Security under the next Multiannual Financial Framework

Europe faces an increasingly complex and dangerous security environment. In response to Russia’s war of aggression against Ukraine, the EU and its Member States have focused their efforts on strengthening Europe’s defence posture. However, the non-military dimensions of security require equally urgent attention: throughout the Union, hybrid attacks from Russia – including sabotage, cyberattacks, espionage, Foreign Information Manipulation and Interference (FIMI) campaigns – are growing in frequency and sophistication. This hybrid warfare comes on top of other transnational security threats like organised crime and terrorism, but also increasing risks of natural disasters and large-scale technical incidents.

To cope with this security environment, Europe needs a strong and competitive security industry. However, despite the progress made towards a Security Union, Europe's security industrial and technological base remains under-resourced and structurally disadvantaged. European producers face barriers to market access and upscale as public demand remains fragmented, EU security programmes lack an industrial dimension, and possible synergies with defence technologies are difficult to exploit. These difficulties weaken European industry and leave the Union excessively dependent on non-European technologies - at a time when strategic autonomy is more critical than ever.

There is no security without technology, and no technology without industry. ASD therefore calls for the development of a comprehensive European security industrial policy, which places strategically important high-end security solutions at its core. Under the next Multiannual Financial Framework (MFF), this policy should be supported by a well-funded ‘Securing Europe Facility’ (SEF), which brings together all relevant funding instruments under a single roof. Such a ‘SEF’ should provide the strategic framework for large-scale European Security Projects of Common Interest (ESPCIs), which could support in particular the protection of transnational infrastructure networks. The SEF should also foresee possibilities to cooperate with non-EU partners in critical security areas. In parallel, the announced revision of Directive 2009/81/EC on Defence and Security Procurement should introduce an explicit European preference to guide procurement choices towards EU-developed solutions.

Introduction

This paper aims to kick-off a debate on the need for strengthening Europe’s industrial and technological capacities for high-end security solutions. It is structured in three parts: the first outlines the evolving nature of non-military threats and the relevance of a strong security industry; the second analyses the key challenges the sector is facing; and the third proposes concrete solutions to be implemented under the next Multiannual Financial Framework.

All references quoted are listed in full in the downloadable version of the Position Paper. 

Non-military security matters

Upholding the security of citizens, businesses and institutions is a prerequisite for the stability of European democracies. In recent years, this fundamental principle has come under increasing strain.

Russia’s war of aggression against Ukraine has irreversibly shifted the European security landscape and rightly prompted a strong mobilisation of European resources in support of defence. However, the threat to the European Union and its Member States is not confined to conventional warfare.

In 2024 alone, Russian-attributed physical sabotage incidents in Europe surged to 44, up from 13 in 2023 and 6 in 2022. Notable incidents include arson attacks on logistics centres in the UK and Germany, sabotage of critical infrastructure such as undersea cables in the Baltic Sea, and covert operations leading to assassinations on European soil.

According to data from the EUISS, the number of state-sponsored cyber campaigns quadrupled between 2009 and 2023. In 2023 alone, Europe recorded 4,618 disruptive cyberattacks. Digital attacks in the EU doubled further between 2023 and 2024, with many attributed to Russian-backed groups targeting critical infrastructure and electoral systems.

In parallel, Russia’s FIMI campaigns have intensified in both scale and sophistication. Analysis by the DFRLab reveals that Russia’s "Pravda network" alone has published over 3.7 million disinformation articles globally, with a sharp focus on Europe – including nearly 400,000 articles targeting France and over 370,000 aimed at Germany. These operations, often recycling sanctioned media content and leveraging pro-Kremlin Telegram channels, have expanded significantly since mid-2024, notably ahead of the European elections.

Other state actors also engage in destabilising activities against Europe, such as espionage in sensitive sectors or corruption of policy- and decision-makers. At the same time, Europe remains exposed to a wider array of transnational threats, in particular organised crime and terrorism, whilst climate change multiplies the danger of natural disasters, and the twin transition of our complex societies can cause large-scale technical incidents.

The combination of all these threats and risks has the potential to undermine Europe’s institutional integrity, the stability and cohesion of our societies and eventually our way of life.

In this situation, Europe needs to develop a comprehensive security approach based on a military and non-military continuum. Non-military security must be recognised as an indispensable complement to defence, providing an essential contribution to Europe’s resilience. Consequently, Europe should urgently strengthen its non-military security capabilities, including the technological and industrial base that underpins these capabilities.

Security needs and industrial challenges

So far, the EU has focused its efforts in security on coordination and regulation. The CER Directive on the resilience of critical entities and the NIS 2 Directive on measures for a high common level of cybersecurity across the Union, for example, bring considerable progress for the security of critical networks across the Union. However, regulation alone will not be sufficient.

Security can only be upheld if key operational actors – including police forces, civil intelligence agencies, border authorities, emergency services, and critical infrastructure operators – are adequately equipped. These entities operate across a wide range of domains and must respond to increasingly sophisticated threats, ranging from physical sabotage operations against critical infrastructures on land, at sea and underwater to large-scale cyberattacks and FIMI campaigns. Such threats concern all EU Member States and European NATO members. Addressing them effectively often requires advanced capabilities with tailor-made technological solutions.

Advanced security solutions do not emerge in a vacuum. Their development relies on a strong, competitive industrial base capable of developing and integrating state-of-the-art technologies and delivering complex solutions at scale. European security companies are essential partners in this effort, supplying tools and systems that enable security actors to detect, prevent and respond to evolving threats.

However, most of the security equipment used in Europe today originates abroad or contains essential non-EU components. This creates critical dependencies across the whole security spectrum. They are most evident in the digital domain – where the EU depends for approximately 80% of all products, services, infrastructure, and intellectual property on third country suppliers, mainly from the US and China.

One reason for this is the lack of big commercial providers of mainstream and large-volume digital solutions in Europe.
This dependence on non-European suppliers reduces Europe’s competitiveness, but it also creates political, economic and technological vulnerabilities with important consequences for its security. Without its own robust industrial base for security, Europe risks losing control over sensitive technologies and critical networks, and its ability to respond effectively in crises. To avoid this and ensure its sovereignty in strategic areas, Europe needs to strengthen its own industrial capacities, in particular for high-end security solutions.

Recent initiatives – including the Niinistö Report, the White Paper on Defence Readiness 2030, the European Preparedness Union Strategy, and the Internal Security Strategy (ProtectEU) – recognise the complex, non-military dimensions of today’s security threats. ProtectEU, especially, marks an important milestone by introducing the idea of an industrial policy dedicated to internal security. However, the strategy stops short of translating these intentions into concrete actions and commitments.

Furthermore, ProtectEU frames the development of a security industrial policy primarily around the needs of industries which rely on security solutions, rather than those that produce them. While the involvement of end-users is undoubtedly important, it is equally essential to include those who design, build and deliver the solutions for Europe’s security. The Internal Security Strategy therefore does not sufficiently address the structural challenges that weaken Europe’s security industry.

One such challenge is the insufficient market uptake of security solutions developed by European industry. This is in part due to the lack of a systematic and harmonised process for defining capability requirements across Member States and user communities. As a consequence, industry is often required to navigate a patchwork of short-term national or sectoral demands, which inhibits coordinated development and creates inefficiencies.7 The result is duplication of efforts, fragmented small-scale deployment, and suboptimal use of scarce R&D resources.

A second persistent obstacle lies in the difficulty for industry to make full use of security-relevant EU programmes. While important instruments with substantial budget envelopes exist (e.g. Horizon Europe, the Internal Security Fund (ISF), and the Integrated Border Management Fund (IBMF), they are scattered across different policy frameworks, with limited coordination between them. This often leads to delays, overlaps, and a lack of strategic direction.

Finally, more should be done to ensure that the civil security sector can fully benefit from spin-offs and technological advances made in defence. In many cases, the same industrial actors are active in both fields, working on related or dual-use technologies. Yet the mechanisms for transferring knowledge and results from defence to security remain limited. Better exploiting potential synergies would allow Europe to maximise the return on public investment and accelerate the development of both military and non-military solutions.

Proposals for the next Multiannual Financial Framework

To adequately respond to current and future security threats, the European Union should urgently develop and implement an ambitious security industrial policy. This policy should recognise the strategic importance of high-end security providers which form an integral part of the Aerospace & Defence ecosystem. Since these companies play a leading role in ensuring Europe’s resilience, it is essential to place the challenges they face at the centre of such an industrial policy: define a framework for a capability-driven approach, mainstream industrial considerations into EU security programmes and foster synergies with defence. Since today’s security threats concern Europe as a whole, this policy should also harness the full potential of cooperation with partners. This is the case in particular for the UK, which has just recently concluded a Defence and Security Partnership with the EU.

Most importantly, an EU security industrial policy must be based on adequate funding mechanisms, and the preparation of the next MFF is a unique opportunity to create them. The Commission’s Communication on the path towards the next Multiannual Financial Framework proposes a simplified, policy-driven approach to maximise impact. In line with this ambition, ASD recommends consolidating in the next MFF all security-related instruments into a single 'Securing Europe Facility' (SEF), as proposed in the Niinistö Report. This facility should come under a specific Security and Defence heading and bring together the current civil security research cluster of Horizon Europe, the Internal Security Fund, the Integrated Border Management Fund, as well as the cybersecurity elements of the Digital Europe Programme and the Connecting Europe Facility (CEF Digital). This would ensure consistency and continuity between security-focused programmes and allow for a coherent use of EU funding from research to deployment.

To this end, the SEF should also introduce and support European Security Projects of Common Interest (ESPCI). Such ESPCIs could be key instruments for a successful industrial policy: federating different instruments, they could catalyse strategic investments into critical security areas and drive market uptake of advanced European security technologies. ESPCIs could, for instance, be used to address the urgently required protection of Europe’s transnational energy, transport, and communication networks. Just like the Connecting Europe Facility mobilised investments in European networks of physical (energy, transport, telecom cables) and digital infrastructures, the SEF could support ESPCIs to secure these networks. Moreover, the implementation of structured flagship projects at EU-level could help steer procurement towards European solutions, reducing the reliance on off-the-shelf products from non-European suppliers.

Finally, and related to this last point, the forthcoming revision of the Defence and Security Procurement Directive (2009/81/EC) – suggested in the Internal Security Strategy – should be used as an opportunity to frame procurement as an instrument of industrial policy. The White Paper on European Defence readiness 2030 announced that this revision ‘will take into account the Competitiveness Compass recommendation to introduce a European preference’. Given the strategic importance of non-military security, we strongly advocate to introduce this preference also for sensitive security procurements. Although the current Directive already allows to limit calls for tenders to European suppliers, most contracting authorities in the field of security are not aware or do not wish to use this option. Including an explicit provision on European preference could ensure that security equipment and technologies made in Europe benefit from priority consideration in public procurement processes. This, in turn, would directly support innovation uptake, stimulate industrial competitiveness, and help ensure that European investments in security research are effectively translated into tangible capabilities deployed across Europe.

Conclusion

A holistic approach to European security rests on the twin pillars of military defence and civil security, supported at its high-end by a common technological and industrial base. Investing in this base and fostering synergies between defence and security is key. There is no security without technology, and no technology without industry. A robust EU security industrial policy is therefore essential to ensure that Europe can develop the technological means to protect itself and its citizens.

Given Europe’s stark threat situation on the one hand, and the significance of technology for Europe's security on the other, we urge the EU and its Member States to put the link between security, technology and industry at the heart of future initiatives and funding instruments. The next Multiannual Financial Framework must set the basis for this. Establishing a Securing Europe Facility and European Security Projects of Common Interest would make the use of EU spending for security more coherent, more efficient and more strategic. As such, they would make a real difference for Europe’s resilience, preparedness, and competitiveness.