Europeanizing Cybersecurity – A Comparative Analysis of Governance and Securitization in Estonia and Sweden

Abstract

This study focuses on examining how Sweden and Estonia have adapted their national cybersecurity strategies after 2022 (following Russia’s invasion of Ukraine), with particular attention to how frameworks from the European Union (EU) and NATO have influenced this adaptation process. The study is situated within the field of Global Studies and aims to contribute to the understanding of how global institutions shape national security policy in the digital age and a rapidly shifting geopolitical order. The research consists of a comparative qualitative case study of Sweden and Estonia, two EU and NATO member states with contrasting governance models and security traditions. The analysis is based on national cybersecurity strategies, legislative proposals, official government publications, and relevant documents from the EU and NATO published between 2022 and 2025. The material is analysed using a theory-driven thematic approach, applying concepts from institutional theory, securitization theory, and cybersecurity governance. These are combined in an analytical framework I refer to as “Cybersecurity Institutionalism,” used to identify similarities and differences in how external frameworks are interpreted and implemented nationally. The study finds that Estonia has rapidly and proactively aligned its cybersecurity strategy with both EU and NATO standards, supported by centralized governance and a securitized framing of cyber threats. Sweden, by contrast, has adopted a slower and more decentralized implementation path, reflecting its administrative structure and recent entry into NATO. The study concludes that while both countries legally comply with EU and NATO strategies, the countries' individual institutional designs, threat perceptions, and political framings strongly shape how cybersecurity policy is developed and implemented at the national level.