Cybersecurity is high on the policy agenda of the European Union and can be seen as an emerging field of research, in both policy and legal studies. The recent adoption of new Directives on information and network security and on cybercrime reveal the possibilities for the EU to use existing competences in other policy fields to regulate aspects of cybersecurity. ‘Resilience’ of existing structures as well as of EU values is at the core of the Union’s approach to cybersecurity. Yet, a comprehensive approach is missing, leading to a risk of fragmentation and incoherence. So far, measures related to the Single Digital Market and to cooperation on criminal law have been more elaborate than measures related to cyberdefence.