Abstract
Cybersecurity has become central to strategic competition and foreign policy, yet research has focused primarily on executive decision-making, military doctrines, and national cyber strategies, marginalising parliamentary roles in this securitised and technically complex domain. This paper examines how legislatures scrutinise cyber policy in democratic systems. Using the framework of authority, ability, and attitude, the paper conceptualises parliamentary scrutiny as a form of strategic oversight shaped by legal prerogatives, institutional capacities, and political incentives. Building on the literature on parliamentary war powers and intelligence oversight, it shows how cyber policy blurs boundaries between defence, intelligence, law enforcement, and critical infrastructure governance, thereby challenging established mechanisms of democratic accountability. The study relies on an original dataset of EU cybersecurity policies and a comparative analysis of five cases: the United Kingdom, Italy, France, Germany, and Spain. Combining text-as-data techniques, parliamentary metadata, and Institutional Grammar 2.0, it examines who speaks about cyber policy, how extensively, and with which institutional powers. The findings reveal substantial variation in parliamentary scrutiny, shaped by institutional arrangements, strategic ambiguity, and executive dominance. By situating cyber policy within debates on civil–military relations and foreign policy decision-making, the paper advances understanding of democratic oversight in emerging strategic domains.
Panel: Virtually Transformed? Digital Infrastructures, Competition, and Governance