A cargo ship that sailed from Russia was detained in the Gulf of Finland on Wednesday following damage to an underwater data cable linking Finland and Estonia. “A ship that was in the area at the time of the cable damage between Helsinki and Tallinn has been diverted to Finnish waters,” Prime Minister Petteri Orpo posted on X. “The government is closely monitoring the situation.” The Fitburg, which was under the flag of Saint Vincent and the Grenadines, had departed St. Petersburg, Russia on Dec. 30 and was en route to Israel with crew from Russia, Azerbaijan, Georgia and Kazakhstan. Telecoms provider Elisa notified authorities at 5 a.m. of a cable break in Estonia’s exclusive economic zone, which extends 200 nautical miles from its coast. Hours later a Finnish patrol vessel caught the Fitburg with its anchor in the water in Finland’s exclusive economic zone, the country’s coast guard reported. “At the moment we suspect aggravated disruption of telecommunications and also aggravated sabotage and attempted aggravated sabotage,” Helsinki police chief Jari Liukku told media. “Finland is prepared for security challenges of various kinds, and we respond to them as necessary,” President Alexander Stubb said on X. Earlier this year the NATO military alliance launched its “Baltic Sentry” program to stop attacks against subsea energy and data cables in the Baltic Sea that have multiplied following Russia’s 2022 invasion of Ukraine. The sabotage has included the severing of an internet cable between Finland and Germany in November 2024 and another between Finland and Sweden the following month. A July study by the University of Washington found that 10 subsea cables in the Baltic Sea had been cut since 2022. “A majority of these incidents have raised suspicions of sabotage by state actors, specifically Russia and China, who have been particularly active in the region,” the study noted.

Elisabeth Braw is a senior fellow at the Atlantic Council, the author of the award-winning “Goodbye Globalization” and a regular columnist for POLITICO. It was hardly the kind of peace and cheer one hopes to see leading up to Christmas. But on Dec. 7, the second Sunday of Advent, a collection of telecoms masts in Sweden were the site of a strange scene, as a foreign citizen turned up and began taking photographs. The case became widely known two days later, when the CEO of Teracom, a state-owned Swedish telecom and data services provider, posted an unusual update on LinkedIn: Company employees and contracted security had helped detain a foreign citizen, CEO Johan Petersson reported. They had spotted the foreigner taking pictures of a group of Teracom masts, which are sensitive installations clearly marked with “no trespassing” signs. After being alerted by the employees, police had arrested the intruder. “Fast, resolute and completely in line with the operative capabilities required to protect Sweden’s critical infrastructure,” Petersson wrote. But his post didn’t end there: “Teracom continually experiences similar events,” he noted. “We don’t just deliver robust nets — we take full responsibility for keeping them secure and accessible around the clock. This is total defense in practice.” That’s a lot of troubling news in one message: a foreign citizen intruding into an area closed to the public to take photos of crucial communications masts, and the fact that this isn’t a unique occurrence. Indeed, earlier this year, Swedish authorities announced they had discovered a string of some 30 cases of sabotage against telecoms and data masts in the country. How many more potential saboteurs haven’t been caught? It’s a frightening question and, naturally, one we don’t have an answer to. It’s not just communications masts that are being targeted. In the past couple years, there have been fires set in shopping malls and warehouses in big cities. There have been suspicious drone sightings near defense manufacturing sites and, infamously, airports. Between January and Nov. 19 of this year, there were more than 1,072 incidents involving 1,955 drones in Europe, and as a group of German journalism students have established, some of those drones were launched from Russian-linked ships. And of course, there has been suspicious damage to undersea cables and pipelines in the Baltic Sea and off the coast of Taiwan. I’ve written before in this publication that Russia’s goal with such subversive operations may be to bleed our companies dry, and that China seems to be pursuing the same objective vis-à-vis certain countries. But when it comes to critical national infrastructure — in which I could include institutions like supermarkets — we need them to work no matter what. Imagine going a day or two or three without being able to buy food, and you’ll see what I mean. The upside to Teracom’s most recent scare was that the company was prepared and ultimately lost no money. Because its staff and security guards were alert, the company prevented any damage to their masts and operations. In fact, with the perpetrator arrested — whether prosecutors will decide to charge him remains to be seen — Teracom’s staff may well have averted possible damage to other businesses too. Moving forward, companies would do well to train their staff to be similarly alert when it comes to saboteurs and reconnaissance operators in different guises. We can’t know exactly what kind of subversive activities will be directed against our societies, but companies can teach their employees what to look for. If someone suddenly starts taking pictures of something only a saboteur would be interested in, that’s a red flag. Indeed, boards could also start requiring company staff to become more vigilant. If alertness can make the difference between relatively smooth sailing and considerable losses — or intense tangling with insurers — in these geopolitically turbulent times, few boards would ignore it. And being able to demonstrate such preparedness is something companies could highlight in speeches, media interviews and, naturally, their annual reports. Insurers, in turn, could start requiring such training for these very reasons. After serious cyberattacks first took off, insurers paid out on their policies for a long time, until they realized they should start obliging the organizations they insure to demonstrate serious protections in order to qualify for insurance. Insurers may soon decide to introduce such conditions for coverage of physical attacks too. Even without pressure from boards or insurers, considering the risk of sabotage directed at companies, it would be positively negligent not to train one’s staff accordingly. Meanwhile, some governments have understandably introduced resilience requirements for companies that operate crucial national infrastructure. Under Finland’s CER Act, for instance, “critical entities must carry out a risk assessment, draw up a resilience plan and take any necessary measures.” The social contract in liberal democracies is that we willingly give up some of our power to those we elect to govern us. These representatives are ultimately in charge of the state apparatus, and in exchange, we pay taxes and obey the law. But that social contract doesn’t completely absolve us from our responsibility toward the greater good. That’s why an increasing number of European countries are obliging 19-year-olds to do military service. When crises approach, we all still have a part to play. Helping spot incidents and alerting the authorities is everyone’s responsibility. Because the current geopolitical turbulence has followed such a long period of harmony, it’s hard to crank up the gears of societal responsibility again. And truthfully, in some countries, those gears never worked particularly well to begin with. But for companies, however, stepping up to the plate isn’t just a matter of doing the right thing — it’s a matter of helping themselves. Back in the day, the saying went that what was good for Volvo was good for Sweden, and what was good for General Motors was good for the U.S. Today, when companies do the right thing for their home countries, they similarly benefit too. Now, let’s get those alertness courses going.

BRUSSELS — European banks and other finance firms should decrease their reliance on American tech companies for digital services, a top national supervisor has said. In an interview with POLITICO, Steven Maijoor, the Dutch central bank’s chair of supervision, said the “small number of suppliers” providing digital services to many European finance companies can pose a “concentration risk.” “If one of those suppliers is not able to supply, you can have major operational problems,” Maijoor said. The intervention comes as Europe’s politicians and industries grapple with the continent’s near-total dependence on U.S. technology for digital services ranging from cloud computing to software. The dominance of American companies has come into sharp focus following a decline in transatlantic relations under U.S. President Donald Trump. While the market for European tech services isn’t nearly as developed as in the U.S. — making it difficult for banks to switch — the continent “should start to try to develop this European environment” for financial stability and the sake of its economic success, Maijoor said. European banks being locked in to contracts with U.S. providers “will ultimately also affect their competitiveness,” Maijoor said. Dutch supervisors recently authored a report on the systemic risks posed by tech dependence in finance. Dutch lender Amsterdam Trade Bank collapsed in 2023 after its parent company was placed on the U.S. sanctions list and its American IT provider withdrew online data storage services, in one of the sharpest examples of the impact on companies that see their tech withdrawn. Similarly a 2024 outage of American cybersecurity company CrowdStrike highlighted the European finance sector’s vulnerabilities to operational risks from tech providers, the EU’s banking watchdog said in a post-mortem on the outage. In his intervention, Maijoor pointed to an EU law governing the operational reliability of banks — the Digital Operational Resilience Act (DORA) — as one factor that may be worsening the problem. Those rules govern finance firms’ outsourcing of IT functions such as cloud provision, and designate a list of “critical” tech service providers subject to extra oversight, including Amazon Web Services, Google Cloud, Microsoft and Oracle. DORA, and other EU financial regulation, may be “inadvertently nudging financial institutions towards the largest digital service suppliers,” which wouldn’t be European, Maijoor said. “If you simply look at quality, reliability, security … there’s a very big chance that you will end up with the largest digital service suppliers from outside Europe,” he said. The bloc could reassess the regulatory approach to beat the risks, Maijoor said. “DORA currently is an oversight approach, which is not as strong in terms of requirements and enforcement options as regular supervision,” he said. The Dutch supervisors are pushing for changes, writing that they are examining whether financial regulation and supervision in the EU creates barriers to choosing European IT providers, and that identified issues “may prompt policy initiatives in the European context.” They are asking EU governments and supervisors “to evaluate whether DORA sufficiently enhances resilience to geopolitical risks and, if not, to consider issuing further guidance,” adding they “see opportunities to strengthen DORA as needed,” including through more enforcement and more explicit requirements around managing geopolitical risks. Europe could also set up a cloud watchdog across industries to mitigate the risks of dependence on U.S. tech service providers, which are “also very important for other parts of the economy like energy and telecoms,” Maijoor said. “Wouldn’t there be a case for supervision more generally of these hyperscalers, cloud service providers, as they are so important for major parts of the economy?” The European Commission declined to respond.

Europe’s security does not depend solely on our physical borders and their defense. It rests on something far less visible, and far more sensitive: the digital networks that keep our societies, economies and democracies functioning every second of the day. > Without resilient networks, the daily workings of Europe would grind to a > halt, and so too would any attempt to build meaningful defense readiness. A recent study by Copenhagen Economics confirms that telecom operators have become the first line of defense in Europe’s security architecture. Their networks power essential services ranging from emergency communications and cross-border healthcare to energy systems, financial markets, transport and, increasingly, Europe’s defense capabilities. Without resilient networks, the daily workings of Europe would grind to a halt, and so too would any attempt to build meaningful defense readiness. This reality forces us to confront an uncomfortable truth: Europe cannot build credible defense capabilities on top of an economically strained, structurally fragmented telecom sector. Yet this is precisely the risk today. A threat landscape outpacing Europe’s defenses The challenges facing Europe are evolving faster than our political and regulatory systems can respond. In 2023 alone, ENISA recorded 188 major incidents, causing 1.7 billion lost user-hours, the equivalent of taking entire cities offline. While operators have strengthened their systems and outage times fell by more than half in 2024 compared with the previous year, despite a growing number of incidents, the direction of travel remains clear: cyberattacks are more sophisticated, supply chains more vulnerable and climate-related physical disruptions more frequent. Hybrid threats increasingly target civilian digital infrastructure as a way to weaken states. Telecom networks, once considered as technical utilities, have become a strategic asset essential to Europe’s stability. > Europe cannot deploy cross-border defense capabilities without resilient, > pan-European digital infrastructure. Nor can it guarantee NATO > interoperability with 27 national markets, divergent rules and dozens of > sub-scale operators unable to invest at continental scale. Our allies recognize this. NATO recently encouraged members to spend up to 1.5 percent of their GDP on protecting critical infrastructure. Secretary General Mark Rutte also urged investment in cyber defense, AI, and cloud technologies, highlighting the military benefits of cloud scalability and edge computing – all of which rely on high-quality, resilient networks. This is a clear political signal that telecom security is not merely an operational matter but a geopolitical priority. The link between telecoms and defense is deeper than many realize. As also explained in the recent Arel report, Much More than a Network, modern defense capabilities rely largely on civilian telecom networks. Strong fiber backbones, advanced 5G and future 6G systems, resilient cloud and edge computing, satellite connectivity, and data centers form the nervous system of military logistics, intelligence and surveillance. Europe cannot deploy cross-border defense capabilities without resilient, pan-European digital infrastructure. Nor can it guarantee NATO interoperability with 27 national markets, divergent rules and dozens of sub-scale operators unable to invest at continental scale. Fragmentation has become one of Europe’s greatest strategic vulnerabilities. The reform Europe needs: An investment boost for digital networks At the same time, Europe expects networks to become more resilient, more redundant, less dependent on foreign technology and more capable of supporting defense-grade applications. Security and resilience are not side tasks for telecom operators, they are baked into everything they do. From procurement and infrastructure design to daily operations, operators treat these efforts as core principles shaping how networks are built, run and protected. Therefore, as the Copenhagen Economics study shows, the level of protection Europe now requires will demand substantial additional capital. > It is unrealistic to expect world-class, defense-ready infrastructure to > emerge from a model that has become structurally unsustainable. This is the right ambition, but the economic model underpinning the sector does not match these expectations. Due to fragmentation and over-regulation, Europe’s telecom market invests less per capita than global peers, generates roughly half the return on capital of operators in the United States and faces rising costs linked to expanding security obligations. It is unrealistic to expect world-class, defense-ready infrastructure to emerge from a model that has become structurally unsustainable. A shift in policy priorities is therefore essential. Europe must place investment in security and resilience at the center of its political agenda. Policy must allow this reality to be reflected in merger assessments, reduce overlapping security rules and provide public support where the public interest exceeds commercial considerations. This is not state aid; it is strategic social responsibility. Completing the single market for telecommunications is central to this agenda. A fragmented market cannot produce the secure, interoperable, large-scale solutions required for modern defense. The Digital Networks Act must simplify and harmonize rules across the EU, supported by a streamlined governance that distinguishes between domestic matters and cross-border strategic issues. Spectrum policy must also move beyond national silos, allowing Europe to avoid conflicts with NATO over key bands and enabling coherent next-generation deployments. Telecom policy nowadays is also defense policy. When we measure investment gaps in digital network deployment, we still tend to measure simple access to 5G and fiber. However, we should start considering that — if security, resilience and defense-readiness are to be taken into account — the investment gap is much higher that the €200 billion already estimated by the European Commission. Europe’s strategic choice The momentum for stronger European defense is real — but momentum fades if it is not seized. If Europe fails to modernize and secure its telecom infrastructure now, it risks entering the next decade with a weakened industrial base, chronic underinvestment, dependence on non-EU technologies and networks unable to support advanced defense applications. In that scenario, Europe’s democratic resilience would erode in parallel with its economic competitiveness, leaving the continent more exposed to geopolitical pressure and technological dependency. > If Europe fails to modernize and secure its telecom infrastructure now, it > risks entering the next decade with a weakened industrial base, chronic > underinvestment, dependence on non-EU technologies and networks unable to > support advanced defense applications. Europe still has time to change course and put telecoms at the center of its agenda — not as a technical afterthought, but as a core pillar of its defense strategy. The time for incremental steps has passed. Europe must choose to build the network foundations of its security now or accept that its strategic ambitions will remain permanently out of reach. -------------------------------------------------------------------------------- Disclaimer POLITICAL ADVERTISEMENT * The sponsor is Connect Europe AISBL * The ultimate controlling entity is Connect Europe AISBL * The political advertisement is linked to advocacy on EU digital, telecom and industrial policy, including initiatives such as the Digital Networks Act, Digital Omnibus, and connectivity, cybersecurity, and defence frameworks aimed at strengthening Europe’s digital competitiveness. More information here.

BRUSSELS — Lawmakers in the European Parliament’s legal affairs committee have voted to go ahead and sue the European Commission for axing a proposal to regulate patent licensing. The JURI committee on Tuesday voted in favor of referring the Commission to the Court of Justice of the European Union for breaching EU law by withdrawing a proposal to regulate standard essential patents. The patents, for 4G and 5G networks used in mobile phones and connected cars, have been at the center of a long-running battle between the companies that own them and those that use them. European lawmakers have supported efforts to resolve the fight — and some accuse the EU executive of attacking democracy by killing off the initiative. President Roberta Metsola now needs to mandate the Parliament’s legal service to draft and file a case by Nov. 14, a Parliament official said, citing rules of procedure. If she intends to depart from JURI’s conclusions, she could also bring it to the Conference of Presidents or, in an unlikely scenario, submit it to a plenary vote, they added. Fourteen MEPs voted in favor of the action, against eight who opposed it, the official said. The vote was held behind closed doors.  The motion was spearheaded by German Social Democrat René Repasi, coordinator for the Committee on Legal Affairs and standing rapporteur for disputes involving the Parliament. “With today’s vote, we send a clear message: we will not stand by when the Commission oversteps its mandate,” Repasi said in an emailed statement following the vote. “The Commission’s right to withdraw a proposal, as was conducted with the Standard-Essential Patents (SEP) proposal, cannot be used as a political instrument to short-circuit Parliament’s work or to enforce a deregulation agenda from above. This is not in line with how the democratic processes in the European Union are meant to function.” Members of the European People’s Party, the center-right party allied to Commission President Ursula von der Leyen, were instructed to vote against taking legal action. “Today’s vote reflects Parliament’s concern about the balance of powers between EU institutions, but we must be clear: This legal action will not bring back the withdrawn legislative proposal,” Adrián Vázquez Lázara, the EPP’s lead on the issue, told POLITICO.  While he acknowledged that the withdrawal of the SEP bill raised some question marks, Vázquez Lázara said that legal action was not the right solution. “What can be questioned, however, is the wording and justification used in this specific withdrawal, which raises legitimate concerns about institutional transparency and communication,” Vázquez Lázara said. “Those Members who wish to see the proposal revived should seek political and legislative avenues to achieve that goal, rather than resorting to institutional confrontation.” Patent implementers, which historically supported the regulation and range from carmakers to Big Tech companies and SMEs, cheered the move. “There is still hope for democracy and fairness in the EU legislature,” said Evelina Kurgonaite of the Fair Standards Alliance, which represents the patent users. “We thank MEP [Marion] Walsmann and other JURI members for their leadership in fighting for a fair chance at innovation for  businesses in Europe, especially SMEs.” The Commission declined to comment.

MILAN — Nothing about the sand-colored façade of the palazzo tucked behind Milan’s Duomo cathedral suggested that inside it a team of computer engineers were building a database to gather private and damaging information about Italy’s political elite — and use it to try to control them.   The platform, called Beyond, pulled together hundreds of thousands of records from state databases — including flagged financial transactions and criminal investigations — to create detailed profiles on politicians, business leaders and other prominent figures.  Police wiretaps recorded someone they identified as Samuele Calamucci, allegedly the technical mastermind of the group, boasting that the dossiers gave them the power to “screw over all of Italy.”  The operation collapsed in fall 2024, when a two-year investigation culminated in the arrests of four people, with a further 60 questioned. The alleged ringleaders have denied ever directly accessing state databases, while lower-level operatives maintain they only conducted open-source searches and believed their actions were legal. Police files indicate that key suspects claimed they were operating with the tacit approval of the Italian state.  After months of questioning and plea bargaining, 15 of the accused are set to enter their pleas at the first court hearing in October.   The disclosures were shocking, not only because of the confidentiality of the data but also the high-profile nature of the targets, which included former Prime Minister Matteo Renzi and Ignazio La Russa, co-founder of the ruling Brothers of Italy party and president of the Senate.  The scandal underscores a novel reality: that in the digital era, privacy is a relic. While dossiers and kompromat have long been tools of political warfare, hackers today, commanded by the highest bidder, can access information to exploit decision-makers’ weaknesses — from private indiscretions to financial vulnerabilities. The result is a political and business class highly exposed to external pressures, heightening fears about the resilience of democratic institutions in an era where data is both power and liability.  POLITICO obtained thousands of pages of police wiretap transcripts and arrest warrants and spoke with alleged perpetrators, their victims and officials investigating the scheme. Together, the documents and interviews reveal an intricate plot to build a database filled with confidential and compromising data — and a business plan to exploit it for both legal and illegal means.  On the surface, the group presented itself as a corporate intelligence firm, courting high-profile clients by claiming expertise in resolving complex risk management issues such as commercial fraud, corruption and infiltration by organized crime.   Banca Mediolanum, said it had paid “€3,000 to Equalize to gather more public information regarding a company that could have been the subject of a potential deal, managed by our investment bank.” | Diego Puletto/Getty Images Prosecutors accuse the gang of compiling damaging dossiers by illegally accessing phones, computers and state databases containing information ranging from tax records to criminal convictions. The data could be used to pressure and threaten victims or fed to journalists to discredit them.  The alleged perpetrators include a former star police investigator, the top manager of Milan’s trade fair complex and several cybersecurity experts prominent in Italy’s tech scene. All have denied wrongdoing.  SUPERCOP TURNED SUPERCROOK  When the gang first drew the attention of investigators in the summer of 2022, it was almost by accident.  Police were tracking a northern Italian gangster when he arranged a meeting with retired police inspector Carmine Gallo at a coffee bar in downtown Milan. Gallo, a veteran in the fight against organized crime, was a familiar face in Italy’s law enforcement circles. The meeting raised suspicions, and authorities put Gallo under surveillance — and inadvertently uncovered the gang’s wider operations.  Gallo, who died in March 2025, was a towering figure in Italian law enforcement. He helped solve high-profile cases such as the 1995 murder of Maurizio Gucci — carried out by the fashion mogul’s ex-wife Patrizia Reggiani and her clairvoyant — and the 1997 kidnapping of Milanese businesswoman Alessandra Sgarella by the ‘ndrangheta organized crime syndicate.  Yet Gallo’s career was not without controversy. Over four decades, he cultivated ties to organized crime networks and faced repeated investigations for overstepping legal boundaries. He ultimately received a two-year suspended sentence for sharing official secrets and assisting criminals.  When he retired from the force in 2018, Gallo illegally carted off investigative material such as transcripts of interviews with moles, mafia family trees and photofits, prosecutors’ documents show. His modus operandi was to tell municipal employees to “get a coffee and come back in half an hour” while he photographed documents, he boasted in wiretaps.  Still, Gallo’s work ethic remained relentless. In 2019, he co-founded Equalize — the IT company that hosted the Beyond database — with his business partner Enrico Pazzali, presenting the firm as a corporate risk intelligence company.  Gallo’s years as a police officer gave him a unique advantage: He could leverage relationships with former colleagues in law enforcement and intelligence to get them to carry out illegal searches on his behalf. Some of the information he obtained was then repackaged as reputational dossiers for clients, commanding fees of up to €15,000.  Gallo also cashed in his influence for favors, such as procuring passports for friends and acquaintances. Investigators recorded conversations in which he bragged of sourcing a passport for a convicted mafioso under investigation for kidnapping, who planned to flee to the United Arab Emirates.  The supercop-turned-supercriminal claimed that Equalize had a full overview of Italian criminal operations, extending even to countries like Australia and Vietnam.  When investigators raided the group’s headquarters, they found thousands of files and dossiers spanning decades of Italian criminal and political history. The hackers even claimed to have — as part of what they called their “infinite archive” — video evidence of the late Prime Minister Silvio Berlusconi’s so-called bunga bunga parties, which investigators called “a blackmail tool of the highest value.”   Enrico Pazzali cultivated close ties to right-wing politicians, including Attilio Fontana, president of the Lombardy region, and maintained a close association with high-level intelligence officials. | Alessandro Bremec/Getty Images Gallo’s sudden death of a heart attack six months into the investigation stirred unease among prosecutors. They noted that while an initial autopsy found no signs of trauma or injection, the absence of such evidence does not necessarily rule out interference. Investigators have ordered toxicology tests.  ‘HANDSOME UNCLE’  Gallo’s collaborator Pazzalli, a well-known businessman who headed Milan’s prestigious Fondazione Fiera Milano, the country’s largest exhibition center, was Equalize’s alleged frontman.  Pazzali, through his lawyer, declined to comment to POLITICO about the allegations.  The Fiera, a magnet for money and power, made Pazzali a heavy hitter in Milanese circles. Having built a successful career across IT, energy and other sectors, and boasting a full head of steely gray hair, he was known to some by the nickname “Zio Bello,” or handsome uncle.   Pazzali cultivated close ties to right-wing politicians, including Attilio Fontana, president of the Lombardy region, and maintained a close association with high-level intelligence officials. He would meet clients in a chauffeur-driven black Tesla X, complete with a blue flashing light on the roof — the kind typically reserved for high-ranking officials.  Since 2019, Pazzali held a 95 percent stake in Equalize. If Gallo’s role was sourcing confidential information, Pazzali’s was winning high-profile clients, the prosecutors allege. Leveraging his reputation and political connections, he helped secure business from banks, industrial conglomerates, multinationals, and international law firms, including pasta giant Barilla, the Italian subsidiary of Heineken, and energy powerhouse Eni.   Documents show that Eni paid Equalize €377,000. Roberto Albini, a spokesperson for the energy giant, told POLITICO that the firm had commissioned Equalize “to support its strategy and defense in the context of several criminal and civil cases.” He added that Eni was not aware of any illegal activity by the company.  Marlous den Bieman, corporate communications manager for Heineken, said the brewer had “ceased all collaboration with Equalize and is actively cooperating with authorities in their investigation of the company’s practices.”  Barilla declined to comment.  Italy’s third-largest bank, Banca Mediolanum, said it had paid “€3,000 to Equalize to gather more public information regarding a company that could have been the subject of a potential deal, managed by our investment bank.” The bank added, “Of course we were not aware that Equalize was in general conducting its business also through the adoption of illicit procedures.”  The group’s reach extended beyond Italy. In February 2023, it was hired by Israeli state intelligence agents in a €1 million operation to trace the financial flows from the accounts of wealthy individuals to the Russian mercenary network Wagner. In exchange, the Israelis promised to hand over intelligence on the illicit trafficking of Iranian gas through Italy — a commodity that, they suggested, might be of interest to Equalize’s client, the energy giant Eni.  Equalize rapidly grew into a formidable private investigation operation. Police reports noted that Pazzali recognized data as “a weapon for enormous economic and reputational gains,” adding, “Equalize’s raison d’être is to provide … Pazzali with information and dossiers to be used for the achievement of his political and economic aims.”  During the 2023 election campaign for the presidency of the Lombardy region, Pazzali ordered dossiers on close affiliates of former mayor of Milan, Letizia Moratti, who was challenging his preferred candidate, the far-right Fontana.  Prime Minister Matteo Renzi warned of a deeper political risk associated with the gang. | Vincenzo Nuzzolese/Getty Images A spokesman for Fontana called the allegation “science-fiction” and said “nothing was offered to the president of the region, he did not ask for anything, and he certainly did not pay anything.”   In 2022, Pazzali was in the running to manage Italy’s 2026 Winter Olympics as chief executive. Wiretaps suggested he ordered a dossier on his competitor, football club AC Milan’s Chairman Paolo Scaroni, but found nothing on him.  Business was booming, but Pazzali and Gallo were thinking ahead. They had become reliant on cops willing to leak information, and those officers could be spooked — or caught in the act. That was a vulnerability.  They started to envisage a more sophisticated operation: a platform that collated all the data the group had in its possession and could generate the prized dossiers with the click of a button, erasing the need for bribes and cutting manpower costs — a repository of high-level secrets that, once operational, would give Pazzali, Gallo, and their team unprecedented power in Italy.  Pazzali declined to comment on the investigation. He is due to plead before a judge at a preliminary hearing in October. ‘THE PROFESSOR’ AND THE BOYS   Enter Samuele Calamucci, the coding brain of the operation.  Calamucci is from a small town just outside Milan, and before he began his career in cybersecurity, he was involved in stonemasonry.   Unlike his partners Gallo and Pazzali, Calamucci wasn’t a known face in the city — and he had worked hard to keep it that way. He ran his own private investigation firm, Mercury Advisor, from the same offices as Equalize, handling the company’s IT operations as an outside contractor.  Calamucci knew his way around Italian government IT systems, too. In wiretapped conversations, he claimed to have helped build the digital infrastructure for Italy’s National Cybersecurity Agency and to have worked for the secret services’ Department of Information for Security.  Known within the gang as “the professor,” Calamucci’s role was to recruit and manage a team of 30 to 40 programmers he called the ragazzi — the boys.  With his best recruits he began to build Beyond in 2022, the platform designed to be the digital equivalent of an all-seeing eye.  To populate it, Calamucci and his team purchased data from the dark web, exploited access through government IT maintenance contracts and siphoned intelligence from state databases whenever they could, prosecutors said.  Beyond gave Pazzali, Gallo, and their gang a treasure trove of compromising information on political and business figures in a searchable platform. Wiretaps indicated the plan was to sell access via subscription to select clients, including international law firm Dentons and some of the Big Four consultancies like Deloitte, KPMG, and EY. | Aleksander Kalka/Getty Images In one police-recorded conversation, Calamucci boasted of a hard drive holding 800,000 dossiers. Through his lawyer, Calamucci declined to comment.  “We all thought the requested reports served the good of the country,” said one of the hackers, granted anonymity to speak freely. “Ninety percent of the reports carried out were about energy projects, which required open-source criminal records or membership in mafia syndicates, given that a large portion concerned the South.” Only 5 percent of the jobs they carried out were for individuals to conduct an analysis of enemies or competitors, he added.  The hackers were also “not allowed to know” who was coming into Equalize’s office from the outside. Meetings were held behind closed doors in Gallo’s office or in conference rooms, the hacker told POLITICO, explaining that the analysts were unaware of the company’s dynamics and the people it associated with.  Beyond gave Pazzali, Gallo, and their gang a treasure trove of compromising information on political and business figures in a searchable platform. Wiretaps indicated the plan was to sell access via subscription to select clients, including international law firm Dentons and some of the Big Four consultancies like Deloitte, KPMG, and EY.  Dentons declined to comment. Deloitte and EY did not respond to a request for comment. Audee Van Winkel, senior communication officer for KPMG in Belgium, where one of the alleged gang members worked, said the consultancy did not have any knowledge or records of KPMG in Belgium working with the platform.   ‘INTELLIGENCE MERCENARIES’  In Italy’s sprawling private investigation scene, Equalize was a relative newcomer. But Gallo, Pazzali and their associates had something going for them: They were well-connected.  One alleged member of the organization, Gabriele Pegoraro, had worked as an external cybersecurity expert for intelligence services and had previously made headlines as the IT genius who helped capture a fugitive terrorist.  Pegoraro said he “carried out only lawful operations using publicly available sources” and “was in the dark about how the information was used.”  According to wiretaps, Calamucci and Gallo had worked with several intelligence agents to provide surveillance to protect criminal informants.   On one occasion, Calamucci explained to a subordinate that the relationship with the secret services “was essential” to continue running Equalize undisturbed. “We are mercenaries for [Italian] intelligence,” he was heard saying by police listening in on a meeting with foreign agents at his office.   The services also helped with data searches for the group and created a mask of cover for the gang, prosecutors believe. A hacker proudly claimed that Equalize had even received computers handed down from Italy’s foreign intelligence agency, while law enforcement watched from bugs planted in the ceiling.  THE PROSECUTION  In October 2024, the music stopped.  Prosecutors placed four of the alleged gang members, including Gallo and Calamucci, under house arrest and another 60 people under investigation. They brought forward charges including conspiracy to hack, corruption, illegal accessing of data and the violation of official secrets.  Franco Gabrielli, a former director of Italy’s civil intelligence services, warned that even the toughest of sentences are unlikely to put an end to the practice. | Alessandro Bremec/Getty Images “Just as the Stasi destroyed the lives of so many people using a mixture of fabricated and collected information, so did these guys,” said Leonida Reitano, an Italian open-source investigator who studied the case. “They collected sensitive information, including medical reports, and used it to compromise their targets.”  News of what the gang had done dropped like a bombshell on Italy’s political class. Foreign Minister Antonio Tajani told reporters at the time that the affair was “unacceptable,” while Interior Minister Matteo Piantedosi warned the parliament that the hackers were “altering the rules of democracy.”  The Equalize scandal “is not only the most serious in the history of the Italian Republic but represents a real and actual attack on democracy,” said Angelo Bonelli, MP and member of the opposition Green Europe.  Prime Minister Renzi warned of a deeper political risk associated with the gang. “It is clear that Equalize are very close to the leaders of the right-wing parties, and intended to build a powerful organization, although it is not yet certain how deep an impact they had,” he told POLITICO. Renzi is seeking damages as a civil plaintiff in the eventual criminal trial.  Equalize was liquidated in March, and some of the alleged hackers have since taken on legitimate roles within the cybersecurity sector.  There are many unresolved questions around the case. Investigators and observers are still trying to determine the full extent of Equalize’s ties to Italian intelligence agencies, and whether any clients were aware of or complicit in the methods used to compile sensitive dossiers. Interviews with intelligence officials conducted during the investigation were never transcribed, and testimony given to a parliamentary committee remains classified. Police documents are heavily redacted, leaving the identities of key figures and the full scope of the operation unclear.  While Equalize is unprecedented in its scale, efforts to collect information on political opponents have “become an Italian tradition,” said the political historian Giovanni Orsina. Spying and political chicanery during and after the Cold War has damaged democracy and undermined trust in public institutions, made worse by a lethargic justice system that can take years if not decades to deliver justice.   “It adds to the perception that Italy is a country in which you can never find the truth,” Orsina said.  Franco Gabrielli, a former director of Italy’s civil intelligence services, warned that even the toughest of sentences are unlikely to put an end to the practice. “It just increases the costs, because if I risk more, I charge more,” he said.   “We must reduce the damage, put in place procedures, mechanisms,” he added. “But, unfortunately, all over the world, even where people earn more there are always black sheep, people who are corrupted. It’s human nature.” 

BRUSSELS — First it was telecom snooping. Now Europe is growing worried that Huawei could turn the lights off. The Chinese tech giant is at the heart of a brewing storm over the security of Europe’s energy grids. Lawmakers are writing to the European Commission to urge it to “restrict high-risk vendors” from solar energy systems, in a letter seen by POLITICO. Such restrictions would target Huawei first and foremost, as the dominant Chinese supplier of critical parts of these systems. The fears center around solar panel inverters, a piece of technology that turns solar panels’ electricity into current that flows into the grid. China is a dominant supplier of these inverters, and Huawei is its biggest player. Because the inverters are hooked up to the internet, security experts warn the inverters could be tampered with or shut down through remote access, potentially causing dangerous surges or drops in electricity in Europe’s networks. The warnings come as European governments have woken up to the risks of being reliant on other regions for critical services — from Russian gas to Chinese critical raw materials and American digital services. The bloc is in a stand-off with Beijing over trade in raw materials, and has faced months of pressure from Washington on how Brussels regulates U.S. tech giants. Cybersecurity authorities are close to finalizing work on a new “toolbox” to de-risk tech supply chains, with solar panels among its key target sectors, alongside connected cars and smart cameras. Two members of the European Parliament, Dutch liberal Bart Groothuis and Slovak center-right lawmaker Miriam Lexmann, drafted a letter warning the European Commission of the risks. “We urge you to propose immediate and binding measures to restrict high-risk vendors from our critical infrastructure,” the two wrote. The members had gathered the support of a dozen colleagues by Wednesday and are canvassing for more to join the initiative before sending the letter mid next week.   According to research by trade body SolarPower Europe, Chinese firms control approximately 65 percent of the total installed power in the solar sector. The largest company in the European market is Huawei, a tech giant that is considered a high-risk vendor of telecom equipment. The second-largest firm is Sungrow, which is also Chinese, and controls about half the amount of solar power as Huawei. Huawei’s market power recently allowed it to make its way back into SolarPower Europe, the solar sector’s most prominent lobby association in Brussels, despite an ongoing Belgian bribery investigation focused on the firm’s lobbying activities in Brussels that saw it banned from meeting with European Commission and Parliament officials. Security hawks are now upping the ante. Cybersecurity experts and European manufacturers say the Chinese conglomerate and its peers could hack into Europe’s power grid.  “They can disable safety parameters. They can set it on fire,” Erika Langerová, a cybersecurity researcher at the Czech Technical University in Prague, said in a media briefing hosted by the U.S. Mission to the EU in September.  Even switching solar installation off and on again could disrupt energy supply, Langerová said. “When you do it on one installation, it’s not a problem, but then you do it on thousands of installations it becomes a problem because the … compound effect of these sudden changes in the operation of the device can destabilize the power grid.”  Surges in electricity supply can trigger wider blackouts, as seen in Spain and Portugal in April. | Matias Chiofalo/Europa Press via Getty Images Surges in electricity supply can trigger wider blackouts, as seen in Spain and Portugal in April. Some governments have already taken further measures. Last November, Lithuania imposed a ban on remote access by Chinese firms to renewable energy installations above 100 kilowatts, effectively stopping the use of Chinese inverters. In September, the Czech Republic issued a warning on the threat posed by Chinese remote access via components including solar inverters. And in Germany, security officials already in 2023 told lawmakers that an “energy management component” from Huawei had them on alert, leading to a government probe of the firm’s equipment. CHINESE CONTROL, EU RESPONSE  The arguments leveled against Chinese manufacturers of solar inverters echo those heard from security experts in previous years, in debates on whether or not to block companies like video-sharing app TikTok, airport scanner maker Nuctech and — yes — Huawei’s 5G network equipment. Distrust of Chinese technology has skyrocketed. Under President Xi Jinping, the Beijing government has rolled out regulations forcing Chinese companies to cooperate with security services’ requests to share data and flag vulnerabilities in their software. It has led to Western concerns that it opens the door to surveillance and snooping. One of the most direct threats involves remote management from China of products embedded in European critical infrastructure. Manufacturers have remote access to install updates and maintenance. Europe has also grown heavily reliant on Chinese tech suppliers, particularly when it comes to renewable energy, which is powering an increasing proportion of European energy. Domestic manufacturers of solar panels have enough supply to fill the gap that any EU action to restrict Chinese inverters would create, Langerová said. But Europe does not yet have enough battery or wind manufacturers — two clean energy sector China also dominates. China’s dominance also undercuts Europe’s own tech sector and comes with risks of economic coercion. Until only a few years ago, European firms were competitive, before being undercut by heavily subsidized Chinese products, said Tobias Gehrke, a senior policy fellow at the European Council on Foreign Relations. China on the other hand does not allow foreign firms in its market because of cybersecurity concerns, he said. The European Union previously developed a 5G security toolbox to reduce its dependence on Huawei over these fears. It is also working on a similar initiative, known as the ICT supply chain toolbox, to help national governments scan their wider digital infrastructure for weak points, with a view to blocking or reduce the use of “high-risk suppliers.” According to Groothuis and Lexmann, “binding legislation to restrict risky vendors in our critical infrastructure is urgently required” across the European Union. Until legislation is passed, the EU should put temporary measures in place, they said in their letter.  Huawei did not respond to requests for comment before publication. This article has been updated.

BRUSSELS — Almost 60 members of the European Parliament want to include a gift in the bloc’s next long-term budget: a phone with more storage for Ursula von der Leyen. Right-wing politicians filed an amendment on Thursday to the EU’s budget bill, telling the EU executive to “dedicate sufficient funding to provide the president of the Commission with a mobile phone with adequate storage capacity and appropriate IT support to ensure that messages are preserved without exception.” Von der Leyen got in hot water last month over a deleted 2024 text message she received from French President Emmanuel Macron that POLITICO reported had urged her to block the EU-Mercosur trade deal. The Commission said the message was auto-deleted, defending von der Leyen’s use of disappearing messages as being, in part, “for space reasons.” But tech experts debunked that defense as “a non-argument” and ” hard to believe,” because text messages hardly take any space on modern phones. The Commission president already faced an investigation earlier over text conversations with Pfizer’s Chief Executive Officer Albert Bourla about Covid-19 vaccine contracts which were never archived. Lawmakers are due to vote on the EU’s draft budget for 2026 at a plenary session in Strasbourg next week. The amendment on phone storage came from Germany far-right member Christine Anderson and Swedish hard-right member Charlie Weimers. It had been signed by 57 members of parliament on Thursday, largely from Weimers’ European Conservative and Reformists group, Anderson’s Europe Sovereign Nations and the far-right Patriots for Europe. The amendment urged the EU executive to mind “importance of keeping proper records of all official communications of the Commission.”

BRUSSELS — The European Commission is dialing reform, but not everyone is picking up. Following years of talks, Brussels is almost ready to drop a long-awaited telecommunication blueprint designed to upgrade networks and support the industry. The Digital Networks Act, expected to land Dec. 16, will overhaul the current rulebook to make it easier for operators to roll out 5G and fiber, and boost investment in Europe’s digital infrastructure. But it’s likely to upset players from national governments to tech firms in the process. The continent’s biggest telecom companies have long argued that stifling rules and a fragmented single market make it hard for them to scale and earn sustainable profits — and take European networks to the next level. “Never has connectivity been so important to the life of people” but “at the same time, our industry has trouble in many regions to achieve a decent return on capital,” said Vivek Badrinath, the boss of global mobile association GSMA. But not everyone is buying the crisis pitch — here are the battle lines ahead of the proposal. BIG TELCOS VS. BIG TECH Years of lobbying by Europe’s top telcos to have data-hungry platforms such as TikTok, Netflix and Google’s YouTube help foot the bill for network expansion seem to have paid off. The Commission is now weighing how to tackle “challenges in the cooperation” between tech and telecom players in its reforms. One of the options on the table is turning into a political minefield: Empowering regulators to settle potential disputes between the two groups over how they handle traffic. Opponents of regulatory intervention fear that it will give operators a way to pressure content providers for payments, akin to the unpopular proposal known as “fair share” that was floated under the last Commission. At worst, they say, it could even upend the internet as we know it by undermining net neutrality — the principle that service providers need to treat all traffic equally, without throttling or censoring. “This would have immediate and far-reaching consequences, harming European consumers, businesses, digital rights and the sustainability of the creative and cultural sectors, ultimately risking a fragmented Internet and single market,” a broad coalition, ranging from civil society and media organizations to audiovisual players, wrote earlier this month. The continent’s biggest telecom companies have long argued that stifling rules and a fragmented single market make it hard for them to scale and earn sustainable profits. | Andy Rain/EPA Regulators themselves say they don’t see any market failure, or need for a legislative fix. “It’s increasingly hard for me to think that the Commission is approaching this in good faith because they cannot ignore the chaotic impact that something like this would have,” said Benoît Felten, an expert at Plum Consulting who authored a study on the topic commissioned by Big Tech lobby CCIA. Tech companies will fight tooth and nail against any move to hold them to the same obligations that telecom operators have to follow. “The same service, same rules principle should be a no-brainer,” said Alessandro Gropelli, the boss of telecom trade association Connect Europe. “You cannot have competitiveness if one party is playing the game with their hand tied behind their back and the other party is playing the same game with both hands.” INCUMBENTS VS. CHALLENGERS Brussels’ deregulatory mood is further deepening rifts between Europe’s top telecom providers and their challengers, who have long praised the existing rulebook that they say enables them to take on legacy players. “The Commission wants to deregulate dogmatically” in order “to boost the largest operators in Europe,” said Luc Hindryckx, the director general of the European Competitive Telecommunications Association, a trade body. “One way to do it is to weaken the competition to allow a few incumbents to make it through and pave the way for consolidation, because if the competitors are on the verge of bankruptcy, they will ask to be merged.” Telecom challengers are up in arms against the direction of travel, which could see the Commission dial down the regulatory pressure on Europe’s legacy telcos to open their ducts and fiber lines to competitors. The EU executive wants to move away from heavy, upfront rules and closer scrutiny of dominant players to prevent abuse, instead relying on standard law enforcement. It argues the current system worked to boost competition but has outlived its purpose. It is “alarming that the European Commission is now proposing to relax regulation on former fixed monopolies,” a coalition of nine network operators wrote in a letter this month. Signatories — including France’s Iliad and the U.K.’s Vodafone — called out the proposed “backwards step” and warned against the risk of “re-monopolisation.” This shift, the opponents say, could unravel years of progress by undermining market predictability, deterring investment and pushing up wholesale prices — costs that would inevitably be passed on to consumers. “5G has been a disaster because the real 5G is hardly here,” the Commission’s top digital civil servant Roberto Viola said. | Robert Ghement/EPA “In Germany, it seems that people never run a red light. One could say that people no longer run red lights and then change the law that says running a red light is a major offense. What do you think is going to happen?” Hindryckx quipped. The legacy players don’t agree. “The current ex-ante system leads to low investments and harms roll-out of innovative networks,” said Gropelli from Connect Europe. “Reform is a must, or we’ll remain global laggards in roll-out of critical networks.” CAPITALS VS. BRUSSELS National governments also aren’t cheering the reforms, with EU capitals bristling at the idea of Brussels muscling in on territory they consider their own. That’s the case for the allocation of spectrum — the finite and very much in-demand resource powering wireless communications, which is auctioned at a national level for billions of euros. “5G has been a disaster because the real 5G is hardly here,” the Commission’s top digital civil servant Roberto Viola said in September. “We have been sleeping and lost fifteen years in discussing … who should assign the frequencies,” he said. Still, the topic is largely off the table for national governments. “Spectrum harmonization is not the favorite topic of member countries,” Katalin Molnár, the ambassador for Hungary, said last year as the country chaired talks among EU governments on the issue. The current cooperation between countries “works well,” the 27 EU nations said in a joint position, emphasizing that spectrum management is a “key public policy tool” that falls under a “sustained significance of member states’ national competencies in that regard.” This will be a major red line for the Council of the EU, where capitals will eventually hammer out their position on the reforms. The industry, however, says reforms are essential for the economic benefits that the EU is craving. “The wind has never been as strong in the sails of the ship that goes towards a more efficient telecom market today,” GSMA’s Badrinath said. “Is that enough to get the right outcome? Well, that’s what we want to believe.”

BRUSSELS — The European Union is trying to stop space from turning into a junkyard. The European Commission on Wednesday proposed a new Space Act that seeks to dial up regulatory oversight of satellite operators — including requiring them to tackle their impact on space debris and pollution, or face significant fines. There are more than 10,000 satellites now in orbit and growing space junk to match. In recent years, more companies — most notably Elon Musk’s Starlink — have ventured into low-Earth orbit, from where stronger telecommunication connections can be established but which requires more satellites to ensure full coverage. “Space is congested and contested,” a Commission official said ahead of Wednesday’s proposal in a briefing with reporters. The official was granted anonymity to disclose details ahead of the formal presentation. The EU executive wants to set up a database to track objects circulating in space; make authorization processes clearer to help companies launch satellites and provide services in Europe; and force national governments to give regulators oversight powers. The Space Act proposal would also require space companies to have launch safety and end-of-life disposal plans, take extra steps to limit space debris, light and radio pollution, and calculate the environmental footprint of their operations. Mega and giga constellations, which are networks of at least 100 and 1,000 spacecraft, respectively, face extra rules to coordinate orbit traffic and avoid collisions. “It’s starting to look like a jungle up there. We need to intervene,” said French liberal lawmaker Christophe Grudler. “Setting traffic rules for satellites might not sound as sexy as sending people to Mars. But that’s real, that’s now and that has an impact on our daily lives.” Under the proposal, operators would also have to run cybersecurity risk assessments, introduce cryptographic and encryption-level protection, and are encouraged to share more information with corporate rivals to fend off cyberattacks. Breaches of the rules could result in fines of up to twice the profits gained or losses avoided as a result of the infringement, or, where these amounts cannot be determined, up to 2 percent of total worldwide annual turnover. Satellites exclusively used for defense or national security are excluded from the law. THE MUSK PROBLEM The Space Act proposal comes as the EU increasingly sees a homegrown satellite industry as crucial to its connectivity, defense and sovereignty ambitions. Musk’s dominance in the field has become a clear vulnerability for Europe. His Starlink network has showcased at scale how thousands of satellites can reach underserved areas and fix internet voids, but it has also revealed his hold over Ukraine’s wartime communication, highlighting the danger of relying on a single, foreign player. Top lawmakers in the European Parliament, including Grudler, earlier this month advocated for a “clearly ring-fenced budget of at least €60 billion” devoted to space policy, while French President Emmanuel Macron last week called for the next EU budget to earmark more money to boost Europe’s space sector. That’s crucial “if we want to stay in the game of the great international powers,” he said shortly after the French government announced it would ramp up its stake in Eutelsat, a Franco-British satellite company and Starlink rival. The Space Act proposal introduces additional requirements for players from outside the EU that operate in the European market, unless their home country is deemed to have equivalent oversight by the Commission, which could be the case for the U.S. They will also have to appoint a legal representative in the bloc. The proposal is set to apply from 2030 and will now head to the Council of the EU, where governments hash out their position, and the European Parliament for negotiations on the final law. Aude van den Hove contributed reporting.