The Council of the European Union formally approved a set of conclusions aimed at beefing up the EU’s capacity to prevent, deter and respond to hybrid threats targeting the Union, its member states and partners. In language rarely used for bureaucratic texts, the Council condemned coordinated malicious activities that fall below the threshold of traditional warfare, including sabotage of critical infrastructure, cyber operations, foreign information manipulation, election interference and the instrumentalization of migration that seek to destabilise democratic societies and security structures. The text singles out Russia and its proxies for their sustained hybrid campaigns and commits the EU to a strategic, collective approach to countering these threats.
At the heart of the conclusions is a stronger push to make the EU’s ‘hybrid toolbox’ and cyber diplomacy mechanisms more effective and responsive. Member states reaffirmed their intention to scale up protections for critical infrastructure, safeguard democratic processes, counter election interference, and work more closely with international partners, the private sector, and civil society.
The Council also stressed the importance of supporting candidate and potential candidate countries affected by hybrid campaigns, reflecting broader concerns about external actors eroding support for Ukraine and others in the EU’s neighbourhood.
“Hybrid threats are increasingly used to test our resilience and undermine our democratic institutions,” Constantinos Kombos, Minister of Foreign Affairs of the Republic of Cyprus, said in a Monday media statement. “With these conclusions, the EU sends a clear message: we will act together to further strengthen our preparedness, protect our societies and respond firmly to those who seek to destabilise us.”
The Council reaffirms its determination to use available tools, including the EU hybrid toolbox, the cyber diplomacy toolbox and other instruments at the EU’s disposal, ranging from legislation to restrictive measures, and calls for their further implementation, strengthening and development to prevent, deter and respond to hybrid threats. This includes increasing the cost of hybrid activity against the EU for those responsible, protection of critical infrastructure, defending democratic processes and institutions, countering election interference, cooperation with international organisations and like-minded partners, and with the private sector, academia and civil society.
The Council also reiterates the need to support partners affected by hybrid threats, particularly candidate and potential candidate countries.
Hybrid threats usually refer to coordinated harmful activities that are planned and carried out with malign intent. They aim to undermine a target, such as a state or an institution, through a variety and often a combination of means. They are designed in a way that makes detecting and defending against them difficult and are devised to remain below the threshold that could constitute or be perceived as an act of war. These may include, but are not limited to, information manipulation and interference, cyberattacks, economic coercion, coercive diplomacy, and threats of military force.
Both state and non-state actors are deploying ever more complex and sophisticated hybrid tactics. They are not only a security risk, but also pose a threat to democracy, targeting its core values and aiming at fracturing society and undermining political decision-making.
Following the adoption of the Strategic Compass for Security and Defence in March 2022, the EU established an EU hybrid toolbox. The toolbox comprises the preventive, cooperative, stability-building, restrictive, and support measures as set out in the June 2022 Council conclusions on a framework for a coordinated EU response to hybrid campaigns.
The Council categorically condemns acts of sabotage targeting critical infrastructure, alongside malicious cyber operations, foreign information manipulation and interference, election meddling, and the instrumentalisation of migration. It warns that these tactics are increasingly intertwined and designed to exploit systemic vulnerabilities, underscoring the urgency of strengthening both the protection of critical infrastructure and the broader resilience of Member States against hybrid threats.
It calls on Member States to accelerate implementation of key Union frameworks, notably the NIS2 and Critical Entities Resilience directives, while stressing that the Cyber Blueprint will be central to enabling a coordinated, rapid response to large-scale cyber incidents. The Council also points to a growing policy stack, including the Preparedness Union Strategy, the ProtectEU Internal Security Strategy, and the EU Action Plan on Cable Security, as essential building blocks in reinforcing Europe’s collective defence posture against evolving hybrid risks.
The Council stresses that malicious cyber activity is rarely isolated. It is often embedded within broader hybrid campaigns targeting the European Union, its Member States, and partners, including operations carried out by non-state actors acting as state proxies. It reiterates the need to fully deploy the Cyber Diplomacy Toolbox to prevent, deter, and respond to cyber threats.
It also underscores the urgency of safeguarding maritime security and reaffirms its commitment to international law, particularly the United Nations Convention on the Law of the Sea. The Council calls for stronger collective resilience in the maritime domain, in line with the EU Maritime Security Strategy, with a focus on situational awareness, protection of critical and subsea infrastructure, and the ability to respond rapidly through coordinated civilian and military capabilities.
Member States are urged to intensify coordinated efforts, with support from the High Representative and the Commission, to counter hybrid threats in the air domain. These include violations of Flight Information Regions and national airspace, disruption of airport operations, and the misuse of unmanned systems, radiofrequency interference such as GNSS jamming and spoofing, cyber-attacks, and drone-enabled espionage.
The Council reiterates its determination to raise the cost of hybrid operations, including those conducted through proxies, by making full use of existing instruments. This includes the EU’s restrictive measures frameworks targeting destabilizing activities, notably those linked to Russia, as well as cyber-attacks against the Union and its Member States.
It further welcomes the deployment of FIMI (foreign information manipulation and interference) monitoring tools across all CSDP (Common Security and Defence Policy) missions and operations, stressing the need for continued training, detection capabilities, and operational and analytical support to strengthen resilience against FIMI. The Council also recognizes the EU Cyber Defence Coordination Centre as a central initiative to enhance cyber situational awareness across missions and operations.
After rolling out a new cybersecurity package to bolster resilience against escalating threats, the European Commission introduced an ICT Supply Chain Security Toolbox, setting out a coordinated EU framework to identify, assess and mitigate risks across critical technology supply chains. The toolbox outlines key risk scenarios and recommends targeted measures, including tighter scrutiny of critical suppliers, adoption of multi-vendor strategies and steps to reduce reliance on high-risk vendors. It is designed to give Member States a practical, operational structure to strengthen supply chain security.
