The US administration is pulling out of 66 international cooperations, including multiple agreements related to cybersecurity. These include the Global Forum on Cyber Expertise (GFCE), the Freedom Online Coalition and the European Centre of Excellence for Countering Hybrid Threats.

The agreements are designed to support coordination, help share practical guidance and build resilience to cyber and hybrid risks. But the Trump administration has found the institutions to be “redundant in their scope, mismanaged, unnecessary, wasteful, poorly run” and “captured by the interests of actors advancing their own agendas,” secretary of state Marco Rubio said in a press statement issued on January 7.

While the immediate impact will be limited, experts say the move could weaken security in the long run in the face of increasing aggression by hostile nations such as Russia and China.

As the UK and Europe prepare for this eventuality, can someone else step up to mitigate the threat – and what does this all mean for global cybersecurity?

Weakened Foundations

The US pulling back from international cyber cooperation doesn’t mean systems “suddenly become less secure overnight.” But it does “weaken the foundations that make collective defence work,” says Stew Parkin, global CTO at Assured Data Protection. “These forums are where common rules of the road are agreed, trust between responders is built, and large-scale incidents are rehearsed before they happen for real.”

When a major player steps away, “coordination becomes slower, more fragmented, and far easier for attackers to exploit,” Parkin warns.

Over time, reduced engagement across global frameworks could make coordination less consistent, agrees Brett Candon, VP International at Dropzone. “Shared frameworks for incident response, policy alignment and skills development will become harder to maintain, particularly for countries that rely on external expertise to build cyber capability. This is likely to slow progress and make it easier for gaps to emerge between regions.”

The US influence has historically helped align security expectations across allies and major vendors. A retreat creates space for competing models of “cyber sovereignty” and state control of the internet, says Tracey Hannan-Jones, consulting director, information security and GRC and Group DPO at UBDS Digital. By fragmenting standards and governance, this will result in more regulatory divergence, compliance complexity and potentially weaker baseline security if standards become “a geopolitical bargaining chip,” she says.

The withdrawal risks weakening global coordination against ransomware, state‑backed cyber operations and hybrid threats – and “could very well create a leadership vacuum for adversaries like Russia,” says Dr. Ruth Wandhöfer, head of European markets at Blackwired. “This is the problem when politics invades real-life matters. And in this case, the irony is that these are very much national security matters for the US as much as for those countries collaborating in these bodies to support collective cyber defence.”

For example, the role of GFCE and the hybrid‑threats centre is “crucial in the space of sharing threat intelligence, building capacity in vulnerable regions and coordinating responses to major incidents,” says Wandhöfer.

With the US absent in these, early warning and joint action opportunities will be impaired, she says.

Impact on the UK and EU

The pause or termination of cyber capacity building programs leaves some partner countries more exposed. This creates “spillover risks” for interconnected global networks, says Chrissa Constantine, senior cybersecurity solution architect at Black Duck.

For the UK and EU, this shift carries “significant implications,” she says. “They may face increased expectations to provide leadership, funding and technical expertise to sustain international cyber frameworks, while also assuming a greater role in norm setting for cybersecurity, AI governance, and digital policy. This expands influence, but it also raises the cost of internal fragmentation or misalignment, as divergence would weaken collective impact.”

At the same time, reduced global coordination heightens exposure to hybrid threats such as disinformation and politically motivated cyber operations, increasing the demand for stronger European led detection, attribution and response capabilities, Constantine adds.

The UK and EU sit at the centre of the “high dependency” zone: They are deeply integrated with US technology, intelligence and security partnerships, but also directly exposed to Russian cyber operations, global ransomware and supply chain risk, says Hannan-Jones.

Specifically for the UK, the immediate challenge is continuity: Maintaining operational cooperation – especially law enforcement and incident response – even if US diplomacy becomes volatile, says Hannan-Jones. 

The likely impacts are more pressure on UK national capabilities including its threat intelligence, incident response surge capacity and cyber diplomacy, says Hannan-Jones.

The EU’s challenge is coherence, says Hannan-Jones. Cyber policy in Europe is “often strong on regulation but uneven on operational muscle,” she says. 

This will impact the acceleration of EU-level coordination through shared situational awareness, joint response mechanisms and cross-border crisis playbooks. 

Setting Standards

The cybersecurity impact of US withdrawal will eventually be felt, but there is the possibility that the EU and UK could step up to help mitigate the risk. The UK already has credibility in cyber diplomacy and operational security, and the EU has market power, Hannan-Jones points out. “Together, they can set security expectations globally through standards, procurement rules and regulation. The upside here is stronger baseline security across supply chains.”

Globally, if the UK and EU leadership are able to align a coordinated approach, the world could see a “European-led stabilisation” of cyber norms and baseline controls, says Hannan-Jones. However, leadership across the UK and EU is fragmented, so this could result in “a patchwork of rules that attackers exploit and businesses struggle to implement,” she warns.

It’s true that global cybersecurity does not collapse without the US. But it does become “harder, slower, more fragmented, and costly,” says Hannan-Jones. “The UK and EU can mitigate that – but only if they treat cyber cooperation as critical infrastructure in its own right, invest accordingly, and lead with a mix of operational action and practical standards, rather than political signalling and weak-willed gestures.”

Kate O'Flaherty Cybersecurity and privacy journalist