Summary
- The G7 declaration prioritises post-quantum cryptography, AI security, telecoms resilience, SME security, and AI software bills of materials.
- The European Commission has linked the work to EU cybersecurity strategy, NIS2, the Cyber Resilience Act, and emerging AI governance.
- The declaration gives European cyber policy a stronger international frame as infrastructure, software, and AI assurance obligations converge.
The European Commission has backed a new G7 cybersecurity declaration that brings artificial intelligence, post-quantum cryptography, telecoms resilience, and software supply chain transparency into a shared international policy frame.
Adopted through the G7 Cybersecurity Working Group under France’s G7 presidency, the declaration follows a plenary meeting hosted in Paris by France’s national cyber agency, ANSSI, on 27 May. The Commission welcomed the outcome on 8 June, presenting it as part of a wider effort to strengthen collective cyber resilience as governments confront more complex digital dependencies.
The priorities set out by the G7 are practical rather than abstract. They include migration to post-quantum cryptography, cyber risks affecting and arising from AI systems, telecoms resilience, protection for small and medium-sized enterprises, and the use of AI software bills of materials. ANSSI said national cybersecurity agencies and centres from G7 members had reaffirmed their intention to coordinate more closely as cyber threats and emerging technologies continue to develop.
Several of those issues already sit inside Europe’s regulatory machinery. Post-quantum migration is being treated by European agencies as a long-term architecture and procurement problem, rather than a specialist cryptography exercise. AI security is being pulled into product governance, application security, and data-risk oversight. Telecoms resilience remains bound up with national infrastructure planning, vendor dependency, and cross-border network continuity.
The Commission said the G7’s work on “Minimum Elements for an AI Software Bill of Materials” can help organisations assess and reduce cybersecurity risks to and from AI systems. That language places AI transparency close to the existing software bill of materials debate, where buyers, operators, and regulators increasingly expect clearer information about the components inside digital products and services.
The declaration does not create direct legal obligations for companies, operators, or public bodies. Its force lies in the convergence it shows between national cyber agencies, EU-level regulation, and international resilience planning. NIS2 is extending security and incident reporting expectations across essential and important entities. The Cyber Resilience Act is moving manufacturers and software vendors toward security-by-design obligations. DORA has already turned ICT risk and third-party oversight into regulated financial services duties.
In that context, the G7 language helps show where international policy is hardening. AI tools are no longer being treated solely as productivity systems; they are becoming software supply chain, assurance, and exposure-management concerns. Telecoms resilience is not only a network engineering issue, but part of national infrastructure planning. Post-quantum migration is moving from standards discussion into asset inventories, procurement cycles, cryptographic dependency mapping, and long-term architecture decisions.
European organisations will increasingly encounter these themes in combination. The same suppliers, cloud platforms, AI tooling, network providers, and software components may sit across multiple regulatory regimes. A single operational dependency can raise questions under NIS2, sector regulation, procurement rules, resilience planning, and, in some cases, AI governance.
The Commission said it will continue engaging through the G7 Cybersecurity Working Group’s autumn meeting, using EU frameworks to advance the priorities before the working group presidency moves to the United States in 2027. The declaration now gives European policymakers a clearer international basis for aligning security expectations across infrastructure, software, and AI systems.





