Luxembourg Launches Europe's 1st Cybersecurity Data Space

On Tuesday 19 May 2026, the Luxembourg House of Cybersecurity (LHC) hosted a "CYBERSECURITY Breakfast" in collaboration with the Luxembourg AI Factory.

On this occasion, the newly created Luxembourg Cybersecurity Factory (LCSF), operating under the LHC, officially went live with what it described as the first cybersecurity data space in Europe, offering (for now) 23 curated, open-access datasets to the broader security and artificial intelligence (AI) community. The cybersecurity data space is accessible via cybersecurity-factory.lu.

 The full-house event, attended by over 50 registered participants, marked the first visible milestone of a national initiative that has been in development for several months.

"The Luxembourg Cybersecurity Factory builds on the so-called Cyber Commons: open-source tools, open data, open-weight models and open standards," explained Pascal Steichen, CEO of the Luxembourg House of Cybersecurity, as he opened the session.

Cybersecurity has long operated as a closed ecosystem, according to the LHC, with proprietary data feeds, vendor lock-in and siloed intelligence concentrating capability and competitive advantage in the hands of a few players. Dr Emilia Tantar, Head of the LCSF, said: "We are building a new paradigm. Not a competition, just a different perspective."

The data space currently offers datasets covering vulnerability intelligence, network security, dark web information, operational incident statistics and market data, in partnership with the LHC's two other centres: the Computer Incident Response Center Luxembourg (CIRCL) and the National Cybersecurity Competence Center Luxembourg (NC3). All datasets are open access.

The metadata framework includes information on data lineage, intended AI lifecycle use, known limitations and curation status, making it immediately usable for both cybersecurity providers and AI developers.

"The data space is data at large. The upcoming data lab is data identified with AI lifecycle role, already prepared for AI, for some intended purpose," Dr Tantar explained during a live demonstration.

Countries including France, Germany, Poland, Slovenia, Finland and Romania are already engaged through the EU Cybersecurity Data Labs coordination, which Luxembourg, via the LCSF, is helping to lead.

Eric Gray, who presented the governance model alongside Dr Tantar, outlined a practical use case involving an operational technology (OT) security SME. In the traditional model, such companies would need to purchase expensive proprietary vulnerability data from large providers. With the new data space, they can instead access curated open datasets at no cost and potentially contribute back to the ecosystem.

"Previously, if they had to pay for proprietary data feeds, they can now use open data to develop their product to do the same things, potentially better," Eric Gray said. "And hopefully we get that flywheel effect: develop specific datasets, have them open and available to everybody through the data space."

The data custodianship model is deliberately decentralised. External providers retain ownership and hosting of their data, while the platform functions as a central catalogue with quality commitments and data-sharing frameworks. "You keep the liability which comes with the data," Dr Tantar clarified. "We are not storing external data."

The question of data quality, including the risk of poisoning in AI-ready datasets, was a key topic during the Q&A. The governance framework distinguishes between raw and curated datasets, with AI-readiness labelling requiring additional quality checks. A community reporting mechanism is planned to flag malicious contributions, as well as alignment with European data space standards, supported by the Luxembourg National Data Service (LNDS).

Dr Christophe Trefois, Head of Technology at LNDS, noted that data discovery and metadata standardisation remain common challenges across European data spaces, from health to energy. "Community acceptance will probably be the biggest challenge," he said. "Contributing, not just consuming, that will be key."

On the research side, Professor Gabriele Lenzini from the University of Luxembourg's Interdisciplinary Centre for Security, Reliability and Trust (SnT) highlighted the structural dependency researchers have on data access: "Replicability and verifiability are built on the fact that we have data someone else can access, redo my research and tell me, you did right or you did wrong."

The cybersecurity data space is the first of four planned engines of the Luxembourg Cybersecurity Factory. The Cyber Commons Office, the AI Hub and a Quantum Lab dedicated to post-quantum cryptograph (PQC) are currently in development.

"The right to be safe, the right to be secure, this should be considered as part of the fundamental rights that any entity should have," Dr Tantar told attendees. "We are aligned with that principle."

The LCSF now aims to expand participation under a strong governance model focused on trust and transparency, building a data space that will power next-generation IT, data and AI needs. Data providers, researchers and security practitioners can access the catalogue via cybersecurity-factory.lu.

A follow-up event is planned due to strong demand, with the first session reportedly exceeding venue capacity.

Additional questions from attendees will be answered and published on the website.

Interested stakeholders can contact info@lcsf.lu for more information or to join the initiative.