The Commission and Cybercrime: Applying Multiple Streams Approach to Policy Change in the Security Domain

The transnational nature of security problems such as cybercrime requires a EU common approach that is hindered by several challenges, including establishing a coordinated management by multiple and separated authorities; promoting public-private cooperation; balancing security and freedom as well as prevention and privacy; and define competences between the state, the traditional security provider, and the international organization, an emergent security actor. Given the (persistent) intergovernmental features of the EU security policy, the Commission was initially relegated to a marginal role. However, the Lisbon Treaty improved the conditions for a more effective participation of this institution in the internal security domain. Drawing from John Kingdon’s Multiple Streams (MS) framework (1984; 2003) and using EU’s cyber security strategy as the empirical case, our goal is to analyse the Commission’s initiatives to address cybercrime, in order to assess the institution’s role in the edification of a European security model. Did the Commission influence problem recognition and definition? Did the Commission manage to “soften up” the right stakeholders? Did the Commission seize the policy window to push its pet solutions for the problem? Our hypothesis is that, by using its bureaucratic skills and policy entrepreneurship, the Commission was central to advance a particular sensitive agenda. Though dependent on the prevailing policy context and on the other institutional stakeholders’ actual political compromise, the Commission has been a more influential actor in shaping the European security policy than previously assumed.