Vulnerability disclosure has become a key topic of discussion among cybersecurity experts. This is due to growing concerns over vulnerabilities and their possible exploitation, as demonstrated by the impact of Log4Shell’s vulnerability. It is thus crucial that security researchers and ethical hackers are able to constantly scrutinise ICT systems to find misconfigurations and software vulnerabilities before they can be exploited. This report presents an overview of coordinated vulnerability disclosure (CVD) policies at national level within the EU. It offers a comprehensive overview of the EU CVD state-of-play and provides high-level key findings and recommendations for future improvements.