Luxembourg (LU)

The Luxumbourg Government Council approved the national cybersecurity stratetgy, National Cybersecurity Strategy III, in January 2018. The strategy updates the 2015 National Cybersecurity Strategy II. 

Based on the ENISA self-assessment classification, the strategy covers the following strategic objectives: Cybercrime, citizen's awareness, Critical Information Infrastructure Protection, national cyber contingency plans, international cooperation, public-private partnership, incident response capability, institutionalised form of cooperation between public agencies, baseline security requirements, incident reporting mechanisms, cyber security exercises, training and educational programmes.

The Ministry of Economy is responsible for computer security, risk awareness and private sector vulnerabilities.


Awareness and Education

Under the strategy, the government will set up a university course in the field of information security aimed at mitigating the risk of having a lack of experts in information security, which would impede the development of the country's security’s ecosystem.

There are plans to offer aid for specific training in the field of information security. Such aid will be associated with the lifelong training of experts, so as to encourage them to attend, for example, conferences and other relevant events.

The development of specialised training aimed at multidisciplinary teams will be considered with a view to addressing the shortage of experts in the security field, while taking into account the interconnectivity of tools.

Appointments will be given to people in charge of information security within each state entity. A training plan for these people will be set up  and exchange platforms for these experts created.

In the private sector, leaders will be encouraged to provide information security managers with resources to implement effective protection measures. Efforts will be made to improve communication and collaboration between teams in charge of different missions: information security, compliance, management, customer management, etc.

Capacity Buillding

In October 2017, SECURITYMADEIN.LU launched the Cybersecurity Competence Center (C3) to further strengthen the Luxembourg economy in the field of cybersecurity. Its Mission is to:

  • Offer G-to-B-to-B services together with partners
  •  Foster long-term wealth and competence building
  •  Increase Luxembourg’s attractiveness and reputation in cybersecurity

Its three competence areas are: Observe, train, test. Its service catalogue includes:

  • Be Aware, Cybersecurity for Everyone.
  • MONARCH - Optimised risk analysis method. 
  • MISP Training, Threat Intelligence Analyst and Administrators.

Start-ups offering innovative solutions are among the needs identified within the Luxembourg digital security ecosystem. This need will be taken into account when defining priorities in the field of research, by promoting the creation of Start-ups.

Higher education courses on cybersecurity

University of Luxembourg/Luxembourg Institute of Science and Technology (LIST) – Master in Information System Security Management. Student Intake: 15. European Credit Transfer System (ECTS): 60. Focus: System security, network security, component security, SW security with some forensics.

Individual coaching and courses are taught in small groups, internationally renowned professors, multidisciplinary approach promoting knowledge sharing and exchange of experiences, Participation in the Information Security Education Day (ISED), Programme supported by two professional associations: CLUSIL and CPSI. Programming, networking, operating systems, databases etc, before spending two years specialising in a variety of cybersecurity topics including network security analytics, secure programming, pen testing, computer/network forensics, business continuity.

Public-private Partnerships

Five public and private players (Ministry of Economy, SECURITYMADEIN.LU, Luxinnovation, Excellium and PwC Luxembourg) are gathered to create the Cybersecurity Week Luxembourg in the framework of the European Cybersecurity Month (ECSM), an annual advocacy campaign organised by the European Union Agency for Network and Information Security (ENISA) and the European Commission to promote cybersecurity internationally.

The event helps develop cybersecurity initiatives led by public and private sector players, as well as encourage the development of a cybersecurity start-up ecosystem encompassing innovative firms from both Luxembourg and abroad, investors, and individuals with skills in the field.

EU Cyber Professional Register for national stakeholders

The CyPR is all about boosting opportunities in the cybersecurity marketplace. 

This European Cybersecurity Professional Register is the place where professionals, juniors or seniors, age can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications.

Organisations of any size or sector from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture.

Latest Update & Disclaimer

January 2021. 

The information contained here is based on desk research carried out by, including the ENISA interactive maps on national strategies and educational courses. 


Cybersecurity Response Teams: GDPR and NIS Directive Compliance and Notification

Operational capacity building


ANSSI, the national agency for the security of information systems, defines policies and guidelines for the security of classified and unclassified information, ensures that norms and standards are established, that the measures regarding the security of information systems are implemented and that the application is guaranteed, and also certifies the means of processing of unclassified information (digital systems, services, infrastructures).

Since 2015, ANSSI acts a nation Computer Emergency Response Team (CERT) and ensures the hosting of the government's CERT - GOVCERT.LU, and serves as the line of command for all active players in the field of cybersecurity in relation to the public sector and critical infrastructure. Its mission therefore also includes co-operation with all suitable private sector stakeholders, if necessary, by means of formalised co-operation agreement

GOVCERT.LU - government and critical infrastructures. It oversees the management of cyber-security incidents compromising Luxembourg, its citizens or its economy and is responsible for receiving, reviewing and responding to reports of such. NCERT.LU (National CERT) acts as the official national point of contact for national and international governmental CERTs.

Report a cyber incident to a national CERT/CSIRT


  • Email completed Incident Reporting Form (FRM 702 docx txt) to
  • Using the Online form ( - Incidents reported using this form are encrypted prior to transmission thus enabling anonymous reporting.
  • Using the online file encrypt to securely encrypt files on your computer prior to reporting them to us without the need to install aditional software. The resulting files will only be readable by GOVCERT.LU

Whenever possible, constituents should use the incident reporting form (FRM 702 docx txt). Non-constituents, however, should use the online form or contact our SOC directly by email.



Healthnet CSIRT - Private users

Healthnet CSIRT - Businesses

Healthnet CSIRT - IT Community

Guidance and Updates CIRL.LU provides updates on the latest threat landscape on its home page.
Languages French, Dutch, English
Latest Update & Disclaimer

January 2021. 

The information contained here is the result of desk research carried out by 


Contact us for more info


Luxembourg (LU) | Cyber Range & Capacity Building in Cybersecurity


The website encountered an unexpected error. Please try again later.