New EUVD Platform Aims to Boost Cyber Resilience Across Europe
The European Union has officially launched the European Union Vulnerability Database (EUVD), a new platform designed to enhance cyber resilience and reduce dependence on the U.S.-based CVE system. Developed and maintained by the European Union Agency for Cybersecurity (ENISA), EUVD will provide aggregated, actionable vulnerability data relevant to European digital infrastructure.
“The EU Vulnerability Database is a major step towards reinforcing Europe’s security and resilience,” said Henna Virkkunen, European Commission Executive Vice-President for Tech Sovereignty, Security and Democracy.
She added:
“By bringing together vulnerability information relevant to the EU market, we are raising cybersecurity standards, enabling both private and public sector stakeholders to better protect our shared digital spaces.”
Launch Follows MITRE CVE Funding Scare
The timing of EUVD’s launch coincides with recent instability surrounding the MITRE CVE (Common Vulnerabilities and Exposures) database, the world’s most widely used vulnerability catalog. On April 16, 2025, the CVE program narrowly avoided shutdown due to expiring U.S. government funding, triggering industry-wide concern.
While the U.S. Department of Homeland Security ultimately renewed CVE funding, the incident exposed the global cybersecurity community’s reliance on a single centralized database. It also spurred the creation of the non-profit CVE Foundation, aimed at safeguarding CVE’s long-term continuity.
Joe Nicastro, Field CTO at Legit Security, commented:
“It makes sense not only from a sovereignty perspective for the EU. I also think it’s a smart move to reduce reliance on a single system whose future funding and viability isn’t clear.”
ENISA’s Interoperable Approach: Cooperation, Not Competition
Rather than replace CVE, EUVD is designed to work in parallel with existing systems. According to Nicastro, who spoke with ENISA COO Hans de Vries at the RSA Conference in San Francisco:
“The ultimate goal is for these two systems to work closely together as opposed to being a replacement.”
One major sign of cooperation is that EUVD maps each entry to existing CVE IDs, ensuring interoperability and practical integration with current vulnerability management tools.
Key Features of the EU Vulnerability Database
ENISA states that EUVD will aggregate input from multiple trusted sources, including:
- National Computer Security Incident Response Teams (CSIRTs)
- Technology vendors and suppliers
- Open-source vulnerability databases
The EUVD dashboard will feature three key views:
- Critical vulnerabilities
- Exploited vulnerabilities
- EU-coordinated vulnerabilities
Each vulnerability entry in the EUVD includes:
- A description of the vulnerability
- Affected ICT products, services, and version numbers
- Severity rating and exploitation potential
- Available patches or authoritative guidance
- Risk mitigation strategies
Who Will Benefit From EUVD?
According to ENISA, the database is targeted at a broad audience, including:
- Cybersecurity professionals
- Suppliers of network and information systems
- Private-sector entities
- Government and national authorities (e.g., EU CSIRTs)
- Academic and independent researchers
By making the EUVD publicly accessible, ENISA aims to democratize vulnerability intelligence across the European cybersecurity ecosystem.
A Strategic Move Toward Digital Sovereignty
With cyber threats on the rise and supply chain security becoming a top priority, the launch of EUVD is a clear signal that the EU is moving toward greater digital sovereignty. It also reflects a broader trend of regionalizing cybersecurity governance to reduce reliance on foreign-controlled infrastructure.
