BRUSSELS — A new EU rule mandating that a higher proportion of passengers pass through electronic identity border checks risks “wreaking significant discomfort on travelers,” warned the head of the bloc’s airport lobby. But a Commission spokesperson insisted that the electronic check system, which first went into limited use in October with a higher proportion of travelers to be checked from Friday, “has operated largely without issues.” The new Entry/Exit System is aimed at replacing passport stamps and cracking down on illegal stays in the bloc. Under the new system, travelers from third countries like the U.K. and the U.S. must register fingerprints and a facial image the first time they cross the frontier before reaching a border officer. But those extra steps are causing delays. In October, 10 percent of passengers had to use the new system; as of Friday, at least 35 percent of non-EU nationals entering the Schengen area for a short stay must use it. By April 10, the system will be fully in place. Its introduction last year caused issues at many airports, and industry worries that Friday’s step-up will cause a repeat. The EES “has resulted in border control processing times at airports increasing by up to 70 percent, with waiting times of up to three hours at peak traffic periods,” said Olivier Jankovec, director general of ACI Europe, adding that Friday’s new mandate is “sure to create even worse conditions.” Brussels Airport spokesperson Ihsane Chioua Lekhli said: “The introduction of EES has an impact on the waiting time for passengers and increases the need for sufficient staffing at border control,” adding: “Peak waiting times at arrival (entry of Belgium) can go up to three hours, and we also saw an increase of waiting times at departures.” But the Commission rejected the accusation that EES is wreaking havoc at EU airports. “Since its start, the system has operated largely without issues, even during the peak holiday period, and any initial challenges typical of new systems have been effectively addressed, moreover with it, we know who enter in the EU, when, and where,” said Markus Lammert, the European Commission’s spokesperson for internal affairs. Lamert said countries “have refuted the claim” made by ACI Europe of increased waiting times and that concerns over problems related to the new 35 percent threshold have been “disproven.” That’s in stark contrast with the view of the airport lobby, which pointed to recent problems in Portugal. Under the new system, travelers from third countries like the U.K. and the U.S. must register fingerprints and a facial image the first time they cross the frontier before reaching a border officer. | iStock “There are mounting operational issues with the EES rollout — the case in point being the suspension of the system by the Portuguese government over the holidays,” Jankovec said. In late December, the Portuguese government suspended the EES at Lisbon Humberto Delgado Airport for three months and deployed military personnel to bolster border control capabilities. ADR, which operates Rome Fiumicino Airport, is also seeing issues. “Operational conditions are proving highly complex, with a significant impact on passenger processing times at border controls,” ADR said in a written reply. Spain’s hotel industry association asked the country’s interior ministry to beef up staffing, warning of “recurring bottlenecks at border controls.” “It is unreasonable that, after a journey of several hours, tourists should face waits of an hour or more to enter the country,” said Jorge Marichal, the lobby’s president. The Spanish interior ministry said the EES is being used across the country with “no queues or significant incidents reported to date.” However, not all airports are having trouble implementing the new system. The ADP Group, which manages the two largest airports in Paris, said it has “not observed any chaos or increase in waiting times at this stage.”

U.S. President Donald Trump suggested Saturday that the U.S. used cyberattacks or other technical capabilities to cut power off in Caracas during strikes on the Venezuelan capital that led to the capture of Venezuelan President Nicolás Maduro. If true, it would mark one of the most public uses of U.S. cyber power against another nation in recent memory. These operations are typically highly classified, and the U.S. is considered one of the most advanced nations in cyberspace operations globally. “It was dark, the lights of Caracas were largely turned off due to a certain expertise that we have, it was dark, and it was deadly,” Trump said during a press conference at Mar-a-Lago detailing the operation. Gen. Dan Caine, chair of the Joint Chiefs of Staff, said during the same press conference that U.S. Cyber Command, U.S. Space Command and combatant commands “began layering different effects” to “create a pathway” for U.S. forces flying into the country early Saturday. Caine did not elaborate on what those “effects” entailed. Spokespeople for the White House, Cyber Command and Space Command did not respond to requests for comment on the cyber operations in Venezuela. Internet tracking group NetBlocks reported a loss of internet connectivity in Caracas during power cuts early Saturday morning. Alp Toker, founder of NetBlocks, said in an email Saturday that if cyberattacks contributed to these outages, “it will have been targeted, not impacting the broader network space.” Saturday’s offensive marked the latest cyberattack targeting Venezuelan infrastructure in recent weeks. Venezuelan national oil and gas company PDVSA, or Petróleos de Venezuela, S.A., last month accused the U.S. government of carrying out a cyberattack that led to delays in operations across the country. The Trump administration has not publicly commented on whether the U.S. was involved in the December attack. PDVSA said its facilities were not damaged in the strikes on Saturday.

PARIS — French authorities will investigate the proliferation of sexually explicit deepfakes generated by artificial intelligence platform Grok on X, the Paris prosecutor’s office told POLITICO. French lawmakers Arthur Delaporte and Eric Bothorel contacted the prosecutor’s office on Jan. 2 after thousands of non-consensual sexually explicit deepfakes were generated by Grok and published on X. “These facts have been added to the existing investigation into X,” the prosecutor’s office stated, noting that this offense is punishable by two years’ imprisonment and a €60,000 fine. The two lawmakers confirmed to POLITICO that they had filed reports with the authorities. For the past two days, hundreds of women and teenagers have reported that their photos published on social media have been “undressed” by Grok — the artificial intelligence integrated into the social network X — at the request of users. These AI-generated photo montages “violate the dignity of the people depicted,” argues Delaporte in his letter to the public prosecutor, seen by POLITICO. When contacted by POLITICO, the French digital affairs office said three government ministers — Roland Lescure, economy and industry minister; Anne Le Hénanff, junior minister for artificial intelligence and digital affairs; and Aurore Bergé, equality minister — have reported “manifestly illegal content” to the public prosecutor and a government online surveillance platform Pharos, to “obtain its immediate removal.” France’s High Commissioner for Children, Sarah El Haïry, said she was “outraged” by these practices. The case will bolster the investigation already opened by the French cybercrime unit against X, which was expanded in November to include antisemitic and Holocaust denial statements disseminated by Grok. When contacted by POLITICO, X did not respond at the time of publication. A post by Grok on X in response to concerns about “extremely inappropriate” images of minors, said: “There are isolated cases where users prompted for and received AI images depicting minors in minimal clothing.” “xAI has safeguards, but improvements are ongoing to block such requests entirely,” Grok said. The European Commission did not respond to a request for comment by the time of publication. Eliza Gkritsi contributed to this story.

In the desolate Arctic desert of Kangerlussuaq, Greenland, Europeans are building defenses against a new, up-and-coming security threat: space hacks. A Lithuanian company called Astrolight is constructing a ground station, with support from the European Space Agency, that will use laser beams to download voluminous data from satellites in a fast and secure manner, it announced last month.  It’s just one example of how Europe is moving to harden the security of its satellites, as rising geopolitical tensions and an expanding spectrum of hybrid threats are pushing space communications to the heart of the bloc’s security plans. For years, satellite infrastructure was treated by policymakers as a technical utility rather than a strategic asset. That changed in 2022, when a cyberattack on the Viasat satellite network coincided with Russia’s invasion of Ukraine.   Satellites have since become popular targets for interference, espionage and disruption. The European Commission in June warned that space was becoming “more contested,” flagging increasing cyberattacks and attempts at electronic interference targeting satellites and ground stations. Germany and the United Kingdom warned earlier this year of the growing threat posed by Russian and Chinese space satellites, which are regularly spotted spying on their satellites.  EU governments are now racing to boost their resilience and reduce reliance on foreign technology, both through regulations like the new Space Act and investments in critical infrastructure. The threat is crystal clear in Greenland, Laurynas Mačiulis, the chief executive officer of Astrolight, said. “The problem today is that around 80 percent of all the [space data] traffic is downlinked to a single location in Svalbard, which is an island shared between different countries, including Russia,” he said in an interview. Europe’s main Arctic ground station sits in Svalbard and supports both the navigation systems of Galileo and Copernicus. While the location is strategic, it is also extremely sensitive due to nearby Russian and Chinese activities. Crucially, the station relies on a single undersea cable to connect to the internet, which has been damaged several times. “In case of intentional or unintentional damage of this cable, you lose access to most of the geo-intelligence satellites, which is, of course, very critical. So our aim is to deploy a complementary satellite ground station up in Greenland,” Mačiulis said. THE MUSK OF IT ALL A centerpiece of Europe’s ambitions to have secure, European satellite communication is IRIS², a multibillion-euro secure connectivity constellation pitched in 2022 and designed to rival Elon Musk’s Starlink system. “Today, communications — for instance in Ukraine — are far too dependent on Starlink,” said Anders Fogh Rasmussen, the founding chairman of political consultancy Rasmussen Global, speaking at an event in Brussels in November. “That dependence rests on the shifting ideas of an American billionaire. That’s too risky. We have to build a secure communications system that is independent of the United States.” The European system, which will consist of 18 satellites operating in low and medium Earth orbit, aims to provide Europe with fast and encrypted communication. “Even if someone intercepts the signal [of IRIS² ], they will not be able to decrypt it,” Piero Angeletti, head of the Secure Connectivity Space Segment Office at the European Space Agency, told POLITICO. “This will allow us to have a secure system that is also certified and accredited by the national security entities.” The challenge is that IRIS² is still at least four years away from becoming operational. WHO’S IN CHARGE? While Europe beefs up its secure satellite systems, governments are still streamlining how they can coordinate cyber defenses and space security. In many cases, that falls to both space or cyber commands, which, unlike traditional military units, are relatively new and often still being built out. Clémence Poirier, a cyberdefense researcher at the Center for Security Studies at ETH Zurich, said that EU countries must now focus on maturing them. “European states need to keep developing those commands,” she told POLITICO. “Making sure that they coordinate their action, that there are clear mandates and responsibilities when it comes to cyber security, cyber defensive operations, cyber offensive operations, and also when it comes to monitoring the threat.” Industry, too, is struggling to fill the gaps. Most cybersecurity firms do not treat space as a sector in its own right, leaving satellite operators in a blind spot. Instead, space systems are folded into other categories: Earth-observation satellites often fall under environmental services, satellite TV under media, and broadband constellations like Starlink under internet services. That fragmentation makes it harder for space companies to assess risk, update threat models or understand who they need to defend against. It also complicates incident response: while advanced tools exist for defending against cyberattacks on terrestrial networks, those tools often do not translate well to space systems. “Cybersecurity in space is a bit different,” Poirier added. “You cannot just implement whatever solution you have for your computers on Earth and just deploy that to your satellite.”

PARIS ― French intelligence services are investigating a suspected foreign operation after high-tech spyware was seized aboard a ferry in Sète, southern France. “Individuals have tried to penetrate a ship’s IT system … investigators suspect a foreign-born operation,” French Interior Minister Laurent Nuñez said Wednesday on radio Franceinfo. The ship was docked in the port of Sète, on the Mediterranean coast, when French authorities received intelligence from their Italian counterparts that the ferry’s IT system had been infected by a remote access tool, the Paris prosecutor’s office, which has launched a judicial investigation into the case, said. French intelligence agency DGSI has been tasked with the probe. The news comes as several suspected hybrid warfare operations have been reported in the country in recent weeks, including drones buzzing over a highly sensitive submarine base and destabilization operations targeting high-profile monuments in Paris, with Russia seen as a likely sponsor. Two suspects, both crew members, were arrested last Friday, one Bulgarian and one Latvian. The Bulgarian suspect was later released. The Latvian suspect remains in custody and charged with conspiring to penetrate a data processing system on behalf of a foreign power, the prosecutor’s office said. Investigations have taken place in Latvia with the collaboration of local authorities. According to Le Parisien, who first reported the story, a sophisticated spying tool allowing infection and remote control was seized from the ship by DGSI agents, with Russia suspected to be behind the operation. However, neither the prosecutor’s office nor Nuñez confirmed that Moscow was suspected of orchestrating the hack. Nuñez said this wasn’t the first time such gear was found by investigators.

BRUSSELS — Lawmakers in the European Parliament have called on the institution to change its travel booking software amid fears their travel plans could be spied on or disrupted by U.S. government interests, in a letter obtained by POLITICO. In a stark sign of growing unease about American tech reliance, 64 lawmakers are pressing President Roberta Metsola to ditch the chamber’s travel-booking provider, Carlson Wagonlit Travel, after it was acquired by American Express Global Business Travel in September. The lawmakers argue that the new U.S. ownership puts lawmakers at risk of foreign snooping, as CWT has access to the “most sensitive information,” including their “passport details, credit card data, travel arrangements and their exact whereabouts at any given moment,” and could put them at the mercy of American sanctions. CWT last month canceled travel bookings for the United Nations Special Rapporteur on the Occupied Palestinian Territories, Francesca Albanese, who was due to speak at the Parliament in Strasbourg because of U.S. sanctions, according to an internal email seen by POLITICO. “The use of CWT for our travel arrangements exposes MEPs and Parliament staff to the real and present danger of U.S. sanctions, which have already been weaponized against European officials in the past,” the letter warns. “Such measures are not merely theoretical; they are a direct threat to the operational independence and dignity of our institution.” Signatories of the letter include Andreas Schwab from the center-right European People’s Party; Tiemo Wölken, Laura Ballarín Cereza and Aurore Lalucq from the Socialists and Democrats; Helmut Brandstätter, Christophe Grudler, Stéphanie Yon-Courtin and Sandro Gozi from the liberal Renew group; Alexandra Geese and Nela Riehl from the Greens; and Leila Chaibi from The Left. The internal email said the Parliament is working to contract an alternative Belgian travel booking provider it can use for sanctioned individuals. A spokesperson for the Parliament told POLITICO: “A structural solution is in place for such situations, allowing the necessary arrangements to be made without any delay.” “As a matter of policy, and in compliance with applicable law, American Express Global Business Travel does not comment on our clients,” a spokesperson for the company said. Organizations across Europe are growing increasingly wary of the risks of years of reliance on U.S. tech, as the EU also tries to boost its own economic competitiveness. Alarm bells have been ringing about the possibility that the White House could weaponize the EU’s dependence on U.S. technology, in particular through sanctions. In a previous request reported by POLITICO, a cross-party group including several of the same lawmakers urged the European Parliament to phase out U.S. technology — most notably Microsoft — in favor of European alternatives. “In these turbulent times, when even old friends can turn into foes and their companies into a political tool, we cannot afford this level of dependence on foreign tech, let alone continue funneling billions of taxpayers’ money abroad,” that group said last month. The International Criminal Court has moved to replace Microsoft Suite with the German solution OpenDesk amid concerns that a new wave of U.S. sanctions could paralyze the organization’s day-to-day operations. “It is just unacceptable that MEPs could be prevented from fulfilling their parliamentary duties due to a decision by the U.S. administration to sanction them,” centrist lawmaker Anna Stürgkh told Metsola during a session of the Parliament on Monday, pressing Metsola “to make sure that the sovereignty of this house is ensured.” The Parliament’s spokesperson said that the “institution’s services ensure that all IT solutions comply with the EU legal obligations and protect user privacy.” Gerardo Fortuna contributed reporting.

BRUSSELS — European banks and other finance firms should decrease their reliance on American tech companies for digital services, a top national supervisor has said. In an interview with POLITICO, Steven Maijoor, the Dutch central bank’s chair of supervision, said the “small number of suppliers” providing digital services to many European finance companies can pose a “concentration risk.” “If one of those suppliers is not able to supply, you can have major operational problems,” Maijoor said. The intervention comes as Europe’s politicians and industries grapple with the continent’s near-total dependence on U.S. technology for digital services ranging from cloud computing to software. The dominance of American companies has come into sharp focus following a decline in transatlantic relations under U.S. President Donald Trump. While the market for European tech services isn’t nearly as developed as in the U.S. — making it difficult for banks to switch — the continent “should start to try to develop this European environment” for financial stability and the sake of its economic success, Maijoor said. European banks being locked in to contracts with U.S. providers “will ultimately also affect their competitiveness,” Maijoor said. Dutch supervisors recently authored a report on the systemic risks posed by tech dependence in finance. Dutch lender Amsterdam Trade Bank collapsed in 2023 after its parent company was placed on the U.S. sanctions list and its American IT provider withdrew online data storage services, in one of the sharpest examples of the impact on companies that see their tech withdrawn. Similarly a 2024 outage of American cybersecurity company CrowdStrike highlighted the European finance sector’s vulnerabilities to operational risks from tech providers, the EU’s banking watchdog said in a post-mortem on the outage. In his intervention, Maijoor pointed to an EU law governing the operational reliability of banks — the Digital Operational Resilience Act (DORA) — as one factor that may be worsening the problem. Those rules govern finance firms’ outsourcing of IT functions such as cloud provision, and designate a list of “critical” tech service providers subject to extra oversight, including Amazon Web Services, Google Cloud, Microsoft and Oracle. DORA, and other EU financial regulation, may be “inadvertently nudging financial institutions towards the largest digital service suppliers,” which wouldn’t be European, Maijoor said. “If you simply look at quality, reliability, security … there’s a very big chance that you will end up with the largest digital service suppliers from outside Europe,” he said. The bloc could reassess the regulatory approach to beat the risks, Maijoor said. “DORA currently is an oversight approach, which is not as strong in terms of requirements and enforcement options as regular supervision,” he said. The Dutch supervisors are pushing for changes, writing that they are examining whether financial regulation and supervision in the EU creates barriers to choosing European IT providers, and that identified issues “may prompt policy initiatives in the European context.” They are asking EU governments and supervisors “to evaluate whether DORA sufficiently enhances resilience to geopolitical risks and, if not, to consider issuing further guidance,” adding they “see opportunities to strengthen DORA as needed,” including through more enforcement and more explicit requirements around managing geopolitical risks. Europe could also set up a cloud watchdog across industries to mitigate the risks of dependence on U.S. tech service providers, which are “also very important for other parts of the economy like energy and telecoms,” Maijoor said. “Wouldn’t there be a case for supervision more generally of these hyperscalers, cloud service providers, as they are so important for major parts of the economy?” The European Commission declined to respond.

U.S. President Donald Trump’s top envoy to the EU told POLITICO that overregulation is causing “real problems” economically and forcing European startups to flee to America. Andrew Puzder said businesses in the bloc “that become successful here go to the United States because the regulatory environment is killing them.” “Wouldn’t it be great if this part of the world, instead of deciding it was going to be the world’s regulator, decided once again to be the world’s innovators?” he added in an interview at this year’s POLITICO 28 event. “You’ll be stronger in the world and you’ll be a much better trade partner and ally to the United States.” Puzder’s remarks come as the Trump administration launched a series of blistering attacks on Europe in recent days. Washington’s National Security Strategy warned of the continent’s “civilizational erasure” and Trump himself blasted European leaders as “weak” and misguided on migration policy in an interview with POLITICO. Those broadsides have sparked concerns in Europe that Trump could seek to jettison the transatlantic relationship. But Puzder downplayed the strategy’s criticism and struck a more conciliatory note, saying the document was “more ‘make Europe great again’ than it was ‘let’s desert Europe’” and highlighted Europe’s potential as a partner.

Denmark’s military intelligence service has for the first time classified the U.S. as a security risk, a striking shift in how one of Washington’s closest European allies assesses the transatlantic relationship. In its 2025 intelligence outlook published Wednesday, the Danish Defense Intelligence Service warned that the U.S. is increasingly prioritizing its own interests and “using its economic and technological strength as a tool of power,” including toward allies and partners. “The United States uses economic power, including in the form of threats of high tariffs, to enforce its will and no longer excludes the use of military force, even against allies,” it said, in a pointed reference to Washington trying to wrest control of Greenland from Denmark. The assessment is one of the strongest warnings about the U.S. to come from a European intelligence service. In October, the Dutch spies said they had stopped sharing some intelligence with their U.S. counterparts, citing political interference and human rights concerns. The Danish warning underscores European unease as Washington leverages industrial policy more aggressively on the global stage, and highlights the widening divide between the allies, with the U.S. National Security Strategy stating that Europe will face the “prospect of civilizational erasure” within the next 20 years. The Danish report also said that “there is uncertainty about how China-U.S. relations will develop in the coming years” as Beijing’s rapid rise has eroded the U.S.’s long-held position as the undisputed global power. Washington and Beijing are now locked in a contest for influence, alliances and critical resources, which has meant the U.S. has “significantly prioritized” the geographical area around it — including the Arctic — to reduce China’s influence. “The USA’s increasingly strong focus on the Pacific Ocean is also creating uncertainty about the country’s role as the primary guarantor of security in Europe,” the report said. “The USA’s changed policy places great demands on armaments and cooperation between European countries to strengthen deterrence against Russia.” In the worst-case scenario, the Danish intelligence services predict that Western countries could find themselves in a situation in a few years where both Russia and China are ready to fight their own regional wars in the Baltic Sea region and the Taiwan Strait, respectively.

BRUSSELS — The EU has struck a political agreement to overhaul the bloc’s foreign direct investment screening rules, the Council of the EU announced on Thursday, in a move to prevent strategic technology and critical infrastructure from falling into the hands of hostile powers. The updated rules — the first major plank of European Commission President’s Ursula von der Leyen’s economic security strategy — would require all EU countries to systematically monitor investments and further harmonize the way those are screened within the bloc. The agreement comes just over a week after Brussels unveiled a new economic security package. Under the new rules, EU countries would be required to screen investments in dual-use items and military equipment; technologies like artificial intelligence, quantum technologies and semiconductors; raw materials; energy, transport and digital infrastructure; and election infrastructure, such as voting systems and databases. As previously reported by POLITICO, foreign entities investing into specific financial services must also be subject to screening by EU capitals. “We achieved a balanced and proportionate framework, focused on the most sensitive technologies and infrastructures, respectful of national prerogatives and efficient for authorities and businesses alike,” said Morten Bødskov, Denmark’s minister for industry, business and financial affairs. It took three round of political talks between the three institutions to seal the update, which was a key priority for the Danish Presidency of the Council of the EU. One contentious question was which technologies and sectors should be subject to mandatory screening. Another was how capitals and the European Commission should coordinate — and who gets the final say — when a deal raises red flags. Despite a request from the European Parliament, the Commission will not get the authority to arbitrate disputes between EU countries on specific investment cases. Screening decisions will remain firmly in the purview of national governments. “We’re making progress. The result of our negotiations clearly strengthens the EU’s security while also making life easier for investors by harmonising the Member States’ screening mechanism,” said the lead lawmaker on the file, French S&D Raphaël Glucksmann. “Yet more remains to be done to ensure that investments bring real added value to the EU, so that our market does not become a playground for foreign companies exploiting our dependence on their technology. The Commission has committed to take an initiative; it must now act quickly,” he said in a statement to POLITICO. This story has been updated.