Lisbon, July 6 - 10, 2026
11th IEEE European Symposium on Security and Privacy
The IEEE European Symposium on Security and Privacy (Euro S&P) is the younger and more adventurous sibling conference of the IEEE Symposium on Security and Privacy (“Oakland” or “NorCal S&P”) conference. It is a premier forum for computer security and privacy research, presenting the latest developments and bringing together researchers and practitioners.
We solicit previously unpublished papers offering novel research contributions in security or privacy, as well as Systematization of Knowledge (SoK) papers that systematize previous results. EuroS&P is interested in all aspects of applied computer security and privacy. We especially encourage papers that are far-reaching and risky, provided those papers show sufficient promise for creating interesting discussions and usefully questioning widely-held beliefs. Papers without a clear connection to security or privacy will be considered out of scope and may be desk-rejected without full review.
We solicit Systematization of Knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area; support or challenge long-held beliefs in such an area with compelling evidence; or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate. Submissions will be distinguished by the prefix "SoK:" in the title. They will be reviewed by the full PC and held to the same standards as traditional research papers, except instead of emphasizing novel research contributions, the emphasis will be on their value to the community. Accepted papers will be presented at the symposium and included in the proceedings.
The number of papers accepted to IEEE Euro S&P continues to grow each year. Due to conference venue limitations and costs, each accepted paper will have: (a) a short-talk presentation (e.g., 5-10 minutes, length determined based on the number of accepted papers) and (b) a poster presentation immediately following the talk session containing the presentation. All accepted papers are required to present both a short talk and a poster.
All deadlines are Anywhere on Earth (AoE = UTC-12h).
The review process will consist of two rounds followed by a rebuttal phase. In the first round, the program committee will reject submissions that do not have a prospect of acceptance; the rest will proceed to the second round. The second round includes a rebuttal phase, where authors are invited to submit a response to questions from the program committee (if any). The authors' response will be used to make the final decision in the second round.
For each submission, one of the following decisions will be made:
These instructions apply to both the research papers and Systematization of Knowledge (SoK) papers. All submissions must be original work; the submitter must clearly document any overlap with previously published or simultaneously submitted papers from any of the authors. Plagiarism (whether of others or self) will be grounds for rejection. Failure to point out and explain overlap will be grounds for rejection. Simultaneous submission of the same paper or substantially similar paper to another venue with proceedings or a journal is not allowed and will be grounds for automatic rejection. Contact the program committee chairs if there are questions about this policy.
Papers must be submitted in a form suitable for anonymous review: no author names or affiliations may appear on the title page, and papers should avoid revealing their identity in the text. Authors should also take care in not including acknowledgments that help identify them (e.g., funding information, names of colleagues who gave feedback on the paper). When referring to your previous work, do so in the third person, as though it were written by someone else. References should only be blinded in the (unusual) case that a third-person reference is infeasible. Any source code or other material (e.g., data sets) which requires hosting must use anonymous services. This explicitly excludes hosting on GitHub (which may leak author identities) or Google Drive (which could leak reviewer identities). Instead, authors are encouraged to use services such as Anonymous GitHub.
While a paper is under submission to Euro S&P, authors may choose to give talks about their work, post a preprint of the paper to an archival repository such as arXiv, and disclose security vulnerabilities to vendors. Authors are not allowed to directly contact PC members to discuss their submission.
Contact the program chairs if you have any questions. Papers that are not properly anonymized may be rejected without review.
All papers must complete a mandatory registration by 13 November 2025. The registration must include the title, abstract, author information, conflicts of interest, as well as primary area and all relevant topics. This information is required for reviewer assignment. Papers with incomplete registration information may be rejected.
Papers shall not exceed 13 pages of body text, with unlimited additional pages for references and appendices. Reviewers are explicitly not expected to read the appendices while deciding whether to accept or reject the paper. Papers must be typeset in LaTeX in A4 format (not "US Letter") using the IEEE conference proceeding template we supply eurosp2026-template.zip. Please do not use other IEEE templates. Submissions must be in Portable Document Format (.pdf). Authors should pay special attention to unusual fonts, images, and figures that might create problems for reviewers. Your document should render correctly in Adobe Reader and when printed in black and white. Failure to adhere to the page limit and formatting requirements can be grounds for rejection without review.
We expect authors to carefully consider and address the potential harms associated with carrying out their research, as well as the potential negative consequences that could stem from publishing their work. Failure to adequately discuss such potential harms within the body of the submission may result in rejection of a submission, regardless of its quality and scientific value.
Our expectation for Euro S&P is that researchers will maximize the scientific and community value of their work by making it as open as possible. This means that, by default, all of the code, data, and other materials (such as survey instruments) needed to reproduce your work described in an accepted paper will be released publicly under an open source license. Sometimes it is not possible to share work this openly, such as when it involves malware samples, data from human subjects that must be protected, or proprietary data obtained under agreement that precludes publishing the data itself. All submissions are encouraged to include a clear statement on Data Availability that explains how the artifacts needed to reproduce their work will be shared, or an explanation of why they will not be shared. If data reproducibility is required for significant contributions of the work and the authors do not explain reproducibility and/or share the artifacts, papers that fail to satisfy these commitments may be removed from the conference.
A paper can be withdrawn at any point before the reviews have been sent to the authors. Once the reviews have been sent to the authors, the paper can not be withdrawn.
The use of AI-generated content (including but not limited to text, figures, images, and code) shall be disclosed in the acknowledgments section. At the time of submission, the acknowledgments do not count towards the page limit. The AI system used shall be identified, and specific sections of the article that use AI-generated content shall be identified and accompanied by a brief explanation regarding the level at which the AI system was used to generate the content.
The use of AI systems for editing and grammar enhancement is common practice and, as such, is generally outside the intent of the above policy. In this case, disclosure as noted above is not required, but recommended.
During submission of a research paper, the submission site will request information about conflicts of interest of the paper’s authors with program committee (PC) members. It is the full responsibility of all authors of a paper to identify all and only their potential conflict-of-interest PC members, according to the following definition. A paper author has a conflict of interest with a PC member when and only when one or more of the following conditions holds:
For any other situation where the authors feel they have a conflict with a PC member, they must explain the nature of the conflict to the PC chairs, who will mark the conflict if appropriate. The program chairs will review declared conflicts. Papers with incorrect or incomplete conflict of interest information as of the submission closing time are subject to immediate rejection. Because it would not be possible to handle conflicts of interest retroactively, changes to the author list are not permitted after submission.
Papers must be submitted at https://hotcrp.eurosp2026.ieee-security.org and may be updated at any time until the submission deadline expires.
Authors are responsible for obtaining appropriate publication clearances. One of the authors of the accepted paper is expected to present the paper at the conference. We are expecting to hold an in-person conference and that authors will be able to travel to the conference to present their paper, but may make allowances for remote presentation in cases where all authors of a paper have legitimate reasons for why they are unable to attend in person.
Outstanding papers will be selected by the program committee for paper awards. The award finalists and winners will be announced at the symposium.