Hannah-Sophie Weber is a DPhil in International Relations Candidate at the Department of Politics and International Relations (DPIR), University of Oxford. Her doctoral research focuses on public-private relationships in the governance of digital infrastructure and cybersecurity. She has recently published on democratic legitimacy in cybersecurity governance and is interested in informal (cyber)security alliances and the role of private companies in global security governance more broadly. She has a professional background in cybersecurity and digital policy, having worked on the topic as a fellow at think tanks, German federal ministries, and international organisations. She is currently completing a Carlo-Schmid Fellowship at the United Nations (UN-ODET) in New York.

Two conflicting paradigms pervade the discursive rhetoric in European Union (EU) cybersecurity governance: the co-regulatory promise of multistakeholderism and state-centric ideas of digital sovereignty. Paradoxically, collaborative interaction of public (EU) and private (large US technology firms) actors increasingly unfolds in the name of both paradigms. The paper addresses this puzzling tension between discursive rhetoric and practice, which I term the ‘paradigm paradox’, and asks: What explains the alignment of public and private actors behind two conflicting paradigms.

To answer this puzzle, the paper introduces an analytical framework of “Emerging Cybersecurity Communities (ECCs)”. Bringing together cybersecurity scholarship and practice theory, it conceptualizes ECCs as informal alliances of individual cybersecurity professionals across sectors. These are shaped by interlinked patterns of: (1) cyber- expertise exchange and information sharing, (2) shared securitisation of perceived external threats, and (3) nascent cross-sectoral trust. Using empirical evidence from semi-structured interviews, I conduct a complementary theories congruence analysis to juxtapose the two alternative explanations offered by the Brussels Effect and Norm Entrepreneurship theory. Both accounts help capture pieces of the puzzle yet remain limited by considering everyday public-private interaction as, at best, peripheral to policy developments. Applying the framework of ECCs, I reveal how centring the neglected practices of informal interaction can augment both alternative accounts. This paper’s key contribution to the literature on European politics is an improved analytical understanding of how public-private relationships shape EU governance.