Luxembourg puts Europe on the map with a pioneering open data initiative at the crossroads of cybersecurity and AI - fostering Luxembourg’s now anchored national philosophy of building an open cybersecurity data economy.
On 19 May 2026, the Luxembourg House of Cybersecurity (LHC) hosted a CYBERSECURITY Breakfast in collaboration with the Luxembourg AI Factory, and the timing was deliberate: the newly created Luxembourg Cybersecurity Factory (LCSF), operating under the LHC, went live with the first cybersecurity data space in Europe, offering, for now, 23 curated, open-access datasets to the broader security and AI community. The cybersecurity data space is accessible here.
The full-house event, attended by over 50 registered participants, marked the first visible milestone of a national initiative that has been months in the making. "The Luxembourg Cybersecurity Factory builds on the so-called Cyber Commons: open-source tools, open data, open-weight models and open standards," explained Pascal Steichen, CEO of the Luxembourg House of Cybersecurity, as he opened the session.
Cybersecurity has long operated as a closed ecosystem. Proprietary data feeds, vendor lock-in and siloed intelligence have historically concentrated capability and competitive advantage in the hands of a of few players. Dr. Emilia Tantar, Head of the LCSF, was direct about the ambition: "We are building a new paradigm. Not a competition, just a different perspective."
The data space, accessible at cybersecurity-factory.lu, currently offers datasets spanning vulnerability intelligence, network security, dark web information, operational incident statistics and market data, in partnership with the two other centres of LHC: CIRCL and NC3. All are open access.
The metadata framework includes information on data lineage, intended AI lifecycle use, known limitations and curation status, making it immediately actionable for both cybersecurity providers and AI developers. "The data space is data at large. The upcoming data lab is data identified with AI lifecycle role, already prepared for AI, for some intended purpose," Dr. Tantar explained during the live demonstration. Countries
including France, Germany, Poland, Slovenia, Finland and Romania are already engaged through the EU Cybersecurity Data Labs coordination that Luxembourg, through the Luxembourg Cybersecurity Factory (LCSF), has taken on.
Eric Gray, who presented the governance model alongside Dr. Tantar, walked attendees through a concrete scenario. An "OT security" SME seeking to improve its products has historically been forced to purchase expensive proprietary vulnerability data from large providers. With the data space now available, that same company can ingest high-quality, curated vulnerability management data at no cost and potentially contribute back, creating a flywheel effect.
"Previously, if they had to pay for proprietary data feeds, they can now use open data to develop their product to do the same things, potentially better," Gray said. "And hopefully we get that flywheel effect: develop specific datasets, have them open and available to everybody through the data space."
The data custodianship model is deliberately decentralised. External providers retain ownership and hosting of their data; the platform acts as a single catalogue with quality commitments and data-sharing frameworks. "You keep the liability which comes with the data," Dr. Tantar clarified. "We are not storing external data."
The question of data quality, including the risk of poisoning in AI-ready datasets, was among the most discussed topics during the Q&A. The governance framework distinguishes explicitly between raw and curated datasets, with AI-readiness labelling requiring additional quality checks. A community reporting mechanism is foreseen for flagging malicious contributions, and alignment with common European data space standards, supported by the Luxembourg National Data Service (LNDS), is already underway.
Dr. Christophe Trefois, Head of Technology from LNDS, noted that data discovery and metadata standardisation are recurring challenges across all European data spaces, from health to energy. "Community acceptance will probably be the biggest challenge," he observed. "Bringing something back, contributing, not just consuming, that will be key."
On the research side, Professor Gabriele Lenzini from the University of Luxembourg's SnT centre underlined the structural dependency researchers have on data access: "Replicability and verifiability are built on the fact that we have data someone else can access, redo my research and tell me, you did right or you did wrong."
The data space is the first of four planned engines of the Luxembourg Cybersecurity Factory. The Cyber Commons Office, the AI Hub and the Quantum Lab, dedicated to PQC, are in development.
"The right to be safe, the right to be secure, this should be considered as part of the fundamental rights that any entity should have," Dr. Tantar told the room. "We are aligned with that principle."
The doors are open and platform is live. LCSF now intends to grow participation with strong governance to ensure trust and transparency, fuelling a data space that will powering next IT gen data and AI needs. Data providers, researchers and security practitioners can access the catalogue at cybersecurity-factory.lu. A follow-up event is planned to accommodate the demand that exceeded the venue's capacity on 19 May.
Additional question from the attendees will be responded to and posted on the website (cybersecurity-factory.lu).
The community can reach out for more details and to become participants in the data space: info@lcsf.lu
