BRUSSELS — In the 10 years since the Brussels terror attacks, the EU has tightened its security strategy but the internet is opening up new threats, according to the bloc’s counterterrorism coordinator.  Daesh is “mutating jihadism,” Bartjan Wegter told POLITICO in an interview on the eve of the anniversary of the terrorist attacks in Brussels, which pushed the bloc to bolster border protection and step up collaboration and information-sharing. The group has “calculated that it’s much more effective to radicalize people who are already inside the EU through online environments rather than to organize orchestrated attacks from outside our borders,” he said.  “And they’re very good at it.” Ten years ago, two terrorists from Daesh (also known as the so-called Islamic State) blew themselves up at Brussels Airport. Another explosion tore through a metro car at Maelbeek station, in the heart of Brussels’ EU district. Thirty-two people were killed, and hundreds more injured.  The attacks came just months after terrorists killed 130 people in attacks on a concert hall, a stadium, restaurants and bars in Paris, exposing gaps in information-sharing in the bloc’s free-travel area. The terrorists had moved between countries, planning the attacks in one and carrying them out in another, said Wegter, who is Dutch. “That’s where our vulnerabilities were.” Today, violent jihadism remains a threat and new large-scale attacks can’t be excluded. But the probability is “much, much lower today than it was 10 years ago,” said Wegter. In the aftermath of the attacks, the bloc changed its security strategy with a focus on prevention and a “security reflex” across every policy field, according to Wegter. It’s also stepping up police and judicial collaboration through Europol and Eurojust, and it’s putting in place databases — including the Schengen Information System — so countries could alert each other about high-risk individuals, as well as an entry/exit system to monitor who enters and leaves the free-travel area. But the bloc is facing a new type of threat, as security officials see a gradual increase in attempted terrorist attacks by lone actors. A lot of that is being cultivated online and increasingly, younger people are involved. “We’ve seen cases of children 12 years old. And, the radicalization process [is] also happening faster,” Wegter said. “Sometimes we’re talking about weeks or months.” In 2024, a third of all arrests connected to potential terror threats were of people aged between 12 and 20 years old, and France recorded a tripling of the number of minors radicalized between 2023 and 2024, said Wegter.  “Just put yourself in the shoes of law enforcement … You’re dealing with young people who spend most of their time online … Who may not have a criminal record. Who, if they are plotting attacks, may not be using registered weapons. It’s very hard to prevent.” Violent jihadism is just one of the threats EU security officials worry are being cultivated online. Wegter said there is also an emerging trend of a violent right-wing extremist narrative online — and to a lesser extent, violent left-wing extremism. There’s also what he called “nihilistic extremist violence,” a new phenomenon that can feature elements of different ideologies or a drive to overthrow the system, but which is fundamentally minors seeking an identity through violence. “What we see online, some of these images are so horrible that even law enforcement needs psychological support to see this kind of stuff,” said Wegter. Law enforcement’s ability to get access to encrypted data and information on people under investigation is crucial, he stressed, and he drew parallels with the steps the EU took to secure the Schengen free movement 10 years ago. “If you want to preserve the good things of the internet, we also need to make sure that we have … some key mechanisms to safeguard the internet also.”

EU efforts to ban Huawei from 5G networks won the backing of a top court advisor Thursday, in a legal opinion that is likely to galvanize security hawks seeking to restrict Chinese tech in Europe. A lawyer for the EU’s top court in Luxembourg said rules blocking telecom operators from using risky suppliers can be set by the EU, not just national governments. They also said telecom operators don’t need to be compensated for the cost of replacing Huawei equipment. It’s a blow for Europe’s telecom giants, which have pushed back against banning China’s Huawei from 5G procurement and have told EU officials that large-scale bans are an “act of self-harm” that could even bring down networks. It is a win for China hawks, who have fought to impose tougher measures against Huawei — with strong backing from Washington. The EU has spent years trying to persuade national governments to voluntarily kick out Huawei and ZTE over concerns that their presence in European telecom networks could enable large-scale spying and surveillance by the Chinese government. It is now working on broader rules that seek to reduce the bloc’s reliance on foreign “high-risk” suppliers and limit foreign government control over its digital networks. The case was brought by Estonian telecom operator Elisa, which is seeking compensation for the costs of removing Huawei and is challenging whether the EU has the competence to ask for restrictions on Chinese vendors. Thursday’s opinion said national security authorities can follow EU guidance when imposing bans on Huawei. The Court of Justice is expected to issue its final ruling on the case later this year, and may take the opinion from Advocate General Tamara Ćapet into account. Laszlo Toth, head of Europe at global telecom lobby association GSMA, said in reaction that “blanket rip-and-replace mandates are an unreasonable approach to what is a highly nuanced situation.” The industry considers national security measures should remain the responsibility of national governments, he said. Huawei said the opinion “recognizes that all restrictive measures with regards to telecom equipment must be subject to judicial review, under a strict standard of proportionality” and that “decisions cannot rest on general suspicion … but must be based on a specific assessment.” “We expect EU or national restrictions to be scrutinized under this principle,” Huawei said. BOON FOR BRUSSELS Progress towards an EU-wide ban has been sluggish, with many national governments dragging their feet, in part due to fears of Chinese trade retaliation. European Commission Executive Vice President Henna Virkkunen told POLITICO in January that she is “not satisfied” with voluntary efforts by EU capitals to kick out Huawei. The EU executive now wants binding rules, laid out in a proposal in January. Large telecom players in Europe have pushed back hard against restrictions on Huawei, arguing that blocking risky vendors is a national security measure — an area handled exclusively by national governments. Efforts to clamp down on risky vendors should respect “the competence of member states for national security matters,” industry group Connect Europe said in January. Thursday’s opinion suggests operators will have a harder time fighting the bans.  It also bodes badly for operators hoping to get compensated for ripping out Huawei equipment. Many have sought financial support and compensation for the measures, which they say add massive unexpected costs to network rollouts. The EU executive previously estimated that phasing out “specific high-risk equipment” would cost between €3.4 billion and €4.3 billion per year for three years. Only if the burden for replacing Huawei is “disproportionately heavy,” could telcos seek compensation, according to the opinion. Elisa said it welcomed the legal recommendation that all decisions made on the grounds of national security should still be subject to judicial review. It said the restrictions in Estonia “amounted to a deprivation of its ownership rights … as the impacted equipment has become unusable” and that Elisa “already swapped the majority of its network equipment to Nokia.” Chinese vendor ZTE, the smaller rival of Huawei, did not respond to a request for comment. Mathieu Pollet contributed reporting.

BRUSSELS — Most Europeans believe the U.S. could pull the plug on technology that Europe heavily relies on, according to a new poll. Eighty-six percent of people think a sudden U.S. move to restrict Europe’s access to digital services is “plausible” and “should not be ruled out,” and 59 percent called it “already a real and concrete risk,” in a survey conducted by SWG and Polling Europe presented to European Parliament members this week. European governments are trying to reduce their dependency on U.S. technology for critical services like cloud, communications and AI. One fear driving the shift to use homegrown tech is that of a “kill switch”; the idea that U.S. President Donald Trump could force the hand of American tech providers to cease services in Europe. Those fears peaked when the International Criminal Court’s Chief Prosecutor Karim Khan lost access last year to his Microsoft-hosted email account after the U.S. imposed sanctions on him. “During the last year, everybody has really realized how important it is that we are not dependent on one country or one company when it comes to some very critical technologies,” the EU’s tech chief Henna Virkkunen told an audience in Brussels earlier this year, at an event organized by POLITICO. “In these times … dependencies, they can be weaponized against us,” Virkkunen said. The survey quizzed 5,079 respondents across all 27 EU member countries in January. For 55 percent of those interviewed, charting a “European path” has become a “central strategic issue.” The European Parliament and a series of national government institutions have already taken steps to move away from ubiquitous U.S. tech — though EU capitals have cautioned the transition won’t happen overnight. The European Commission is also finalizing a set of proposals due in late May to reduce reliance on foreign tech, including defining what qualifies as a sovereign provider and which critical sectors should rely exclusively on them to safeguard European data and day-to-day operations. The poll suggests U.S. efforts to debunk and dismiss the “kill switch” scenario haven’t convinced Europeans. U.S. National Cyber Director Sean Cairncross told an audience in Munich in February that the idea that Trump can pull the plug on the internet is not “a credible argument.” Microsoft President Brad Smith said in Brussels last year that the “kill switch” scenario was “exceedingly unlikely” to happen, but acknowledged it’s “a real concern of people across Europe.” He pledged to push back against any prospective orders to suspend operations in Europe. U.S. firms at the same time are rushing to assuage the concerns with safeguards, like air-gapped solutions that would prove resilient in the case of operational disruptions.

The FBI is buying up information that can be used to track people’s movement and location history, Director Kash Patel said during a Senate hearing Wednesday. It is the first confirmation that the agency is actively buying people’s data since former Director Christopher Wray said in 2023 that the FBI had purchased location data in the past but was not doing so at that time. “We do purchase commercially available information that’s consistent with the Constitution and the laws under the Electronic Communications Privacy Act, and it has led to some valuable intelligence for us,” Patel told senators at the Intelligence Committee’s annual Worldwide Threats hearing. The U.S. Supreme Court has required law enforcement agencies to obtain a warrant for getting people’s location data from cell phone providers since 2018, but data brokers offer an alternative avenue by purchasing the information directly. Many lawmakers want to end the practice. Sens. Ron Wyden (D-Ore.) and Mike Lee (R-Utah) introduced the Government Surveillance Reform Act on March 13, which would require federal law enforcement and intelligence agencies to obtain a warrant to buy Americans’ personal information. “Doing that without a warrant is an outrageous end run around the Fourth Amendment, it’s particularly dangerous given the use of artificial intelligence to comb through massive amounts of private information,” Wyden said at Wednesday’s hearing. The bill has a House counterpart introduced by Rep. Zoe Lofgren (D-Calif.) and Warren Davidson (R-Ohio). Committee Chair Tom Cotton (R-Ark.) defended the practice at the hearing. “The key words are commercially available. If any other person can buy it, and the FBI can buy it, and it helps them locate a depraved child molester or savage cartel leader, I would certainly hope the FBI is doing anything it can to keep Americans safe,” he said. Defense Intelligence Agency Director James Adams told senators at the hearing that his agency also purchases commercially available information.

BRUSSELS — European Union countries on Monday slapped new sanctions on hacking groups, including an Iranian group that targeted subscribers of the French satirical magazine Charlie Hebdo. Capitals froze assets and banned doing business with Iranian company Emennet Pasargad, which in 2023 stole data of subscribers to the French magazine and advertised the data for sale on the dark web. Charlie Hebdo was targeted by terrorists in 2015 after publishing cartoons of the Prophet Muhammed. Microsoft in 2023 pinned the data theft on Emennet Pasargad, which happened after the magazine published cartoons mocking then-Iranian Supreme Leader Ali Khamenei. Capitals also sanctioned Chinese company Integrity Technology Group and Chinese firm Anxun Information Technology, also known as i-Soon, and its co-founders Chen Cheng and Wu Haibo, who are banned from entering the EU, the EU sanctions listing showed. According to the details of the sanctions, Anxun Information Technology targeted “critical infrastructure and critical state functions” of EU countries and sold classified information as part of so-called hack-for-hire services.  The United States Department of Justice in March 2025 indicted 12 people involved in i-Soon for cyberattacks the U.S. said it had carried out at the behest of Chinese security services. Chinese security services “paid handsomely” for the data the groups stole, the department said.  Integrity Technology Group, the other Chinese company, facilitated the activities of a Chinese state hacking group dubbed Flax Typhoon, which security officials say has targeted organizations in Taiwan for espionage purposes. Flax Typhoon used Integrity’s products and technology to hack into more than 65,000 devices in six EU member countries, the Council of the EU said on Monday. The U.S. Treasury Department also sanctioned Integrity in January 2025. The United Kingdom hit both Chinese companies with sanctions late last year. 

Poland is looking into whether an attempted cyberattack on a nuclear research facility was carried out by Iran, the government said on Thursday. The country’s digital minister Krzysztof Gawkowski said in an emailed statement that Poland had “identified an attempted cyberattack on the servers of the National Centre for Nuclear Research,” which authorities had thwarted. He told local media that the attack was carried out “in the past few days,” Reuters reported.  The nuclear center said in a statement that “all safety systems operated according to procedures.” A reactor is “operating safely and smoothly at full power,” Jakub Kupecki, the center’s director said in the statement. The facility carries out research into nuclear energy; Poland does not have nuclear weapons of its own.  Polish cybersecurity services and the energy ministry are working with the facility, Gawkowski said.  The minister told local media that there are early signals suggesting the attack came from Iran, Reuters reported. “The first identifications of the entry vectors … are related to Iran,” he said, adding that more investigation is required.  Gawkowski added that hackers could also have used indicators linking the attack to Iran in efforts to hide their real origins. Poland has faced a huge number of Russian cyberattacks since the war in Ukraine began in 2022. Western cyber and intelligence agencies have warned critical entities to be on high alert for Iranian cyberattacks following the start of the conflict in late February. The Iranian embassy in Warsaw did not immediately respond to a request for comment.

Hackers from the Kremlin have mounted a “large-scale global cyber campaign” targeting civil servants, military personnel and other notable figures via messaging applications WhatsApp and Signal, Dutch intelligence services warned on Monday. The Russian operation aims to trick victims into revealing PIN codes for secure messaging apps Signal and WhatsApp, the Netherlands’ military intelligence service and domestic intelligence agency said in a joint public advisory. The bulletin did not indicate when the deception campaign began. Hackers are posing as a fake Signal support chatbot to persuade users to share their codes, allowing them to take over an account to read incoming communications and group chats. The culprits were also found to have exploited the “linked devices” feature of the apps, which lets them connect another device to the victim’s account and quietly monitor messages. The campaign has targeted government personnel as well as individuals of interest to the Russian government, including journalists, the Dutch authorities said. They also emphasized that individual accounts have been compromised, not the messaging apps as a whole. Signal is used widely by public officials as a secure and independent communications channel, and has been the recommended application for EU officials to use for external comms since 2020. “Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information,” said the director of the Dutch military intelligence service, Peter Reesink. United States Secretary of Defense Pete Hegseth and other top U.S. officials came under fire last year for using the app to exchange classified information in an incident known as Signalgate. WhatsApp’s communication director, Joshua Breckman, said the company continues “to build ways to protect people from online threats ,” adding that users should never share their six-digit code with others. Signal did not immediately respond to a request for comment. The Russian government did not immediately respond to a request for comment.

Germany’s data privacy authority on Thursday warned it can’t properly protect citizens from surveillance by the country’s intelligence services, right as Germany is moving to fortify its intelligence agency with sweeping new powers. “Citizens have virtually no means of defending themselves against intelligence measures that can deeply intrude on their privacy,” Louisa Specht-Riemenschneider, the head of the Federal Commissioner for Data Protection and Freedom of Information (BfDI), warned after a court ruled against the commissioner’s request to get data on espionage activities. Germany is drafting laws to give its intelligence services vast new powers, in a historic shift that breaks with decades of strict limits on its espionage abilities, rooted in the country’s Nazi and Cold War past. Berlin’s plan to empower intelligence services comes as European leaders grow increasingly concerned that U.S. President Donald Trump could move to halt American intelligence sharing with Europe. To keep German spies in check, the country’s privacy regulator started a legal challenge against the Federal Intelligence Service (BND) after it refused to share details of how it hacked electronic devices of foreigners abroad and gathered data. On Thursday, an administrative court ruled the privacy regulator didn’t have legal standing to pursue the case, redirecting it to file a complaint with Germany’s chancellery instead. The ruling means “areas free from oversight will emerge” within German spy agencies, Specht-Riemenschneider said, calling the agencies’ data processing practices “secretive.” Germany’s BND has historically been far more legally constrained than intelligence agencies elsewhere, due to intentional protections put in place after World War II to prevent a repeat of the abuses perpetrated by the Nazi spy and security services Gestapo and SS. The agency was put under the oversight of the chancellery and bound to a strict parliamentary control mechanism. Germany’s stringent data protection laws — which are also largely a reaction to the legacy of the East German secret police, or Stasi — restrict the BND further. The agency must, for instance, redact personal information in documents before passing them on to other intelligence services, POLITICO reported. The German government is now reviewing those constraints and preparing an overhaul of intelligence powers. Chancellor Friedrich Merz wants to boost and unfetter his country’s foreign intelligence service, giving it much broader authority to perpetrate acts of sabotage, conduct offensive cyber operations and more aggressively carry out espionage. Specht-Riemenschneider called on legislators to amend intelligence laws to make sure her authority can challenge agencies’ data processing, because the spy agency “can now effectively decide for itself what I am allowed to inspect and what I can therefore monitor,” she said. Spy services across Europe have also started to build a shared intelligence operation to counter Russian aggression. The push for deeper intelligence cooperation accelerated sharply after the Trump administration abruptly halted the sharing of battlefield intelligence with Kyiv last March. The BND did not immediately respond to a request for comment.

DUBLIN — TikTok on Tuesday began a defense of how it handles Europeans’ privacy and data in a court case that will define how Chinese-owned companies in Europe deal with Beijing’s spying laws. The popular social media app is going head to head with the Irish Data Protection Commission — Europe’s most powerful privacy regulator, which oversees tech giants including Meta, X and Google. At stake in the Irish court battle is whether TikTok is allowed to transfer personal data of Europeans to China. The company, which is owned by Chinese giant ByteDance, is challenging a €530 million fine by the Irish regulator last year, when officials found it had allowed Chinese staff to access Europeans’ data — but failed “to verify, guarantee and demonstrate” that the data was properly protected. The Irish regulator wants TikTok to shut off data flows to China, unless it can prove its user information is safe from Beijing’s invasive surveillance and intelligence laws. The case is a major test for Europe’s privacy rulebook, the General Data Protection Regulation (GDPR), and how it protects Europeans when their data is transferred to China. It comes as Europe is facing transatlantic pressure, forcing the bloc to revisit trade ties with Beijing, despite long-held security concerns over the Chinese government’s data snooping practices. Lawyers faced off Tuesday in Dublin’s top courts building, for the start of a grueling 10-day hearing, sparring over how to interpret the limits of Chinese laws and the merits of TikTok’s data practices. “The consequences of [the Irish regulator’s] decision are immense, even for a very large organization like TikTok,” the firm’s senior counsel Paul Gallagher told the court, estimating the cost of complying with the Irish order to run as high as €5 billion. If judges side with the Irish regulator, that could ultimately force TikTok to unplug from China entirely to continue serving European users — just months after it split off its U.S. operation into a new app, under the control of a group of investors led by Silicon Valley giant Oracle and investment firms Silver Lake and MGX, to alleviate long-standing American data security concerns. TikTok has estimated that it would cost billions for it to comply with the Irish regulator’s demand to cut off data flows, and would involve relocating thousands of its workers outside of China. DATA ACCESS WOES The Irish regulator slapped TikTok with the privacy fine last May after it found the platform couldn’t guarantee the data of its 159 million monthly users in Europe were safe from China’s “problematic” surveillance laws. “This is all about what TikTok have described as the relevant laws, and what the [Data Protection Commission, or DPC] have described as the problematic laws,” said TikTok’s senior counsel Gallagher, who is also a former attorney general for the Irish government. “We don’t think they are problematic, because we think they don’t apply. The DPC thinks they are problematic, because it thinks they do apply.” The fine was one of the highest the Irish regulator has handed out since it started enforcing the GDPR in 2018. It followed years of scrutiny from security and privacy authorities, as Western governments increasingly viewed TikTok as a threat. TikTok is owned by Beijing-based ByteDance, and staff in China have remote access to some European user data stored outside the country. In details shared with the Irish regulator during the investigation, TikTok said that the kind of data accessed by staff in China could include usernames and account holder details, interaction and activity data, and other personal data. It said the company didn’t intend to collect sensitive data about users, but it “may be collected incidentally or uploaded” by users, and staff needed to have “restricted and limited” access for research, security, analytics and other services. TikTok has said Chinese laws don’t apply to its data, which it stores outside of China, and has said it has never been asked to hand over data to Beijing’s authorities.  The firm already launched a massive campaign to alleviate European politicians’ security concerns in 2023, when it presented what it called “Project Clover,” a €12 billion plan designed to store data in Europe, overseen by a European security company. It mimicked a U.S. campaign called “Project Texas,” which promised similar controls to the U.S. in 2020. But the moves failed to persuade politicians. The EU already cracked down on TikTok for its own officials when it banned the app on their phones in 2023, a move that was followed by many governments across Europe. CHINA VS. US The TikTok case is also forcing Europe to deal with a blind spot: data flowing to China has, so far, been left largely unscrutinized. The EU has skirmished with American authorities for years over how to protect Europeans’ personal data from mass surveillance programs uncovered by whistleblower Edward Snowden in 2013. Data transfer agreements crafted by the EU and U.S. have been repeatedly wiped out by Europe’s top court over surveillance concerns. For data flowing to China, though, few cases have tested how companies protect Europeans’ data when it comes within reach of Beijing’s surveillance authorities. The Irish regulator’s decision to fine TikTok meant the “screw is turning” on data flows to China, Joe Jones, research director at the International Association of Privacy Professionals, said after the decision came out. “We’ve had over a decade of EU-U.K., EU-U.S. fights and sagas on [data flows]. This is the first time we’ve seen anything significant on any other country outside of that transatlantic triangle — and it’s China,” Jones said.

LONDON — Western governments are being urged to clamp down on cryptocurrency as new research suggests $350 billion has been laundered by criminals and hostile states using the technology in the past two decades. A new report for the Henry Jackson Society think tank, shared with POLITICO, finds that worldwide money laundering has shifted dramatically towards cryptocurrency in recent years — with the United States, Russia and Britain seeing the highest number of confirmed cases. The report draws on a database of 164 publicly identified and documented money laundering cases between 2005 and 2025. It was compiled by Alexander Browder, son of American-British financier and anti-corruption campaigner Bill Browder. Alexander Browder said that the true figure could even be “many multiples” higher than the hundreds of billions that have been identified. The study also sheds light on lax enforcement of money laundering powered by crypto. It finds that 79 percent of cases have resulted in no convictions, while only 29 percent of funds have been recovered by authorities. The researchers, based in the U.K., call on the British government to set up a new Cryptocurrency Asset Recovery Office. This would hold recovered funds to transfer back to their rightful owners. Chris Coghlan, a member of the House of Commons Treasury Select Committee told POLITICO: “The sophistication and speed of crypto currency money launderers is much higher and faster than our government’s ability to react.  “As a result, our sanctions and law enforcement are in an increasingly weak position to stop it. This report highlights the need for a robust policy response to this pressing issue.” POLITICAL ISSUE Cryptocurrency is increasingly becoming a regulatory battleground in both the U.K. and the U.S. In America, President Donald Trump has come under fire for his ties to the industry. In April last year the U.S. disbanded a Department for Justice unit tasked with investigating crypto-related fraud. In Britain, Nigel Farage’s right-wing Reform UK became the first major British political party to accept crypto donations. The British government is considering a ban on political donations through crypto. But cryptocurrency exchanges will not be regulated by the country’s Financial Conduct Authority until 2027. Much of Britain’s concern about crypto comes from Russia’s recent embrace of the currency as an alternate means of financing its war economy following the invasion of Ukraine. Browder said Russia is now successfully evading sanctions using cryptocurrency — and that it is becoming a global epicenter for its illicit use. “Half of the illicit exchanges identified in the database have been based in Russia. Four out of five major ransomware groups in the database have been based in Russia.  “It is the home to crypto darknet marketplaces such as Hydra — one of the largest in the world, which had processed over $5 billion in illicit funds through the sale of harmful drugs and other illegal services,” he warned. Browder added that British, American and EU policymakers have so far been unable to tackle the problem: “Criminals and rogue regimes are basically running circles around U.K., U.S. and EU prosecutors.” “Criminals are able to escape without legal consequences, and victims are left without redress and adequate compensation.”