Author
Listed:
- Mazaher Kianpour
- Christopher Frantz
Abstract
Effective cyber incident response and crisis management increasingly relies on the coordination of relevant actors at supranational levels. A polycentric governance structure is one of the institutional arrangements that can promote active participation of involved actors, an aspect decisive for the rapid and effective response to cyber incidents and crises. This research aims to dissect whether, and to what extent, a polycentric structure is manifested within the cyber crisis management framework of the European Union (EU) and assesses the extent to which these policies signal a balance between centralization and decentralization. By employing Institutional Grammar 2.0, we examine the roles and interactions among actors delineated within four key policies to identify the structural characteristics, institutional essentials, and prerequisites indicative of a polycentric governance system. Additionally, we apply network analysis to evaluate dyadic relationships of actors, further assessing the balance between centralization and decentralization in the EU's cyber crisis management framework. Our analysis reveals that the EU has adopted a polycentric governance model for cyber crisis management, characterized by a nuanced distribution of responsibilities and authorities. The findings highlight a tendency toward centralization, especially in the roles of Member States and the European Union Agency for Cybersecurity (ENISA), while maintaining a polycentric structure that blends centralization and decentralization. This balance can ensure structural integrity and coherence of the system, while theoretically providing the flexibility and resilience needed to adapt to the dynamic cyber threat landscape. The study contributes methodologically, offering a framework that can be applied to other domains, and provides insights into the effective coordination of cyber incident response and crisis management at supranational levels.
Suggested Citation
Mazaher Kianpour & Christopher Frantz, 2025.
"Analysis of Institutional Design of European Union Cyber Incident and Crisis Management as a Complex Public Good,"
Regulation & Governance, John Wiley & Sons, vol. 19(4), pages 1037-1062, October.
Handle:
RePEc:wly:reggov:v:19:y:2025:i:4:p:1037-1062
DOI: 10.1111/rego.12640
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:wly:reggov:v:19:y:2025:i:4:p:1037-1062. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Wiley Content Delivery (email available below). General contact details of provider: https://doi.org/10.1111/(ISSN)1748-5991 .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.
Printed from https://ideas.repec.org/a/wly/reggov/v19y2025i4p1037-1062.html
My bibliography
Save this article