The independent resource on global security

Cyber Risk Reduction in China, Russia, the United States and the European Union

Cyber Risk Reduction_cover
Publisher: SIPRI
SIPRI, Stockholm:
June, 2024

This report provides an overview of cyber risk reduction terminology and regulatory measures within China, Russia, the United States and the European Union. It finds, among other things, that China and Russia excel at clear visuals and steps, yet they also tend to lack linguistic clarity. China, the USA and the EU possess interagency and public–private sector coordination, while facing jurisdictional overlap. All four actors are securing their supply chains, yet China and Russia face challenges with burdensome penalties for non-compliance, and the USA and the EU confront obstacles to enforcement at the state and member-state levels. This report is intended to provide a baseline for engagement among China, Russia, the USA and the EU on their respective approaches to cyber risk reduction.

  1. Introduction
  2. Terminology and regulatory approaches 
  3. Comparing and contrasting approaches
  4. Conclusions


Dr Lora Saalman is a Senior Researcher within SIPRI’s Armament and Disarmament and Conflict, Peace and Security research areas.
Fei Su is a Researcher in the SIPRI China and Asia Security Programme.
Larisa Saveleva Dovgal is a Research Assistant in the SIPRI Weapons of Mass Destruction Programme