by the €6 billion Growth Plan. The plan has begun releasing funds in addition to the existing IPA programmes to all six regional partners as they meet specific reform milestones.

Montenegro remains the clear frontrunner, targeting EU membership by 2028. Elsewhere in the region, progress varies, with some countries advancing through reforms and negotiations while others continue to face challenges related to constitutional changes, alignment with EU policies, and ongoing dialogue processes.

Over the past decade, digital transformation has emerged as a critical pillar of  socio-economic development in the Western Balkans, with all six economies accelerating their digital transitions to align with EU standards and position themselves to better harvest the opportunities arising from the European Digital Single Market and global economic and technological trends.

Across the region, the ICT sector is economically outperforming many traditional industries, acting as a primary engine for convergence with the European Union.

The change is observable in the public sector as well: integration of e-governance platforms aims at transforming once-clunky public bureaucracies into streamlined, transparent, and citizen-centric digital ecosystems.

Focusing on cybersecurity

However, the growing reliance on digital solutions also means that threats targeting digital infrastructure and services have become one of the key external risks to the region’s long-term prosperity. This makes cybersecurity an indispensable “shield” for the Western Balkans.

Cybersecurity capacity building has been viewed (and practised) for decades via the ’golden triangle’ of people, processes, and technologies. When we apply that principle to the realities of the Western Balkans, we can note the following:

• Technologies and technological trends are not shaped by, nor in full control of the region.What the region can do in this domain is to make sure to plan to continuously invest in new technologies, not just by buying hardware, software, and services, but also by enabling people and processes that can effectively use them to produce added value.

• Processes for managing cybersecurity risks, particularly those to the vital parts of regional economies, will be profoundly defined by the EU’s evolving cybersecurity acquis. Regardless of EU integration plans and paths, all regional economies are deeply reliant on the EU market and stakeholders. To benefit from the increasingly interconnected and regulated EU digital economy, they must align as closely as possible with its rules and standards. Hence, complying with EU cybersecurity acquis, such as the EU’s NIS2 directive, but also other pieces of EU laws, for the Western Balkans region should not be merely an issue of ‘ticking the box’. Instead, it should be a full implementation of all rules and best practices that ensure the unobstructed economic development.

• People remain the most critical element. The next phase of the region’s economic development will depend not so much on laying more cables and opening datacentres, as on urgently upskilling the population to participate in this new economy. The shortage of cybersecurity cadre is another global challenge: rapidly evolving technologies, high levels of stress, and public-private sector salary discrepancies shape this fact. The issue is further heightened by the region’s enormous ‘brain-drain’ and general depopulation. In addition, the region badly needs to ensure that it creates enough cybersecurity-savvy people entering national and regional workforce polls to secure an increasingly digitised economy and society.

Four-year milestones

Since 2022, eGA is playing a pivotal role in transitioning the region from fragmented security to collective resilience. Through the EU-funded “Cyber Balkans” and “Cybersecurity Rapid Response” projects, eGA experts have contributed to all three aspects of cybersecurity capacity building.

These projects have helped the region harmonise local laws with the EU NIS2 Directive and create preconditions for their effective implementation.

Together with our project partner CILC from the Netherlands we supported the development of over 30 laws and by-laws, aimed at effectively transposing the NIS2 directive in Albania, Montenegro, North Macedonia and Serbia.

Our support went beyond legal transposition. In all six project beneficiaries (Albania, Bosnia and Herzegovina, Kosovo, Montenegro, North Macedonia and Serbia), it included risk mapping tools and exercises, peer learning with EU Member States, and collaboration with non-governmental and academic sectors to raise awareness through the “KnowCyber” grant scheme and knowledge-sharing portal.

Concrete institutional breakthroughs include the establishment of the Government Security Operations Centre (GSOC) in Montenegro and a similar facility in North Macedonia to monitor and mitigate real-time threats.

The support provided by the projects included multiple aspects from advisory, procurement of state-of-the-art technical equipment, to training and practicing the effective use of the newly obtained resources.

Additionally, national CERTs of Albania and Serbia got access to a cloud-based learning and exercising platform to strengthen both their own and their constituents’ technical knowledge and skills.

Data goes through machines and computer networks. But actionable information only through people’s networks of trust. Over 1,000 regional experts have gone through tailor-made and internationally certified cybersecurity trainings via the EU-funded eGA projects since 2023.

A standout success of eGA’s projects were regional hands-on technical exercises, with the Western Balkan Cyber Connect 2025 bringing together over sixty experts in Tallinn for the first whole-of-region cyber defence simulation.

What comes next?

As of 2026, the EU support for the cybersecurity capacity building in the Western Balkans region will significantly grow.

The European Commission announced the new ENISA implemented project for the region, as well as increased support for the Western Balkans Cybersecurity Capacity Centre (WB3C) established in Podgorica.

In the coming three years, eGA will implement the ‘Cyber Balkans II’ project, a new iteration of the capacity building initiative which started in 2023.

Building on the successes of the previous edition, the project introduces new areas of support and new partners.

In addition to existing partners from the Czech Republic (NUKIB), the Netherlands (CILC), national Computer Emergency Response Teams (CERTs) of Latvia and Slovenia, and of course Estonia, the new iteration will introduce a partner from Finland, HAUS. This will be a strong mix of European Union and local experts that eGA will be thrilled to collaborate with.

Thematically, the ‘Cyber Balkans II’ project will keep the focus on further alignment with the evolving EU acquis (looking beyond the NIS2 transposition), help build more local people trust networks and partnerships, increase operational capabilities for effective incident management and information sharing, but as a new topic, look into the ways we can support new opportunities for cybersecurity talent creation and retention in the region.