Listen on * Spotify * Apple Music * Amazon Music Kriege werden längst auch unsichtbar geführt: im Netz, über Desinformation, Sabotage und Angriffe auf kritische Infrastruktur. Cyberattacken auf Flughäfen, Stromnetze und Behörden zeigen, wie real die Bedrohung bereits ist. In diesem Berlin Playbook Spezial spricht Rixa Fürsen mit Thomas Daum, Vizeadmiral der Bundeswehr und Inspekteur für Cyber- und Informationsraum, über die neue Eskalationsstufe hybrider Angriffe. Daum erklärt, warum Cyberangriffe heute gezielt Unruhe stiften sollen, wie eng sie mit Desinformation verzahnt sind und weshalb Deutschland sich nicht erst auf das oft genannte Jahr 2029, sondern auf frühere Szenarien einstellen muss. Das Berlin Playbook als Podcast gibt es jeden Morgen ab 5 Uhr. Gordon Repinski und das POLITICO-Team liefern Politik zum Hören – kompakt, international, hintergründig. Für alle Hauptstadt-Profis: Der Berlin Playbook-Newsletter bietet jeden Morgen die wichtigsten Themen und Einordnungen. Jetzt kostenlos abonnieren. Mehr von Host und POLITICO Executive Editor Gordon Repinski: Instagram: @gordon.repinski | X: @GordonRepinski. POLITICO Deutschland – ein Angebot der Axel Springer Deutschland GmbH Axel-Springer-Straße 65, 10888 Berlin Tel: +49 (30) 2591 0 information@axelspringer.de Sitz: Amtsgericht Berlin-Charlottenburg, HRB 196159 B USt-IdNr: DE 214 852 390 Geschäftsführer: Carolin Hulshoff Pol, Mathias Sanchez Luna

The Dutch government has quietly removed Google tracking tools from job listings for its intelligence services over concerns that the data would expose aspirant spies to U.S. surveillance. The intervention would put an end to Google’s processing of the data of job seekers interested in applying to spy service jobs, after members of parliament in The Hague raised security concerns. The move comes at a moment when trust between the Netherlands and the United States is fraying. It reflects wider European unease — heightened by Donald Trump’s return to the White House — about American tech giants having access to some of their most sensitive government data. The heads of the AIVD and MIVD, the Netherlands’ civilian and military intelligence services, said in October that they were reviewing how to share information with American counterparts over political interference and human rights concerns. In the Netherlands, government vacancies are listed on a central online portal, which subsequently redirects applicants to specific institutions’ or agencies’ websites, including those of the security services. The government has now quietly pulled the plug on Google Analytics for intelligence-service postings, according to security expert Bert Hubert, who first raised the alarm about the trackers earlier this year. Hubert told POLITICO the job postings for intelligence services jobs no longer contained the same Google tracking technologies at least since November. The move was first reported by Follow the Money. The military intelligence service MIVD declined to comment. The interior ministry, which oversees the general intelligence service AIVD, did not respond to a request for comment at the time of publication. In a statement, Communications Manager for Google Mathilde Méchin said: “Businesses, not Google Analytics, own and control the data they collect and Google Analytics only processes it at their direction. This data can be deleted at any time.” “Any data sent to Google Analytics for measurement does not identify individuals, and we have strict policies against advertising based on sensitive information,” Méchin said. ‘FUTURE EMPLOYEES AT RISK’ Derk Boswijk, a center-right Dutch lawmaker, raised the alarm about the tracking of job applicants in parliamentary questions to the government in January. He said that while China and Russia have traditionally been viewed as the biggest security risks, it is unacceptable for any foreign government — allied or not — to have a view into Dutch intelligence recruitment. “I still see the U.S. as our most important ally,” Boswijk told POLITICO. “But to be honest, we’re seeing that the policies of the Trump administration and the European countries no longer necessarily align, and I think we should adapt accordingly.” The government told Boswijk in February it had enabled privacy settings on data gathered by Google. The government has yet to comment on Boswijk’s latest questions submitted in November. Hubert, the cybersecurity expert, said the concerns over tracking were justified. Even highly technical data like IP addresses, device fingerprints and browsing patterns can help foreign governments, including adversaries such as China, narrow down who might be seeking a job inside an intelligence agency, he said. “By leaking job applications so broadly, the Dutch intelligence agencies put their future employees at risk, while also harming their own interests,” said Hubert, adding it could discourage sought-after cybersecurity talent that agencies are desperate to attract. Hubert previously served on a watchdog committee overseeing intelligence agencies’ requests to use hacking tools, surveillance and wiretapping.  One open question raised by Dutch parliamentarians is how to gain control over the data that Google gathered on aspiring spies in past years. “I don’t know what happens with the data Google Analytics already has, that’s still a black box to me,” said Sarah El Boujdaini, a lawmaker for the centrist-liberal Democrats 66 party who oversees digital affairs. The episode is likely to add fuel to efforts to wean off U.S. technologies — which are taking place across Europe, as part of the bloc’s “technological sovereignty” drive. European Parliament members last month urged the institution to move away from U.S. tech services, in a letter to the president obtained by POLITICO. In the Netherlands, parliament members have urged public institutions to move away from digital infrastructure run by U.S. firms like Microsoft, over security concerns. “If we can’t even safeguard applications to our secret services, how do you think the rest is going?” Hubert asked. The country also hosts the International Criminal Court, where Chief Prosecutor Karim Khan previously lost access to his Microsoft-hosted email account after he was targeted with American sanctions over issuing an arrest warrant for Israeli Prime Minister Benjamin Netanyahu. The ICC in October confirmed to POLITICO it was moving away from using Microsoft Office applications to German-based openDesk.

BRUSSELS — CIA Director John Ratcliffe made a low-key stop in Brussels this week, meeting top EU foreign and intelligence officials to deliver a not-so-subtle message: You can still trust us. Ratcliffe met with the EU’s top diplomat, Kaja Kallas, as well as senior officials from the EU Intelligence and Situation Center (INTCEN) and the EU Military Staff Intelligence Directorate (EUMS), according to three people with knowledge of the meeting. The goal, two officials said, was to steady nerves and reaffirm Washington’s commitment to intelligence-sharing — as some European capitals grow uneasy about the direction of U.S. foreign policy under President Donald Trump. The Trump administration’s erratic policy shifts on Ukraine — such as abruptly halting the sharing of battlefield intelligence with Kyiv last March — and its push to politicize intelligence by appointing Trump loyalists have shaken European confidence in Washington’s reliability. Ratcliffe, a former Republican congressman from Texas, built his reputation as one of Trump’s fiercest defenders on Capitol Hill — particularly during the first impeachment proceedings, when he used his perch on the House Intelligence Committee to attack the inquiry. Officially, Ratcliffe was in town to brief the North Atlantic Council, the political decision-making body of NATO, one diplomat said. But his side meeting with the bloc’s foreign policy arm, the EEAS, sent a clear signal: Langley wants to keep lines open. The expectation is that the meeting won’t be a one-off: “Should be regular from now on,” one official said. Ratcliffe and his EU counterparts also discussed shared challenges, including Russia, China and the Middle East. The diplomatic push comes at a sensitive moment. European services are working to bury decades of distrust to build a shared EU intelligence operation to counter Russian aggression while they rethink their intel-sharing arrangements with the U.S. The Dutch civil and military intelligence service told local paper De Volkskrant earlier this month that they’d halted some exchanges, citing political interference and human rights concerns.

MILAN — Nothing about the sand-colored façade of the palazzo tucked behind Milan’s Duomo cathedral suggested that inside it a team of computer engineers were building a database to gather private and damaging information about Italy’s political elite — and use it to try to control them.   The platform, called Beyond, pulled together hundreds of thousands of records from state databases — including flagged financial transactions and criminal investigations — to create detailed profiles on politicians, business leaders and other prominent figures.  Police wiretaps recorded someone they identified as Samuele Calamucci, allegedly the technical mastermind of the group, boasting that the dossiers gave them the power to “screw over all of Italy.”  The operation collapsed in fall 2024, when a two-year investigation culminated in the arrests of four people, with a further 60 questioned. The alleged ringleaders have denied ever directly accessing state databases, while lower-level operatives maintain they only conducted open-source searches and believed their actions were legal. Police files indicate that key suspects claimed they were operating with the tacit approval of the Italian state.  After months of questioning and plea bargaining, 15 of the accused are set to enter their pleas at the first court hearing in October.   The disclosures were shocking, not only because of the confidentiality of the data but also the high-profile nature of the targets, which included former Prime Minister Matteo Renzi and Ignazio La Russa, co-founder of the ruling Brothers of Italy party and president of the Senate.  The scandal underscores a novel reality: that in the digital era, privacy is a relic. While dossiers and kompromat have long been tools of political warfare, hackers today, commanded by the highest bidder, can access information to exploit decision-makers’ weaknesses — from private indiscretions to financial vulnerabilities. The result is a political and business class highly exposed to external pressures, heightening fears about the resilience of democratic institutions in an era where data is both power and liability.  POLITICO obtained thousands of pages of police wiretap transcripts and arrest warrants and spoke with alleged perpetrators, their victims and officials investigating the scheme. Together, the documents and interviews reveal an intricate plot to build a database filled with confidential and compromising data — and a business plan to exploit it for both legal and illegal means.  On the surface, the group presented itself as a corporate intelligence firm, courting high-profile clients by claiming expertise in resolving complex risk management issues such as commercial fraud, corruption and infiltration by organized crime.   Banca Mediolanum, said it had paid “€3,000 to Equalize to gather more public information regarding a company that could have been the subject of a potential deal, managed by our investment bank.” | Diego Puletto/Getty Images Prosecutors accuse the gang of compiling damaging dossiers by illegally accessing phones, computers and state databases containing information ranging from tax records to criminal convictions. The data could be used to pressure and threaten victims or fed to journalists to discredit them.  The alleged perpetrators include a former star police investigator, the top manager of Milan’s trade fair complex and several cybersecurity experts prominent in Italy’s tech scene. All have denied wrongdoing.  SUPERCOP TURNED SUPERCROOK  When the gang first drew the attention of investigators in the summer of 2022, it was almost by accident.  Police were tracking a northern Italian gangster when he arranged a meeting with retired police inspector Carmine Gallo at a coffee bar in downtown Milan. Gallo, a veteran in the fight against organized crime, was a familiar face in Italy’s law enforcement circles. The meeting raised suspicions, and authorities put Gallo under surveillance — and inadvertently uncovered the gang’s wider operations.  Gallo, who died in March 2025, was a towering figure in Italian law enforcement. He helped solve high-profile cases such as the 1995 murder of Maurizio Gucci — carried out by the fashion mogul’s ex-wife Patrizia Reggiani and her clairvoyant — and the 1997 kidnapping of Milanese businesswoman Alessandra Sgarella by the ‘ndrangheta organized crime syndicate.  Yet Gallo’s career was not without controversy. Over four decades, he cultivated ties to organized crime networks and faced repeated investigations for overstepping legal boundaries. He ultimately received a two-year suspended sentence for sharing official secrets and assisting criminals.  When he retired from the force in 2018, Gallo illegally carted off investigative material such as transcripts of interviews with moles, mafia family trees and photofits, prosecutors’ documents show. His modus operandi was to tell municipal employees to “get a coffee and come back in half an hour” while he photographed documents, he boasted in wiretaps.  Still, Gallo’s work ethic remained relentless. In 2019, he co-founded Equalize — the IT company that hosted the Beyond database — with his business partner Enrico Pazzali, presenting the firm as a corporate risk intelligence company.  Gallo’s years as a police officer gave him a unique advantage: He could leverage relationships with former colleagues in law enforcement and intelligence to get them to carry out illegal searches on his behalf. Some of the information he obtained was then repackaged as reputational dossiers for clients, commanding fees of up to €15,000.  Gallo also cashed in his influence for favors, such as procuring passports for friends and acquaintances. Investigators recorded conversations in which he bragged of sourcing a passport for a convicted mafioso under investigation for kidnapping, who planned to flee to the United Arab Emirates.  The supercop-turned-supercriminal claimed that Equalize had a full overview of Italian criminal operations, extending even to countries like Australia and Vietnam.  When investigators raided the group’s headquarters, they found thousands of files and dossiers spanning decades of Italian criminal and political history. The hackers even claimed to have — as part of what they called their “infinite archive” — video evidence of the late Prime Minister Silvio Berlusconi’s so-called bunga bunga parties, which investigators called “a blackmail tool of the highest value.”   Enrico Pazzali cultivated close ties to right-wing politicians, including Attilio Fontana, president of the Lombardy region, and maintained a close association with high-level intelligence officials. | Alessandro Bremec/Getty Images Gallo’s sudden death of a heart attack six months into the investigation stirred unease among prosecutors. They noted that while an initial autopsy found no signs of trauma or injection, the absence of such evidence does not necessarily rule out interference. Investigators have ordered toxicology tests.  ‘HANDSOME UNCLE’  Gallo’s collaborator Pazzalli, a well-known businessman who headed Milan’s prestigious Fondazione Fiera Milano, the country’s largest exhibition center, was Equalize’s alleged frontman.  Pazzali, through his lawyer, declined to comment to POLITICO about the allegations.  The Fiera, a magnet for money and power, made Pazzali a heavy hitter in Milanese circles. Having built a successful career across IT, energy and other sectors, and boasting a full head of steely gray hair, he was known to some by the nickname “Zio Bello,” or handsome uncle.   Pazzali cultivated close ties to right-wing politicians, including Attilio Fontana, president of the Lombardy region, and maintained a close association with high-level intelligence officials. He would meet clients in a chauffeur-driven black Tesla X, complete with a blue flashing light on the roof — the kind typically reserved for high-ranking officials.  Since 2019, Pazzali held a 95 percent stake in Equalize. If Gallo’s role was sourcing confidential information, Pazzali’s was winning high-profile clients, the prosecutors allege. Leveraging his reputation and political connections, he helped secure business from banks, industrial conglomerates, multinationals, and international law firms, including pasta giant Barilla, the Italian subsidiary of Heineken, and energy powerhouse Eni.   Documents show that Eni paid Equalize €377,000. Roberto Albini, a spokesperson for the energy giant, told POLITICO that the firm had commissioned Equalize “to support its strategy and defense in the context of several criminal and civil cases.” He added that Eni was not aware of any illegal activity by the company.  Marlous den Bieman, corporate communications manager for Heineken, said the brewer had “ceased all collaboration with Equalize and is actively cooperating with authorities in their investigation of the company’s practices.”  Barilla declined to comment.  Italy’s third-largest bank, Banca Mediolanum, said it had paid “€3,000 to Equalize to gather more public information regarding a company that could have been the subject of a potential deal, managed by our investment bank.” The bank added, “Of course we were not aware that Equalize was in general conducting its business also through the adoption of illicit procedures.”  The group’s reach extended beyond Italy. In February 2023, it was hired by Israeli state intelligence agents in a €1 million operation to trace the financial flows from the accounts of wealthy individuals to the Russian mercenary network Wagner. In exchange, the Israelis promised to hand over intelligence on the illicit trafficking of Iranian gas through Italy — a commodity that, they suggested, might be of interest to Equalize’s client, the energy giant Eni.  Equalize rapidly grew into a formidable private investigation operation. Police reports noted that Pazzali recognized data as “a weapon for enormous economic and reputational gains,” adding, “Equalize’s raison d’être is to provide … Pazzali with information and dossiers to be used for the achievement of his political and economic aims.”  During the 2023 election campaign for the presidency of the Lombardy region, Pazzali ordered dossiers on close affiliates of former mayor of Milan, Letizia Moratti, who was challenging his preferred candidate, the far-right Fontana.  Prime Minister Matteo Renzi warned of a deeper political risk associated with the gang. | Vincenzo Nuzzolese/Getty Images A spokesman for Fontana called the allegation “science-fiction” and said “nothing was offered to the president of the region, he did not ask for anything, and he certainly did not pay anything.”   In 2022, Pazzali was in the running to manage Italy’s 2026 Winter Olympics as chief executive. Wiretaps suggested he ordered a dossier on his competitor, football club AC Milan’s Chairman Paolo Scaroni, but found nothing on him.  Business was booming, but Pazzali and Gallo were thinking ahead. They had become reliant on cops willing to leak information, and those officers could be spooked — or caught in the act. That was a vulnerability.  They started to envisage a more sophisticated operation: a platform that collated all the data the group had in its possession and could generate the prized dossiers with the click of a button, erasing the need for bribes and cutting manpower costs — a repository of high-level secrets that, once operational, would give Pazzali, Gallo, and their team unprecedented power in Italy.  Pazzali declined to comment on the investigation. He is due to plead before a judge at a preliminary hearing in October. ‘THE PROFESSOR’ AND THE BOYS   Enter Samuele Calamucci, the coding brain of the operation.  Calamucci is from a small town just outside Milan, and before he began his career in cybersecurity, he was involved in stonemasonry.   Unlike his partners Gallo and Pazzali, Calamucci wasn’t a known face in the city — and he had worked hard to keep it that way. He ran his own private investigation firm, Mercury Advisor, from the same offices as Equalize, handling the company’s IT operations as an outside contractor.  Calamucci knew his way around Italian government IT systems, too. In wiretapped conversations, he claimed to have helped build the digital infrastructure for Italy’s National Cybersecurity Agency and to have worked for the secret services’ Department of Information for Security.  Known within the gang as “the professor,” Calamucci’s role was to recruit and manage a team of 30 to 40 programmers he called the ragazzi — the boys.  With his best recruits he began to build Beyond in 2022, the platform designed to be the digital equivalent of an all-seeing eye.  To populate it, Calamucci and his team purchased data from the dark web, exploited access through government IT maintenance contracts and siphoned intelligence from state databases whenever they could, prosecutors said.  Beyond gave Pazzali, Gallo, and their gang a treasure trove of compromising information on political and business figures in a searchable platform. Wiretaps indicated the plan was to sell access via subscription to select clients, including international law firm Dentons and some of the Big Four consultancies like Deloitte, KPMG, and EY. | Aleksander Kalka/Getty Images In one police-recorded conversation, Calamucci boasted of a hard drive holding 800,000 dossiers. Through his lawyer, Calamucci declined to comment.  “We all thought the requested reports served the good of the country,” said one of the hackers, granted anonymity to speak freely. “Ninety percent of the reports carried out were about energy projects, which required open-source criminal records or membership in mafia syndicates, given that a large portion concerned the South.” Only 5 percent of the jobs they carried out were for individuals to conduct an analysis of enemies or competitors, he added.  The hackers were also “not allowed to know” who was coming into Equalize’s office from the outside. Meetings were held behind closed doors in Gallo’s office or in conference rooms, the hacker told POLITICO, explaining that the analysts were unaware of the company’s dynamics and the people it associated with.  Beyond gave Pazzali, Gallo, and their gang a treasure trove of compromising information on political and business figures in a searchable platform. Wiretaps indicated the plan was to sell access via subscription to select clients, including international law firm Dentons and some of the Big Four consultancies like Deloitte, KPMG, and EY.  Dentons declined to comment. Deloitte and EY did not respond to a request for comment. Audee Van Winkel, senior communication officer for KPMG in Belgium, where one of the alleged gang members worked, said the consultancy did not have any knowledge or records of KPMG in Belgium working with the platform.   ‘INTELLIGENCE MERCENARIES’  In Italy’s sprawling private investigation scene, Equalize was a relative newcomer. But Gallo, Pazzali and their associates had something going for them: They were well-connected.  One alleged member of the organization, Gabriele Pegoraro, had worked as an external cybersecurity expert for intelligence services and had previously made headlines as the IT genius who helped capture a fugitive terrorist.  Pegoraro said he “carried out only lawful operations using publicly available sources” and “was in the dark about how the information was used.”  According to wiretaps, Calamucci and Gallo had worked with several intelligence agents to provide surveillance to protect criminal informants.   On one occasion, Calamucci explained to a subordinate that the relationship with the secret services “was essential” to continue running Equalize undisturbed. “We are mercenaries for [Italian] intelligence,” he was heard saying by police listening in on a meeting with foreign agents at his office.   The services also helped with data searches for the group and created a mask of cover for the gang, prosecutors believe. A hacker proudly claimed that Equalize had even received computers handed down from Italy’s foreign intelligence agency, while law enforcement watched from bugs planted in the ceiling.  THE PROSECUTION  In October 2024, the music stopped.  Prosecutors placed four of the alleged gang members, including Gallo and Calamucci, under house arrest and another 60 people under investigation. They brought forward charges including conspiracy to hack, corruption, illegal accessing of data and the violation of official secrets.  Franco Gabrielli, a former director of Italy’s civil intelligence services, warned that even the toughest of sentences are unlikely to put an end to the practice. | Alessandro Bremec/Getty Images “Just as the Stasi destroyed the lives of so many people using a mixture of fabricated and collected information, so did these guys,” said Leonida Reitano, an Italian open-source investigator who studied the case. “They collected sensitive information, including medical reports, and used it to compromise their targets.”  News of what the gang had done dropped like a bombshell on Italy’s political class. Foreign Minister Antonio Tajani told reporters at the time that the affair was “unacceptable,” while Interior Minister Matteo Piantedosi warned the parliament that the hackers were “altering the rules of democracy.”  The Equalize scandal “is not only the most serious in the history of the Italian Republic but represents a real and actual attack on democracy,” said Angelo Bonelli, MP and member of the opposition Green Europe.  Prime Minister Renzi warned of a deeper political risk associated with the gang. “It is clear that Equalize are very close to the leaders of the right-wing parties, and intended to build a powerful organization, although it is not yet certain how deep an impact they had,” he told POLITICO. Renzi is seeking damages as a civil plaintiff in the eventual criminal trial.  Equalize was liquidated in March, and some of the alleged hackers have since taken on legitimate roles within the cybersecurity sector.  There are many unresolved questions around the case. Investigators and observers are still trying to determine the full extent of Equalize’s ties to Italian intelligence agencies, and whether any clients were aware of or complicit in the methods used to compile sensitive dossiers. Interviews with intelligence officials conducted during the investigation were never transcribed, and testimony given to a parliamentary committee remains classified. Police documents are heavily redacted, leaving the identities of key figures and the full scope of the operation unclear.  While Equalize is unprecedented in its scale, efforts to collect information on political opponents have “become an Italian tradition,” said the political historian Giovanni Orsina. Spying and political chicanery during and after the Cold War has damaged democracy and undermined trust in public institutions, made worse by a lethargic justice system that can take years if not decades to deliver justice.   “It adds to the perception that Italy is a country in which you can never find the truth,” Orsina said.  Franco Gabrielli, a former director of Italy’s civil intelligence services, warned that even the toughest of sentences are unlikely to put an end to the practice. “It just increases the costs, because if I risk more, I charge more,” he said.   “We must reduce the damage, put in place procedures, mechanisms,” he added. “But, unfortunately, all over the world, even where people earn more there are always black sheep, people who are corrupted. It’s human nature.” 

BRUSSELS — First it was telecom snooping. Now Europe is growing worried that Huawei could turn the lights off. The Chinese tech giant is at the heart of a brewing storm over the security of Europe’s energy grids. Lawmakers are writing to the European Commission to urge it to “restrict high-risk vendors” from solar energy systems, in a letter seen by POLITICO. Such restrictions would target Huawei first and foremost, as the dominant Chinese supplier of critical parts of these systems. The fears center around solar panel inverters, a piece of technology that turns solar panels’ electricity into current that flows into the grid. China is a dominant supplier of these inverters, and Huawei is its biggest player. Because the inverters are hooked up to the internet, security experts warn the inverters could be tampered with or shut down through remote access, potentially causing dangerous surges or drops in electricity in Europe’s networks. The warnings come as European governments have woken up to the risks of being reliant on other regions for critical services — from Russian gas to Chinese critical raw materials and American digital services. The bloc is in a stand-off with Beijing over trade in raw materials, and has faced months of pressure from Washington on how Brussels regulates U.S. tech giants. Cybersecurity authorities are close to finalizing work on a new “toolbox” to de-risk tech supply chains, with solar panels among its key target sectors, alongside connected cars and smart cameras. Two members of the European Parliament, Dutch liberal Bart Groothuis and Slovak center-right lawmaker Miriam Lexmann, drafted a letter warning the European Commission of the risks. “We urge you to propose immediate and binding measures to restrict high-risk vendors from our critical infrastructure,” the two wrote. The members had gathered the support of a dozen colleagues by Wednesday and are canvassing for more to join the initiative before sending the letter mid next week.   According to research by trade body SolarPower Europe, Chinese firms control approximately 65 percent of the total installed power in the solar sector. The largest company in the European market is Huawei, a tech giant that is considered a high-risk vendor of telecom equipment. The second-largest firm is Sungrow, which is also Chinese, and controls about half the amount of solar power as Huawei. Huawei’s market power recently allowed it to make its way back into SolarPower Europe, the solar sector’s most prominent lobby association in Brussels, despite an ongoing Belgian bribery investigation focused on the firm’s lobbying activities in Brussels that saw it banned from meeting with European Commission and Parliament officials. Security hawks are now upping the ante. Cybersecurity experts and European manufacturers say the Chinese conglomerate and its peers could hack into Europe’s power grid.  “They can disable safety parameters. They can set it on fire,” Erika Langerová, a cybersecurity researcher at the Czech Technical University in Prague, said in a media briefing hosted by the U.S. Mission to the EU in September.  Even switching solar installation off and on again could disrupt energy supply, Langerová said. “When you do it on one installation, it’s not a problem, but then you do it on thousands of installations it becomes a problem because the … compound effect of these sudden changes in the operation of the device can destabilize the power grid.”  Surges in electricity supply can trigger wider blackouts, as seen in Spain and Portugal in April. | Matias Chiofalo/Europa Press via Getty Images Surges in electricity supply can trigger wider blackouts, as seen in Spain and Portugal in April. Some governments have already taken further measures. Last November, Lithuania imposed a ban on remote access by Chinese firms to renewable energy installations above 100 kilowatts, effectively stopping the use of Chinese inverters. In September, the Czech Republic issued a warning on the threat posed by Chinese remote access via components including solar inverters. And in Germany, security officials already in 2023 told lawmakers that an “energy management component” from Huawei had them on alert, leading to a government probe of the firm’s equipment. CHINESE CONTROL, EU RESPONSE  The arguments leveled against Chinese manufacturers of solar inverters echo those heard from security experts in previous years, in debates on whether or not to block companies like video-sharing app TikTok, airport scanner maker Nuctech and — yes — Huawei’s 5G network equipment. Distrust of Chinese technology has skyrocketed. Under President Xi Jinping, the Beijing government has rolled out regulations forcing Chinese companies to cooperate with security services’ requests to share data and flag vulnerabilities in their software. It has led to Western concerns that it opens the door to surveillance and snooping. One of the most direct threats involves remote management from China of products embedded in European critical infrastructure. Manufacturers have remote access to install updates and maintenance. Europe has also grown heavily reliant on Chinese tech suppliers, particularly when it comes to renewable energy, which is powering an increasing proportion of European energy. Domestic manufacturers of solar panels have enough supply to fill the gap that any EU action to restrict Chinese inverters would create, Langerová said. But Europe does not yet have enough battery or wind manufacturers — two clean energy sector China also dominates. China’s dominance also undercuts Europe’s own tech sector and comes with risks of economic coercion. Until only a few years ago, European firms were competitive, before being undercut by heavily subsidized Chinese products, said Tobias Gehrke, a senior policy fellow at the European Council on Foreign Relations. China on the other hand does not allow foreign firms in its market because of cybersecurity concerns, he said. The European Union previously developed a 5G security toolbox to reduce its dependence on Huawei over these fears. It is also working on a similar initiative, known as the ICT supply chain toolbox, to help national governments scan their wider digital infrastructure for weak points, with a view to blocking or reduce the use of “high-risk suppliers.” According to Groothuis and Lexmann, “binding legislation to restrict risky vendors in our critical infrastructure is urgently required” across the European Union. Until legislation is passed, the EU should put temporary measures in place, they said in their letter.  Huawei did not respond to requests for comment before publication. This article has been updated.

BRUSSELS — Intelligence agencies across Europe are burying decades of distrust and starting to build a shared intelligence operation to counter Russian aggression — a move accelerated by the new American capriciousness in supporting its traditional allies. In the past year, many national capitals have embedded intelligence officials in their Brussels representation offices. The European Union’s in-house intelligence unit has started briefing top-level officials. And the bloc is toying with the idea to build up stronger, CIA-style powers — long considered unthinkable. The push for deeper intelligence cooperation accelerated sharply after the Trump administration abruptly halted the sharing of battlefield intelligence with Kyiv last March. Donald Trump “deserves a Nobel Peace Prize for bringing the services of Europe together,” said one Western intelligence official, who was granted anonymity to disclose details of how they cooperated with American counterparts. POLITICO spoke with seven intelligence and security officials who described how the rupture in transatlantic trust is driving Europe’s spy agencies to move faster — and closer — than ever before. It’s all part of a bigger reconsideration of practices. European intelligence services have also started reviewing more closely how they share information with U.S. counterparts. The Dutch military and civil intelligence services told local paper De Volkskrant on Saturday they’d stopped sharing certain information with their U.S. counterparts, citing political interference and human rights concerns. Officials fear that transatlantic forums, including the defense alliance NATO, will become less reliable platforms to share intelligence. “There is a sense that there could be less commitment on the part of the United States in the months to come in sharing the intelligence they have — both inside NATO and at large,” said Antonio Missiroli, the former Assistant-Secretary General for Emerging Security Challenges at NATO. Security services are still overcoming decades-old trust issues. New revelations that Hungarian intelligence officials disguised as diplomats tried to infiltrate the EU institutions show how governments within the EU still keep close watch over each other. To cope with the distrust, some leading spy agencies are pushing to set up groups of trusted countries instead of running things through Brussels. CLUB DE BERNE Unlike tight-knit spy alliances like the Five Eyes, European Union member countries have long struggled to forge strong partnerships on intelligence sharing. National security remains firmly in the hands of national capitals, with Brussels playing only a coordinating role. One way European services have communicated traditionally is through a secretive network known as the Club de Berne, created nearly 50 years ago in the Swiss city it is named after. The club has no headquarters, no secretariat and meets only twice a year. In recent years, the group has coordinated its meetings to roughly align with the rotating presidency of the Council of the European Union. But the Club is hardly a mirror image of the EU. Malta has never joined, Bulgaria only recently signed on, and Austria was suspended for a time over concerns it was too soft on Moscow before being readmitted in 2022. Non-EU countries such as Switzerland, Norway and the U.K. are also members. Donald Trump “deserves a Nobel Peace Prize for bringing the services of Europe together,” said one Western intelligence official, who was granted anonymity to disclose details of how they cooperated with American counterparts. | Anna Moneymaker/Getty Images “Club de Berne is an information sharing architecture a bit like Europol. It’s designed to share a certain kind of information for a particular function,” said Philip Davies, director of the Brunel Centre for Intelligence and Security Studies in London. “But it’s fairly bounded and the information that’s being shared is potentially quite anodyne because you’re not plugging into secure systems and [there are] national caveats.” Major European Union intelligence players — France, the Netherlands, Germany, and until 2019, the U.K. — saw little value in sharing sensitive information with all EU countries, fearing it could fall into the wrong hands. Eastern European services, like Bulgaria’s, were believed to be filled with Russian moles, said Missiroli. One Bulgarian security official argued that was no longer the case, with the old guard largely retired. But while it offered some mode of collaboration, the Club de Berne also left Brussels’ EU-level officials largely in the dark. “The problem with talking about European intelligence sharing is that European intelligence sharing is not the same thing as EU intelligence sharing,” said Davies. CALLING ON THE EU Recent geopolitical shifts have forced the European Union to rethink its approach. Former Finnish President Sauli Niinistö called last year for the EU to create a CIA-style agency, coordinated from Brussels, in a landmark preparedness report at the request of Commission President Ursula von der Leyen. Niinistö laid out the idea of a “fully fledged intelligence cooperation service at the EU level that can serve both the strategic and operational needs,” while adding that “an anti-sabotage network” is needed to protect infrastructure. If there is such a thing as a collective EU intelligence agency, the European Union’s in-house Intelligence and Situation Centre (INTCEN) at the European External Action Service (EEAS) is the closest to it. The center conducts analysis based on the voluntary contributions by EU countries. Spies from national agencies do secondments at the center, which helps building up ties with national intelligence. Croatian intelligence chief Daniel Markić took over the helm of INTCEN in September 2024 on a mission to beef up information-sharing with the agency and get direct intelligence to EU leaders like von der Leyen and foreign policy chief Kaja Kallas. Together with its military counterpart — the EU Military Staff Intelligence Directorate — the two services form the Single Intelligence Analysis Capacity (SIAC), which produces shared intelligence assessments for EU decision-makers. In April, SIAC held its annual meeting in Brussels, this time drawing top officials of the European agencies to attend, along with Kallas.  Spy chiefs at that meeting underlined a growing push for Europe to build its own independent intelligence capabilities. But some also worried that overemphasizing the need for autonomy could further weaken ties with the U.S., creating the very gaps Europe is trying to avoid. TRUST ISSUES Slowly but surely, Brussels is building up its own intelligence community. For instance, intelligence liaison officers now exist in most permanent representations of EU member countries in Brussels. The Belgian Security Services (VSSE), which are officially tasked with overseeing spying activities around the EU institutions in Brussels, have also briefed members of the European Parliament on tactics used to coerce lawmakers into foreign espionage. Still, one European intelligence source told POLITICO that while cooperation between EU countries was now “at its best in modern history,” agencies still work first and foremost for their own national governments. That is a key stumbling block. According to Robert Gorelick, the retired head of mission of the U.S. CIA in Italy, “The reason that an EU-wide intelligence service couldn’t exist is that there is too much variety in how national agencies work.” What’s worse, he added: “There are too many countries — 27 — for there to be such trust in sharing.” Some countries have leaned toward setting up smaller ad hoc groups. After the U.S. paused its intelligence sharing with Ukraine in March, a Coalition of the Willing led by France and the United Kingdom met in Paris and agreed to expand Kyiv’s access to European-operated intelligence, surveillance technology and satellite data. The Netherlands is looking at beefing up cooperation with other European services, like the United Kingdom, Poland, France, Germany and the Nordics — including sharing raw data. “That has been scaled up enormously,” Erik Akerboom, the head of the Dutch civil intelligence service, told De Volkskrant. Yet there is still a long way to go to build enough trust between 27 EU members with differing national priorities. In October, it was revealed that Hungarian intelligence officials disguised as diplomats tried to infiltrate EU institutions while Olivér Várhelyi (now a European commissioner) was Hungary’s ambassador to the bloc, and place Orbán cronies in key positions. Niinistö, who wrote the EU’s preparedness report last year, told POLITICO in an interview this month that a full-fledged EU intelligence agency was still “a question of the future.” He added: “It comes to the word trust when we talk about preparedness, because without trusting we can’t cooperate very much.”

Chancellor Friedrich Merz on Thursday called for stronger intelligence services that reflect Germany’s size and economic muscle at a time of heightened threats to Europe. “Rarely in the history of the Federal Republic has the security situation been so serious. The foundations of the European security architecture, which have enabled us to live in freedom, peace, and prosperity for decades, have become fragile,” Merz said at the inauguration of Martin Jäger as the new president of Germany’s Foreign Intelligence Service, the BND. “Given the responsibility we bear in Europe in view of our size and economic strength, it is therefore our goal to ensure that the BND performs at the very highest level in terms of intelligence,” he added. Germany’s security agencies have long depended on U.S. intelligence help to track terrorist threats, cyberattacks and espionage activities, while Europe now confronts a belligerent Russia and its allies. Jäger, 61, was appointed on Sept. 4 replacing long-serving chief Bruno Kahl. A seasoned diplomat, he previously represented Germany in Iraq and Afghanistan, and most recently served as ambassador to Ukraine. Since taking office months ago, Merz himself has become a primary target for Russian disinformation networks. Experts and intelligence officials link the campaigns, including fabricated stories, fake websites and AI-generated videos, to his outspoken support for Kyiv as it resists the Kremlin’s aggression. “In Germany, we are now fending off hybrid attacks against our infrastructure on a daily basis; acts of sabotage, espionage, disinformation campaigns,” Merz said during his speech on Thursday. He warned of “systemic rivals and adversaries” becoming “increasingly aggressive” in their tactics. “A paradigm shift in foreign and security policy” is necessary to overcome such threats, Merz said. “We have very, very good security agencies in Germany. But our sovereignty in Germany and in Europe depends not least on us becoming even better.”

LONDON — Late last month, British intelligence, alongside allies like the United States, called out government-linked Chinese companies for a global campaign of cyber attacks. It was the latest step in a decade-long diplomatic dance. Britain only attributes cyber attacks to four countries: Iran, Russia, North Korea and China — known as the “Big Four.” Three are deemed hostile states, and Britain has an uneasy relationship with the latter. But these are are not the only countries that hack, sell hacking technology, or turn the other cheek to groups breaching devices and infrastructure in the U.K. Some are allies — but they have their blushes spared. Calling out allies in public remains a risky move when ministers and officials are in a race to sign trade deals and strengthen relations across the globe. At the same time, Britain is trying to place itself at the forefront of efforts to hold back the spyware arms race, as countries look to buy commercial cyber expertise and technology to hack neighbors, enemies and partners. This leaves Britain increasingly at odds with the U.S., which is now looking to utilize spyware it had previously blocked. POLITICO spoke to cybersecurity and intelligence figures from inside the U.K. government and the private sector to map which of Britain’s strategic allies are involved in the proliferation of cyber attacks — and how the U.K. is struggling to clamp down on a lucrative global industry. Some were granted anonymity to speak about sensitive national security matters. FLOODGATES OPEN In 2013, Edward Snowden, a former contractor for America’s National Security Agency (NSA), blew open the previously secretive world of Western digital surveillance and hacking. In leaking thousands of classified documents, he revealed that the Five Eyes intelligence partnership — which includes Britain and America — had spied on allies including France, Germany, the EU and the United Nations. In the decade since, other nations have been playing catch-up, with tech companies providing the ammunition for states wanting to rival Western nations that had been hacking for years. As the rest of the world started hacking back, Britain’s allies took the unprecedented step of calling out those it suspected of committing cyber attacks against them. In 2014, the Barack Obama administration in the U.S. put its head over the parapet to attribute a cyber attack to China. “The first time we were told about the U.S. attribution of 2014, privately the British government thought the Americans had gone mad and that it was really risky,” one former senior intelligence official told POLITICO. In 2013, Edward Snowden, a former contractor for America’s National Security Agency (NSA), blew open the previously secretive world of Western digital surveillance and hacking. | Jörg Carstensen/Picture Alliance via Getty Images “[It was thought] it wouldn’t achieve anything and it might get us into trouble and that they [China] might start arresting people. As it turns out, the Americans were right and we were wrong,” they said, adding: “I don’t think there’s a shred of evidence that any Western country has come to any harm as a result of attribution.” It took Britain until 2018 to start pointing the finger publicly — this time at Russia — while countries such as France did not take this step until earlier this year. The U.K.’s process for attribution involves a two-step judgment, whereby intelligence officials prepare an assessment for a minister when a cyber attack is thought, to a very high degree of confidence, to have come from a nation threat. It is then up to the minister to publicly call out the activity or not. The rationale for naming the origin of an attack is, in part, a comms exercise: “If you’re representing the British government in public and there’s been a major nation state cyber attack, and you’re not prepared to say who it was, then you look either incompetent or duplicitous,” the same former intelligence official said. They noted that although the Russians “don’t seem to care” whether Britain publicly calls them out, China does. “Let’s say, for example, that things were pretty tense with China, and we wanted to de-escalate — we might choose not to do an attribution purely for policy reasons.” Earlier this year in Manchester, officials from Britain’s National Cyber Security Centre (NCSC) — an arm of the GCHQ digital intelligence agency — were asked in a briefing whether there are nation state threats outside of the Big Four that Britain now sees as a developing threat. After a deep pause, one senior NCSC official replied in the affirmative. “Obviously states do procure capability and there are other state threats out there,” they said. “It would be odd if I said there weren’t.” They declined, however, to name any of these states. ‘EVERYONE’S PRETTY SURE IT EXISTS’ Though cyber activity from the Big Four is thought to make up the majority of hostile activity in Britain, it’s not the full picture. “That these four are the only ones that are repeatedly attributed is, for me, a real problem,” said James Shires, a cybersecurity academic and researcher, adding: “That means that most of the public conversation implies that those are the only actors, and that’s just not the case.” In fact, close allies make up some of these cyber powers, with leaked information often stepping in to fill the information void. In the 2010s, researchers claimed to have traced a piece of malware known as “Babar” back to French intelligence, while a hacking group called Careto was thought to have been linked to the Spanish government. “When you have allied, friendly, non-intelligence partnership states that you have good diplomatic relations with doing this kind of activity, there’s no way they’re going to be publicly outed,” Shires added. Hacking and cyber intrusion has uses for the Big Four beyond simply snooping on Britain and its allies. Backdoors into government and commercial networks can provide key information about dissidents, activists and political opponents who have fled a regime — and these four states are not the only ones with overseas critics. India, though a sometimes close ally of Britain, has been called out for its cyber activity by Canada, Britain’s intelligence partner in the Five Eyes partnership. Last year, Canada’s spy agency accused India of tracking and surveilling activists and dissidents, as well as stepping up attacks against government networks. This year it went further and accused India of foreign interference. Britain’s approach to India has been different, choosing diplomacy with joint schemes like a Technology Security Initiative. Lindy Cameron — the former head of the NCSC — has been placed as the British High Commissioner to India. In the Middle East, Israel has become one of the most prominent players in international espionage, with cyber a core component of its intelligence arsenal.  Though it has long avoided admitting it has conducted offensive cyber operations, researchers have suggested Israel played a role in hacking the venue for Iran’s nuclear negotiations. More recently, the conflict with Iran has given the world a glimpse into the capabilities of the Israeli state and state-aligned hacktivist groups. “For Israeli cyber espionage in the U.K., it’s one of those things where everyone’s pretty sure it exists, but there’s no clear indication of it,” Shires said. A 2022 report by the Citizen Lab research centre in Canada claimed that between 2020 and 2021 there were multiple infections of “Pegasus” spyware — created and sold by the Israeli company NSO Group — on U.K. government devices. | Omar Marques/Getty Images The same former intelligence official quoted previously said that “even in the current circumstances” of tricky relations with Israel, it would be “improbable to foresee a British government attributing a cyber operation” to them. They added that though Canada accused India of interference, Britain would have to “judge that case and its merits” for any similar activity in U.K. cyberspace. Despite the emergence of new top-level cyber nations, experts told POLITICO that the main driver for future threats to the security of U.K. citizens and infrastructure comes from the private sector, through the selling of sophisticated spyware technology. Shires said: “The big concern from the U.K. is not just cyber operations run directly by states. It’s not just which state has developed their own internal capability, but where they are relying on third parties to deliver that for them.” He noted that spyware companies have given rise to a “far wider set of states having access to capabilities because they don’t need to make the investment to develop their own internal capabilities, they can buy in a point, click and compromise service that they can then use to target whoever they want.” Melissa DeOrio, who leads cyber threat intelligence at cybersecurity and corporate intelligence consultancy S-RM, added: “It is very challenging to know exactly what capabilities lie in what countries, which are independent actors hacking of their own volition for financial opportunity, versus what activity is done either in favor of the state or ignored by the state and enabled by them in some way.” POINT, CLICK, COMPROMISE An explosion in hacking technology from private companies with explicit or implied state backing means the threat to countries — including Britain — can be harder to pinpoint. Sophisticated attacks are no longer just the domain of countries with established cyber capability. Britain’s NCSC has previously revealed that at least 80 countries have purchased commercial spyware — although it did not name them. Last year, researchers at the Atlantic Council think tank mapped spyware vendors around the world, covering 42 different countries and 435 entities in its data set. They identified three major clusters in Israel, India and Italy. Jen Roberts, associate director of the Cyber Statecraft Initiative at the Atlantic Council, told POLITICO: “All three of these jurisdictions have pretty permissive environments with more or less state involvement in some fashion. The Indian cluster is the most common for a ‘hack-for-hire’ market. The Italian cluster has the oldest history of spyware. The Israeli cluster is the biggest chunk and probably the most well known, and most capable. “The U.S. and the U.K. are two of the largest investors into this market, but a lot of these firms often target diplomats and citizens of the U.S. and the U.K.” Nayana Prakash, a research fellow at the Chatham House think tank, said a “large pool of very talented tech professionals, very low labor costs and big underground market for hacking services” has meant that “there’s loads of things in India that you can get done if you know the right people.” “For groups to thrive in a country like India, or Russia, there has to be some level of the state being somewhat lax in enforcing certain laws,” she added. Shires added: “These companies would say their technology is always for national security, law enforcement and serious crime purposes. Their opponents will say this generally turns out to be journalists, dissidents and political opposition.” A 2022 report by the Citizen Lab research centre in Canada claimed that between 2020 and 2021 there were multiple infections of “Pegasus” spyware — created and sold by the Israeli company NSO Group — on U.K. government devices. These included people in both Downing Street and the Foreign Office, with operators of the spyware linked to the UAE, India, Cyprus and Jordan. The Council of Europe said Pegasus is known to have been sold to at least 14 EU countries. It took Britain until 2023 to call this out. “There’s a lot of hesitance against attribution, because it’s such a big step, and because it throws your cards on the table,” Chatham House’s Prakash said. NSO has long asserted that its technology is sold “for the sole purpose of fighting crime and terror.” STOPPING THE ARMS RACE In February, France and Britain convened a high-level meeting in Paris. It was the second such meeting to discuss the Pall Mall Process — an international effort led by the two nations which aimed at clamping down on the “proliferation and irresponsible use” of spyware and other commercial cyber intrusion capabilities. It established a code of practice and a joint declaration for countries that signed up to it — but it remains a voluntary scheme with limited engagement from the same threats it is seeking to curtail. The 24 countries that have signed up to its code of practice do not include Israel, India or nations such as the UAE that have been accused of using spyware irresponsibly. Similarly, none of the major spyware vendors are represented. A summary report by the organisers ahead of the meeting — emblazoned with “NOT UK/FRANCE GOVERNMENT POLICY” — spoke of the risks of the sector without highlighting any country or company involved in the use of spyware. The same former U.K. intelligence figure quoted earlier said that managing to get two permanent members of the United Nations Security Council to host a major event on the issue is “better than nothing,” but it has proven “very hard to get any country anywhere to act against malicious cyber actors on their own territory.” James Shires said the optics of having major players in cyber espionage dictating what other countries can do has likely limited participation in the initiative. “You have these major states that not only have their own domestic capabilities, but also have a commercial industry, and they want to control access to that industry around the world.” One major signatory, the United States, has also used its economic and diplomatic muscle to go much further than a non-binding declaration of allies. In 2021 the U.S. blacklisted NSO’s Pegasus alongside other Israeli, Russian and Singaporean spyware companies. In 2023, then-President Joe Biden signed an executive order to ban federal agencies from using spyware which could pose a risk to American security. The U.S. government followed this up a year later by threatening to impose visa restrictions on individuals involved in commercial spyware misuse and sanctions against the Intellexa Consortium. “These are all pretty blunt, effective actions,” Shires said. “The U.K. could have done all of that, but hasn’t. The U.S. is such a big market, so it can move on its own and have a big impact where the U.K. perhaps can’t.” However, the new administration under Donald Trump has rowed back some of these moves, amid a renewed appetite for domestic surveillance tools. Agents with the U.S. Immigration and Customs Enforcement will have access to technology from Israeli company Paragon Solutions, after its contract was halted to comply with U.S. spyware rules. Paragon has previously come under scrutiny by the Italian government.  The Atlantic Council’s Jen Roberts said: “Right now, the U.K. and the French are being looked at as the leaders in the future, as the new U.S. administration figures out its stance on this policy issue, though we’ve seen some positive signaling, like the U.S. being a signatory on the Pall Mall Process Code of Conduct.” GHCQ and NCSC were contacted to contribute to this piece. The U.K. government has a long-standing policy of not commenting on intelligence matters.

BRUSSELS — A plane carrying European Commission President Ursula von der Leyen was hit by GPS interference on Sunday, with Russia suspected of being behind the attack. “We can confirm there was GPS jamming but the plane landed safe,” Arianna Podestà, deputy spokesperson of the Commission, said in a statement shared with POLITICO. Von der Leyen is on a tour visiting “frontline states” Latvia, Finland, Estonia, Poland, Lithuania, Bulgaria and Romania, in an effort to underscore the European Union’s commitment to ramping up its defence and security capabilities. She arrived in Bulgaria on Sunday, where she visited an arms producer in Sopot, accompanied by Prime Minister Rosen Zhelyazkov. The jet carrying von der Leyen to Plovdiv, Bulgaria’s second-largest city, was unable to use electronic navigational aids as a result of the interference, which forced the pilot to land using paper maps, the FT reported on Monday. Podestà said the Commission received information from Bulgarian authorities indicating that “they suspect this blatant interference was carried out by Russia.” “This incident underlines the urgency of the President’s current trip to frontline Member States, where she has seen firsthand the everyday threats from Russia and its proxies,” she said. GPS jamming and spoofing prevent aircraft from accessing navigation systems such as U.S. GPS or European Galileo, or distort the location data they receive, and are increasingly being deployed as a means to disturb civilian or military operations. European governments have warned about this form of deliberate interference, stating that it has been occurring in the Baltic Sea region since 2022, and have demanded that the European Commission take action against Russia and Belarus. Mathieu Pollet contributed reporting.

U.S. Director of National Intelligence Tulsi Gabbard is blocking America’s closest intelligence allies from receiving updates on Russia-Ukraine peace talks in a shock move that upends decades of tight cooperation. That effectively cuts America’s Five Eyes partners — the United Kingdom, Canada, Australia and New Zealand — out of the loop, stunning the intelligence community that has relied on the network since the end of World War II. In a July 20 directive signed by Gabbard, reported by CBS, the U.S. intelligence community was given orders to classify all analysis and information related to the Russia-Ukraine peace negotiations as “NOFORN,” or no foreign dissemination, meaning the information cannot be shared with any other country or foreign nationals. While it carved out exceptions for diplomatic channels and battlefield intelligence for Ukraine, it strikingly excludes sharing from the Five Eyes intelligence alliance, one of the closest spy networks in the world. “When you talk about Five Eyes, you’re talking about a lot of integrated systems and capabilities,” said Philip Davies, director of the Brunel Centre for Intelligence and Security Studies in London. Davies added that there has been a lot of speculation that sharing with the U.S. is being dialed down by the other four members because of “the vagaries of the Trump administration.” The move by Gabbard is the second major curb on intelligence-sharing by President Donald Trump’s administration this year. In March, the U.S. abruptly cut Kyiv off in a bid to pressure Ukraine into talks with Russia. That move rattled Europe’s spy chiefs, who quickly convened in Paris to ramp up their own support to Ukraine — including beefing up intelligence from European satellites. Meanwhile, earlier this week The Wall Street Journal reported that the U.S. could once again use intelligence-sharing as a pressure mechanism to encourage Kyiv to agree to a potentially disadvantageous deal with Moscow. “It is quite a sad read,” one European intelligence official said of the latest Gabbard decision, after being granted anonymity to speak candidly. “We don’t feel it yet, but it is not a good direction. It is said [Gabbard] is strongly pro-Russian.”  Trump’s behavior has added momentum to intelligence being part of Europe’s push for strategic autonomy and reducing reliance on the U.S. This spring’s suspension of battlefield information — crucial for Ukrainian soldiers — was the final push many in Europe’s services needed to begin to shed decades of siloed thinking and start working toward joint intelligence that not only informs national governments but feeds directly into policy debates in Brussels. One sign of this shifting climate came on April 11 at the annual Single Intelligence Analysis Capacity meeting in Brussels chaired by the EU’s top diplomat Kaja Kallas. While in the past the event was often skipped by national intelligence heads, this year’s meeting was attended by senior European spy chiefs. On Wednesday, Gabbard separately announced plans to overhaul her office, cutting hundreds of staff and consolidating teams focused on countering malign influence and cyber threats.