ABSTRACT
The global security environment of 2025 is characterized by a fundamental shift in conflict architecture, moving away from conventional force parity toward continuous, asymmetric coercion designed to exploit the cognitive vulnerabilities and systemic interdependencies of adversary states. This report delineates the emerging standards of Foreign Information Manipulation and Interference (FIMI) and the evolution of hybrid warfare doctrine, establishing their profound geopolitical significance in transforming domestic politics into a core national security domain. The objective is to produce a high-fidelity assessment of these new paradigms, grounded in verifiable data from intergovernmental organizations, official state reports, and top-tier academic research, providing a framework for strategic policy adaptation.
The Epistemological Battlefield: Defining FIMI, Hybrid Warfare, and the Erosion of Cognitive Sovereignty
The conceptual boundary between traditional propaganda and modern FIMI defines the current state of informational conflict. FIMI is recognized as a multi-dimensional threat, existing critically at the intersection of national security, information integrity, and the stability of democratic governance.1 The distinguishing characteristic of FIMI is its reliance on sophisticated manipulative techniques rather than the mere dissemination of opinion, targeting vulnerabilities within the information ecosystem itself.1 This manipulative behavior is often described as a mostly non-illegal pattern of conduct that possesses the potential to negatively impact democratic values, procedures, and political processes.2 This legal ambiguity is not incidental; it is a core asymmetric advantage. By operating consistently within this “grey zone,” state and non-state threat actors compel targeted governments to delay or complicate their response, struggling to mount a proportionate, rapid countermeasure within existing democratic legal frameworks.2 This lag time—the necessary duration required to verify, attribute, and legally address a campaign—maximizes the propagation of the intended systemic damage, particularly the erosion of internal political trust and fracture of social cohesion, thereby maximizing the return on investment for the aggressor.
The architecture of FIMI operations is increasingly sophisticated and globally coordinated. Reports from the European External Action Service (EEAS) expose this operational structure, detailing how both state and non-state actors engage in these campaigns.3 Their primary goal is to exploit existing internal political tensions in order to influence policy decisions and undermine the relationship between key governments, such as the European Union (EU), and local communities.3 The strategic targeting of these campaigns is clear: FIMI activity seeks explicitly to stoke polarization and internal divisions while simultaneously undermining the EU’s global standing and its ability to pursue core policy objectives and interests.4 The EEAS’s work to monitor and respond to this threat focuses in particular on threat actors emanating from Russia and China, whose coordination involves diplomatic networks and security services to carry out sophisticated FIMI attacks.4 For governments to marshal and administer an effective national-level approach to countering this foreign state manipulation, dedicated governance structures and institutions must be established within government bodies, tasked specifically with leading national efforts and coordinating international engagement based on fact-based digital communication.1
This doctrinal evolution in informational conflict directly correlates to a fundamental restructuring of defense and security commitments across the transatlantic alliance. The IISS defines hybrid warfare as the integrated use of military and nonmilitary tools in campaigns designed to achieve strategic surprise, seize the initiative, and gain both psychological and physical advantages.5 Tools employed span diplomatic instruments, sophisticated and rapid information operations, electronic and cyber tools, covert military action, and targeted economic pressure.5 The gravity of this expanding threat, particularly from the Russian Federation, has been formally quantified by NATO. The 2025 Patterson Report, adopted by the Defence and Security Committee at the 71st Annual Session in Ljubljana, Slovenia, stated bluntly that the Russian Federation poses the most significant and direct threat to Allies’ security.6 Russia is actively employing an expanding range of hybrid warfare tactics across the Alliance, designed explicitly to sow discord among allies with the ultimate goal of splintering Allied cohesion and breaking NATO apart.6
The response to this shadow war has necessitated an abrupt and substantial policy change. At the 2025 The Hague Summit, Allied Heads of State and Government agreed upon their most ambitious defense spending targets to date, formally integrating the cost of hybrid defense into core budgetary mandates.6 The new requirement pushed defense spending up to 5% of GDP, with 3.5% dedicated to core defense requirements and a dedicated 1.5% allocated explicitly for security-related investments.6 The explicit allocation of 1.5% of national economic output toward non-conventional “security-related investments” formalizes the cost of defending against asymmetric threats like FIMI and resilience building. This quantitative policy shift elevates hybrid defense from a discretionary intelligence activity to an institutionalized strategic pillar. The success of a hybrid campaign is therefore measured not by territorial gain, but by the delay and cost imposed on the alliance’s collective response mechanisms. By employing tactics designed to sow discord, the aggressor successfully slows, complicates, and potentially vetoes collective decision-making, leading Allies to recognize that stronger deterrence and defense remains the only viable strategy against Russia.6
The New Calculus of Asymmetry: AI, Deepfakes, and the Quantum Horizon
The introduction of advanced technological capabilities, particularly Generative Artificial Intelligence (AI) and the projection of Quantum Computing (QC), represents a critical inflection point, fundamentally altering the calculus of asymmetric conflict and deepening the doctrine of cognitive warfare.
AI Acceleration and the Crisis of Verifiability
The proliferation of AI-driven tools has precipitated an immediate and demonstrable crisis of verifiability within the information environment. This threat is now quantified by a significant strategic capability-preparedness gap within key democratic regions. October 2025 research conducted by ISACA found that 51% of European IT and cybersecurity professionals identify AI-driven cyber threats and deepfakes as their biggest concern heading into 2026.7 This professional anxiety stands in stark contrast to institutional readiness, as only 14% of respondents feel their organizations are ‘very prepared’ to manage the associated risks.7 This disparity quantifies a systemic vulnerability that hostile state and non-state actors are actively exploiting.
The shift from theoretical risk to operationalized political manipulation is evident in Q1 2025 data tracking deepfake incidents. 14% of recorded deepfake incidents during this period were explicitly dedicated to political manipulation.8 These operations include the fabrication of statements by political figures, false endorsements, and targeted attempts to influence election outcomes, confirming that the potential for deepfakes to undermine trust in democratic institutions now poses a significant societal threat.8 Crucially, AI enables these FIMI campaigns to operate seamlessly across jurisdictional and geographic boundaries, effectively defeating traditional attribution methods. Documented cross-border impacts include the AI-generated audio of a Ukrainian presidential candidate falsely discussing election manipulation, and deepfake videos of Donald Trump making statements about foreign leaders, demonstrating the coordinated use of false imagery to create inflammatory or compromising scenarios.8 The exponential speed and scale of AI-driven FIMI deployment, capable of producing mass, hyper-realistic content simultaneously across multiple linguistic platforms, has eliminated the traditional window for truth verification. This strategic outcome is the permanent collapse of public confidence in any verifiable digital evidence, ensuring that the manipulated narrative achieves critical mass before effective refutation is possible.
The urgency posed by this capability-preparedness gap compels divergent regulatory responses across the transatlantic space. The pressure articulated by cybersecurity professionals 7 is a direct cause for the EU’s proactive, maximalist regulatory posture, particularly the mandatory deepfake labeling requirements stipulated under the Digital Services Act (DSA).9 This stands in sharp philosophical contrast to the United States‘ decision to cease centralized governmental frameworks to counter FIMI in 2025, viewing such activities as potentially infringing upon free expression.10 This rapid policy divergence creates a critical seam for adversaries to exploit.
The Quantum Asymmetry: Strategic Cryptographic Decay
Beyond the current threat horizon of AI, the projected dominance of Quantum Computing (QC) introduces a long-term, existential threat defined by strategic cryptographic decay. Experts agree that QC is an inevitable advancement poised to revolutionize computational technology and fundamentally alter how conflicts are managed.11 Unlike classical computers, which process information symmetrically, QC utilizes qubits to perform complex calculations at unprecedented speeds, making previously unsolvable problems within reach.11
For defense and national security, the implications are profound and encompass a silent takeover of strategic infrastructure. Key risks include the loss of current cryptographic infrastructure, the catastrophic decay of Signals Intelligence (SIGINT), and the ability for hybrid actors to bypass network security in real time.12 The deployment of fully capable QC would enable hybrid actors to engage in stealthy operations, including clandestine efforts to coerce, sabotage, or communicate in the electromagnetic spectrum, while simultaneously providing aggressors the capability to unveil the stealth technologies relied upon by NATO and the EU.12
The greatest concern regarding QC is the introduction of retrospective strategic surprise through “Store Now, Decrypt Later” capabilities. The cryptanalytic power of fully mature QC means that adversaries are currently harvesting massive amounts of sensitive, currently encrypted data—including military planning, industrial secrets, and diplomatic cables—protected by contemporary, symmetric cryptography. The intention is to decrypt this data instantaneously once QC is achieved.12 This possibility shifts the vulnerability timeline backward, requiring immediate defensive investment in post-quantum cryptography to prevent future strategic compromise. The capability to degrade conventional military advantages and decision-making superiority demands that post-quantum cryptography development be integrated as a critical defense requirement alongside the core 3.5% GDP defense budget.6
The Doctrine of Cognitive Warfare
The technological acceleration provided by AI and the potential of QC must be understood within the expanding doctrine of cognitive warfare. This doctrine focuses on influencing and disrupting adversary decision-making cycles by leveraging ideological and informational tools.13 The goal is not merely to disrupt operations, but to achieve perceptual incursions—the manipulation of public opinion to influence strategic military and budgetary allocations.
The connection between information warfare and strategic deterrence stability is now being quantified by major security research bodies. The SIPRI Yearbook 2025 provides an overview of developments in international security, specifically advocating for AI arms control regimes and “human-in-the-loop” protocols in critical systems to mitigate bias and nuclear risks.13 These prescriptive measures are aimed at reducing strategic miscalculation probabilities by an estimated 30% (with a margin of error of 13% from trial data).13 This mathematically links the threat of FIMI and cognitive manipulation directly to the probability of large-scale military conflict. Furthermore, the IISS October 2025 recommendations prioritize 10% budget reallocations to littoral defenses specifically to enhance Black Sea deterrence against Russian “perceptual incursions”.13 This confirms that perceived cognitive influence directly dictates the deployment of hard military assets and the necessity for defensive spending.
Weaponizing Global Interdependence: Statecraft Through Supply Chains and Critical Infrastructure
The operational methodology of hybrid warfare actors has shifted decisively toward the targeted, asymmetric coercion of global logistical and economic systems, transforming global interdependence from an economic advantage into a strategic liability for democratic states. This methodology centers on the weaponization of critical infrastructure and logistical chokepoints.
The Logistics Chokepoint as an Asymmetric Tool (MOOTW)
A critical case study illustrating this new standard occurred in October 2025, demonstrating how easily commercial corridors can be transformed into geopolitical chokepoints. Following Russian–Belarusian wargames that involved at least 19 unmanned aerial vehicles (UAVs) entering Polish airspace, Poland suspended rail traffic on its eastern border.15 This action immediately halted 90% of rail freight moving from the EU to the PRC, a major artery of the PRC’s New Silk Road.15
This incident provides a textbook definition of an asymmetric hybrid threat, often classified as Military Operations Other Than War (MOOTW), because the strategic effect (the disruption of global trade and supply chains) was achieved without crossing a conventional military threshold.15 The rapid shutdown revealed how quickly commercial logic is replaced by the logic of security when faced with non-conventional pressure, demonstrating a critical vulnerability in Europe’s strategy to deal with Russia’s hybrid playbook.15 Adversaries achieve significant geopolitical leverage by targeting single points of failure in complex supply chains. This localized military exercise cascaded into a massive interruption of global trade, creating simultaneous economic pressure on both EU importers and PRC exporters.
This weaponization of interdependence confirms the strategic objective articulated in earlier defense literature: the use of economic pressure alongside sophisticated information and cyber operations targeting strategic sectors such as transport, energy supply, space, and the financial system.5 The resulting systemic instability demands a comprehensive approach to securing industry, energy production, health, and food safety.5
Economic Defense and Strategic Resource Vulnerability
The persistent nature of hybrid attacks aimed at logistics and infrastructure requires strategic policy shifts toward resilience. The US intelligence and defense community now advocates for treating biological data as a strategic resource, similar to the Department of Energy’s critical mineral reserves.13 Policy prescriptions emphasize the need for cross-border supply chain pacts designed to build resilient reserves, with scenario modeling projecting a $12 billion ROI in wartime sustainment by 2030 (10%) through these resilience measures.13
This approach dictates a shift away from sole reliance on just-in-time efficiency toward geopolitical security. For example, bilateral Mexico–US cooperations are being advocated to yield a 15% uplift in manufacturing (9%).13 In resource competition, recommendations include countering the expansion of actors such as China in West Africa through mineral pacts with over 20 states, a move designed to avert an estimated 22% loss in critical access (8%).13
The financial and energy nexus remains a primary surface area for hybrid coercion. The integrated campaign methodology utilizes rapid electronic and cyber operations coupled with economic pressure to disrupt financial systems and energy networks.5 The ongoing nature of this shadow war is confirmed by reports tracking state-sponsored cyber activities and hacktivism targeting critical infrastructure, such as logistics software and energy sabotage, underscoring the shift to perpetual, non-kinetic conflict.15 Because the global economy is predicted to face sustained inflationary pressure, with global inflation forecasted to decline only to 4.5% in 2025 17, targeted hybrid attacks that increase economic uncertainty amplify underlying stress, making the coercive effect exponentially stronger. Securing these vital sectors requires the legislative and technological harmonization across borders, validating the EU‘s adoption of measures to secure civil sector critical infrastructure against state-level hybrid threats.5
The Policy Chasm: Divergence in Transatlantic Counter-FIMI Strategy in 2025
The necessity of rapid defensive action against FIMI has led to a fundamental and profound divergence in strategic and legislative responses between the European Union and the United States in 2025. This policy chasm introduces a substantial vulnerability that undermines the collective security posture of the democratic West.
The EU’s Regulatory Fortress: The DSA and Systemic Accountability
The EU has adopted a maximalist, highly centralized regulatory approach, institutionalizing sovereignty over the digital information space through the Digital Services Act (DSA).9 The DSA imposes strict, mandatory obligations on Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) to mitigate systemic risks that their services create.9 This framework demands that these platforms analyze and mitigate systemic risks related to electoral processes, the amplification of illegal content, and the dissemination of disinformation.9
Crucially, the DSA directly addresses the new asymmetric standard of AI-driven manipulation. Specific provisions require platforms to implement election-specific measures, including adapting recommender systems, promoting verified official information, and the critical measure of clearly labeling content generated by AI, such as deepfakes.9 By endorsing the voluntary Code of Practice on Disinformation and integrating it as a benchmark for platform compliance, the EU successfully links technical mitigation requirements (like AI labeling) directly to the preservation of democratic integrity.9 The DSA ensures that VLOPs and VLOSEs must allocate sufficient resources for European elections and establish incident response mechanisms, effectively moving FIMI defense from a nebulous foreign policy problem to an audited compliance issue that guarantees resource allocation for defense.9
This proactive institutional framework is supported by the EEAS’s significant, long-term commitment, building up capabilities since 2015 to identify, analyze, and respond to FIMI.4 The EEAS’s work involves developing shared taxonomies and publishing detailed reports exposing the operational architecture of these threats.3 The stringent nature of the DSA creates a “Brussels Effect” in FIMI defense: by dictating the operational standard for digital risk management for all globally operating platforms, the EU effectively ensures a high level of defense for its member states, irrespective of the platform’s origin.20
The US Strategic Withdrawal: The Free Speech Paradigm
In sharp contrast, the United States executed a strategic withdrawal from its centralized counter-FIMI efforts in 2025. The September 17, 2025, press statement from the US State Department confirmed the cessation of all Frameworks to Counter Foreign State Information Manipulation and any associated instruments.10 This followed the April 16 directive from Secretary of State Marco Rubio ordering the closure of the Department’s Counter FIMI Hub, which was formerly known as the Global Engagement Center (GEC).10
The official rationale for this institutional dismantling was that the previous counter-disinformation framework “devolved into tools for political censorship instead of protecting Americans from foreign adversarial propaganda”.10 This action aligns with the January 20, 2025, Executive Order on Restoring Freedom of Speech, which prohibits federal censorship.10 The new policy posits that the United States will counter genuine malign propaganda through the exercise of free speech, rather than relying on centralized government attribution and response.10
This policy shift creates a severe, self-imposed asymmetric vulnerability that directly undermines the collective security of US allies. The closure of a critical federal FIMI attribution and response structure severs a vital node for threat intelligence sharing within NATO and other partner networks. Adversaries are thereby provided with an unchecked informational battlespace within the world’s largest digital economy. The ideological conflict over FIMI governance—where the EU views it as a security threat requiring systemic platform control 1 and the US views institutional countermeasures as a potential domestic threat to expression 10—is now operationalized as a strategic liability for the West, providing a critical seam for hybrid actors to weaponize the very democratic values the alliance seeks to protect.
The New Deterrence Posture: Reconfiguring Geopolitical Resilience
The confluence of sophisticated FIMI campaigns, technological acceleration, and weaponized global interdependence demands a fundamental reconfiguration of the transatlantic deterrence posture. Success against hybrid warfare is shifting from a focus on kinetic retaliation to achieving instantaneous, systemic resilience and the denial of strategic effect.
Reconstituting Cohesion and Strategic Burden-Sharing
The financial commitment agreed upon at the 2025 The Hague Summit—the 5% GDP defense requirement, including 1.5% for security-related investments 6—must be translated from a financial metric into a unified hybrid defense doctrine. This dedicated security investment must be prioritized for advanced OSINT, intelligence sharing, and, most critically, attribution capabilities necessary to counter non-kinetic acts. Deterrence against asymmetric tactics hinges on the ability to immediately and confidently attribute actions such as supply chain manipulation 15 or deepfake campaigns 8 to state actors, requiring international consensus on the standard of proof for grey zone aggression.
Since hybrid attacks operate intentionally within the non-legal grey zone 2, traditional deterrence models based on massive retaliation are ineffective. The strategic priority shifts toward denial—making the target so robustly resilient that the hybrid attack fails to achieve its intended political or economic outcome, thereby reducing the aggressor’s return on investment. This principle validates the EU’s focus on systemic risk mitigation under the DSA.9
Furthermore, geopolitical cooperation must adapt to bypass fragmented national structures. Given the institutional discontinuity represented by the US withdrawal from centralized counter-FIMI efforts 10, allies must institutionalize parallel, verified intelligence-sharing channels. This involves leveraging high-level defense forums (NATO) and international regulatory bodies (EEAS) to maintain a continuous, verified threat picture that remains impervious to shifting domestic policies or ideological conflicts over censorship.
The Unified Technological and Cognitive Defense Strategy
The long-term stability of the international system depends on successfully defending the integrity of information and the security of critical data assets against sophisticated state manipulation. This requires mandating cognitive safeguards across technological domains. The SIPRI 2025 recommendations to implement human-in-the-loop protocols and multilateral export controls for advanced AI must be adopted as a hard security measure, not merely an ethical consideration, essential for the stated goal of reducing strategic miscalculation by 30%.13
Simultaneously, the alliance must address the existential threat of QC through preemptive defense measures. A mandatory, time-bound framework for post-quantum cryptography (PQC) migration must be established across all critical military, intelligence, and civilian infrastructure (including energy and finance).12 This PQC migration is necessary to preempt the inevitable strategic surprise posed by the capability to silently compromise current cryptographic integrity.11
Finally, policy recommendations must enforce the strategic protection of key data and critical supply chains, recognizing these assets as active targets of asymmetric coercion. This includes treating biological data as a strategic resource and enforcing measures to secure critical mineral and API dependencies, exemplified by the policy push for resilient regional pacts.13 The ultimate strategic competition is shifting from a purely military-economic race to an institutional and cognitive endurance test. The persistence of FIMI and hybrid tactics 6 represents a long-term strategy by adversaries to outlast and exhaust democratic systems. The test for NATO and its partners is demonstrating the institutional resilience and patience necessary to sustain democratic governance while under constant, non-kinetic attack.
Chapter Index
| Chapter Number | Chapter Title |
| I | The Epistemological Battlefield: Defining FIMI, Hybrid Warfare, and the Erosion of Cognitive Sovereignty |
| II | The New Calculus of Asymmetry: AI, Deepfakes, and the Quantum Horizon |
| III | Weaponizing Global Interdependence: Statecraft Through Supply Chains and Critical Infrastructure |
| IV | The Policy Chasm: Divergence in Transatlantic Counter-FIMI Strategy in 2025 |
| V | The New Deterrence Posture: Reconfiguring Geopolitical Resilience |
The Epistemological Battlefield: Defining FIMI, Hybrid Warfare, and the Erosion of Cognitive Sovereignty
The defining characteristic of modern geopolitical contestation in 2025 is the deliberate inversion of conventional warfare principles, prioritizing the systemic manipulation of information and cognition over traditional force projection. This new operational standard hinges upon what the European External Action Service (EEAS) formally designates as Foreign Information Manipulation and Interference (FIMI), a multidimensional threat situated precisely at the critical intersection of national security, information integrity, democratic governance, and the expanding domain of hybrid warfare.1
Crucially, FIMI is distinguished from mere state propaganda by its sophisticated methodology; it relies upon manipulative techniques to exploit vulnerabilities within the information ecosystem, rather than simply expressing a biased opinion or disseminating overtly false claims.1 This manipulative pattern of behavior is frequently designed to operate within a specific legal “grey zone,” characterized as mostly non-illegal conduct that nonetheless threatens or possesses the potential to negatively impact fundamental democratic values, procedures, and political processes across target states.2 This calculated ambiguity is the core of the asymmetric advantage, compelling targeted governments to engage in lengthy, complex legal and intelligence attribution cycles that maximize the campaign’s propagation time before an effective, legally proportionate response can be administered.2 The strategic delay inherent in a democratic response mechanism allows the erosion of public trust and the fracture of social cohesion to achieve critical, irreversible political mass, constituting the aggressor’s primary return on investment.
The operational architecture of these FIMI campaigns is globally coordinated and strategically focused, reflecting a sophisticated long-term geopolitical objective. State and non-state actors participate actively in these campaigns, with intelligence reports repeatedly attributing high-volume activity to actors emanating from the Russian Federation and the People’s Republic of China (PRC). The EEAS’s third comprehensive report on FIMI threats, released in March 2025, mapped out the digital infrastructure deployed by these foreign actors to manipulate the information space of the European Union (EU) and its global partner countries.3 The campaigns are engineered explicitly to exploit existing internal political tensions within the EU’s member states, aiming to influence policy decisions, undermine key diplomatic relations between the EU and local communities, and stoke polarization and divisions across the bloc.4 The ultimate strategic objective articulated by the EEAS is the undermining of the EU’s global standing and its ability to pursue core policy objectives and interests, validating that FIMI is fundamentally an instrument of high-level foreign policy and security coercion.5 In the case of Russia, these operations are carried out through coordinated efforts that leverage diplomatic networks and state security services.5 For the Kremlin, the weaponization of information is a geopolitical tool characterized in 2024 and 2025 as an attempt to construct a False Façade, primarily designed to conceal extensive pro-Kremlin information laundering operations. To effectively marshal a national-level approach against such sophisticated state-sponsored manipulation, governments must establish designated governance structures and institutions specifically tasked with leading and coordinating national efforts, including international engagement and fact-based digital communication, thereby acknowledging the need for formalized internal defenses against the external threat.1
This informational offensive is inextricably linked to the broader, integrated doctrine of hybrid warfare, which the International Institute for Strategic Studies (IISS) defines as the integrated use of military and non-military tools within a synchronized campaign.6 These campaigns are designed with the specific objective of achieving strategic surprise, seizing the initiative, and generating both psychological and physical advantages over the target nation or alliance.6 The toolset employed is comprehensive and spans the entire spectrum of statecraft, including diplomatic instruments, sophisticated and rapid information operations, electronic and cyber tools, covert and, occasionally, overt military and intelligence actions, and targeted economic pressure.6 The deliberate targeting of strategic sectors such as transport, energy supply, space, and the financial system is central to this doctrine, requiring coordinated measures to secure industry, energy production, health, and food safety across the European landscape.6 The gravity of the threat posed by this expanding playbook, particularly from the Russian Federation, has compelled the North Atlantic Treaty Organization (NATO) to make abrupt and comprehensive changes to its defense and deterrence policy.7 The 2025 Patterson Report, adopted by the Defence and Security Committee at the 71st Annual Session in Ljubljana, Slovenia, on October 12, 2025, stated unequivocally that the Russian Federation poses the most significant and direct threat to Allied security.7
Russia is actively engaged in a dangerous shadow war with NATO Allies, employing an expanding range of hybrid warfare tactics designed explicitly to sow discord, splinter Allied cohesion, and ultimately dismantle the NATO structure.7 The response to this persistent and expansive coercion has necessitated an unprecedented financial and strategic commitment. At the 2025 The Hague Summit, Allied Heads of State and Government formally adopted their most ambitious defense spending requirements to date, pushing the target threshold up to 5% of GDP.7 This target is meticulously broken down to reflect the new realities of the hybrid threat: 3.5% is dedicated to traditional core defense requirements, while a mandatory 1.5% is allocated explicitly for security-related investments.7 This allocation of 1.5% of national economic output towards “security-related investments” is the formal recognition of the fiscal cost of defending against asymmetric, non-kinetic threats like FIMI and resilience building. The consensus within the Alliance is that stronger deterrence and defense remains the only viable strategy against Russia as the conflict in Ukraine continues.7 Furthermore, this policy change includes turbocharging and scaling the transatlantic defense industrial base to significantly increase output, ensuring the capability to meet the requirements of NATO’s new regional defense plans.7 The strategic success of the adversary’s hybrid campaign is measured not by territorial gain, but by the delay, cost, and disruption imposed upon the collective response mechanisms, underscoring why investment in speed and resilience is paramount.
The underlying objective driving the integration of FIMI and hybrid warfare is the achievement of cognitive superiority, making the human mind the central target and weapon in the conflict continuum. Cognitive warfare is not merely a tactic; it is, as defined by the NATO Allied Command Transformation (ACT) framework, the fight itself. The concept involves deliberate and synchronized military and non-military activities aimed at gaining, maintaining, and protecting cognitive advantage. Its primary focus is the attack and degradation of rationality, which, when successful, leads to the exploitation of systemic vulnerabilities and the weakening of the targeted society. The complexity of this environment is magnified by the inclusion of non-military targets, such as civilian populations and legal structures. For example, Russian social media and public information operations have been documented in their attempts to label Ukraine as the entity at fault for conflict, using a combination of communications technologies, fabricated news stories, and perceptions manipulation to influence global public opinion and decay public trust in open information sources. The strategic competitor China describes cognitive warfare as the use of public opinion, psychological operations, and legal influence, often termed “Lawfare,” to achieve victory. This expansion of the battlefield to include the law, rule-of-order, and general civil constructs has a profound impact, as it exposes the vast majority of civilians and non-combatants to hostile influence. This deliberate targeting of adversary decision-making cycles is key to leveraging ideological and informational tools for strategic gain.
This doctrinal expansion is being accelerated by the exponential advance of technology, particularly Generative Artificial Intelligence (AI), which has precipitated an immediate and verifiable crisis of authenticity in the information domain. Research conducted by ISACA, released on October 21, 2025, reveals a stark, quantified capability-preparedness gap across the European security landscape.8 The report found that 51% of European IT and cybersecurity professionals identify AI-driven cyber threats and deepfakes as their greatest concern heading into 2026.8 This level of professional anxiety contrasts sharply with the measured institutional readiness, as only 14% of those respondents felt their organizations were ‘very prepared’ to manage the associated risks from Generative AI.8 This 37% gap quantifies a systemic vulnerability that hostile state and non-state actors are actively exploiting to achieve informational superiority.8 The operational shift from theoretical risk to documented political manipulation is confirmed by Q1 2025 data tracking deepfake incidents, where 14% of all recorded incidents during this period were specifically dedicated to political manipulation.9 These operations encompass the fabrication of false endorsements, fabricated statements by key political figures, and targeted attempts to influence election outcomes, validating that the potential for deepfakes to fundamentally undermine trust in democratic institutions is a significant and active societal threat.9
The cross-border nature of this threat, enabled by the scalable production capability of AI, further eliminates the traditional concept of informational sovereignty. Documented incidents include AI-generated audio of a Ukrainian presidential candidate falsely discussing election rigging, alongside deepfake videos of Donald Trump making inflammatory statements about foreign leaders and international policies.9 This borderless characteristic of the threat, where false imagery can be generated and distributed simultaneously across multiple linguistic platforms at scale, ensures that the manipulated narrative often achieves critical mass before human-led verification and refutation is possible.9 Adversary actors, particularly Russia and China, are characterized by their continuous adaptation, harnessing new and emerging technologies like AI to circumvent restrictive measures. AI has become increasingly frequent in 2024, used both to facilitate large-scale content creation—for instance, by large Russian state-run FIMI actors like RIA Novosti—and to enable the automation and scaling-up of content distribution across networks. The strategic significance of this is that the capacity to generate mass, hyper-realistic, and contextually targeted disinformation now far outstrips the capacity of democratic institutions to detect, attribute, and respond to it, turning the crisis of verifiability into a crisis of national stability.
Beyond the immediate horizon of AI-driven FIMI, the projected dominance of Quantum Computing (QC) introduces a silent, long-term, and existential threat defined by strategic cryptographic decay. Experts across the defense community agree that QC is an inevitable advancement poised to fundamentally revolutionize computational technology and the management of future conflicts.10 Unlike classical computers, which process information sequentially using binary bits, QC utilizes quantum bits, or qubits, to perform complex calculations at speeds currently unattainable by even the most powerful supercomputers, rendering previously unsolvable problems within reach.10 For defense and national security, the implications are vast and encompass a strategic silent takeover of critical infrastructure.11 The primary risks include the catastrophic loss of current cryptographic infrastructure, the decay of Signals Intelligence (SIGINT) capabilities, and the ability for hybrid actors to bypass network security in real time.11 The deployment of fully capable QC would enable hybrid actors to engage in highly stealthy operations, including clandestine acts of influence, coercion, or sabotage within the electromagnetic spectrum, while simultaneously granting aggressors the capability to unveil the stealth technologies relied upon by NATO and the EU.11 This creates an asymmetric vulnerability that includes the loss of technological leadership and a silent takeover of civilian and military critical infrastructure.11
The most concerning aspect of QC is the potential for retrospective strategic surprise enabled by the “Store Now, Decrypt Later” methodology. The cryptanalytic power of a fully mature QC system means that sophisticated adversaries are currently harvesting massive volumes of sensitive, currently encrypted data—ranging from military planning and classified industrial secrets to high-level diplomatic cables—protected by contemporary, symmetric cryptography. The ultimate intention is to decrypt this archived data instantaneously once the QC capability is achieved.10 This possibility shifts the vulnerability timeline backward by decades, demanding immediate, preemptive defensive investment in post-quantum cryptography (PQC) to prevent future strategic compromise across all core systems.11 The requirement to integrate PQC development alongside the core 3.5% GDP defense budget and the 1.5% security-related investment 7 is now an essential prerequisite for maintaining the conventional military advantage and decision-making superiority that the alliance currently holds.
In response to this converging threat landscape, the transatlantic alliance has witnessed a profound and problematic policy divergence in 2025, creating a critical seam for adversaries to exploit. The European Union has adopted a maximalist, highly centralized regulatory approach, institutionalizing the defense of its digital sovereignty through the comprehensive Digital Services Act (DSA).12 The DSA imposes strict, mandatory obligations on Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) to systematically mitigate risks posed by their services.12 This regulatory fortress demands that platforms analyze systemic risks related to electoral processes, the amplification of illegal content and disinformation, and the inauthentic use of their services.12 Specifically, the DSA mandates that platforms must implement election-specific risk mitigation measures tailored to local contexts, including promoting verified official information, adapting recommender systems, and—critically—clearly labeling content generated by AI, such as deepfakes.12 The EU further endorsed the integration of the voluntary Code of Practice on Disinformation into the DSA framework on February 12, 2025, making adherence to the Code a formal benchmark for determining platform compliance.12 This proactive stance, backed by the EEAS’s significant institutional commitment to identifying and analyzing FIMI since 2015 5, shifts the burden of defense onto the platforms themselves, guaranteeing resource allocation and accountability for systemic risk mitigation.
In sharp contrast, the United States executed a strategic withdrawal from its centralized counter-FIMI efforts in 2025. The September 17, 2025, press statement from Principal Deputy Spokesperson Thomas “Tommy” Pigott confirmed the cessation of all Frameworks to Counter Foreign State Information Manipulation and any associated instruments implemented by the former administration.13 This was preceded by the April 16 directive from Secretary of State Marco Rubio ordering the closure of the Department’s Counter FIMI Hub, formerly known as the Global Engagement Center (GEC).13 The official rationale provided for this institutional dismantling was that the previous counter-disinformation framework “devolved into tools for political censorship instead of protecting Americans from foreign adversarial propaganda”.13 This action aligned directly with President Trump’s January 20, 2025, Executive Order on Restoring Freedom of Speech, which prohibits federal censorship.13 The new policy posits that the United States will counter genuine malign propaganda through the exercise of free speech, rather than relying on centralized government attribution and response mechanisms.13 This fundamental ideological conflict over FIMI governance—where the EU prioritizes security and systemic control 12, and the US prioritizes untrammeled expression 13—is now operationalized as a major strategic liability for the collective defense of democratic societies. The closure of a critical federal FIMI attribution and response structure within the world’s largest digital economy creates an unchecked battlespace, providing a critical seam for hybrid actors to weaponize the very democratic values that the transatlantic alliance seeks to protect, complicating any unified response to the accelerating threat of cognitive coercion.
The New Calculus of Asymmetry: AI, Deepfakes and the Quantum Horizon
The contemporary geopolitical security landscape is defined by the immediate operationalization of Generative Artificial Intelligence (AI) and the nascent, yet existential, threat posed by Quantum Computing (QC), technologies that collectively introduce a new calculus of asymmetry into Foreign Information Manipulation and Interference (FIMI) and hybrid warfare doctrine. The speed and scale enabled by AI have fundamentally inverted the cost-benefit analysis of influence operations, making the manipulation of public opinion and the fabrication of identity cheap, ubiquitous, and virtually instantaneous. This shift is quantified by an exponential explosion in fabricated media, with projections indicating the volume of deepfake files online surged from approximately 500,000 in 2023 to a staggering 8 million projected files by 2025. This unprecedented volume increase—a factor of 16 in just two years—is not merely a technical novelty; it represents a new, unmanageable operational burden for democratic societies and their institutions. The sheer density of synthesized data ensures that the cognitive battlespace is perpetually saturated, enabling malign actors, including state entities like the Russian Federation and the People’s Republic of China (PRC), to run large-scale, hyper-realistic FIMI campaigns with near-zero latency and high political yield.
The technical sophistication of these AI-driven campaigns has created a critical failure point in human vigilance and trust, demanding a wholesale shift in defensive strategy. High-quality video deepfakes now exhibit a failure rate for human detection that is profoundly concerning, with human accuracy plummeting to a dismal 24.5% in controlled studies. Furthermore, a specialized 2025 study confirmed that a minuscule 0.1% of participants were capable of reliably identifying all fake and real media presented to them, confirming that human ability to discern digitally fabricated reality from authenticity is, for all practical purposes, negligible. This failure is actively exploited by threat actors who rely heavily on voice cloning as a top attack vector due to its low cost, speed, and high psychological impact. The core risk articulated by security analysts is the potential for fraud, identity theft, and sophisticated social engineering to be executed at scale, shifting the cybersecurity challenge from technical flaw exploitation to the direct manipulation of human vulnerabilities and emotional responses, particularly those of high-profile individuals and corporate executives. For financial institutions, this capability translates directly into tangible economic weaponization; the spike in fraud attempts grew by an astronomical 3,000% in 2023, with North America alone registering a 1,740% growth rate in fraudulent deepfake activity.
The immediate consequence of this rapid technological acceleration is a demonstrable and destabilizing capability-preparedness gap within key democratic regions. The professional security community in the European Union (EU) has quantified this anxiety. October 2025 research published by ISACA found that 51% of European IT and cybersecurity professionals cite AI-driven cyber threats and deepfakes as their most significant concern heading into 2026.1 This professional anxiety stands in stark opposition to institutional readiness, as only 14% of those same respondents felt their organizations were ‘very prepared’ to manage the associated risks from Generative AI.1 This quantifiable disparity of 37 percentage points illuminates a systemic vulnerability that hostile state and non-state actors actively penetrate, exploiting the lag time between the emergence of a new AI capability and the institutional adaptation of robust defensive protocols.1 State-sponsored threat actors, including large Russian state-run FIMI actors such as RIA Novosti, are already harnessing AI to facilitate large-scale content creation and enable the automation and scaling-up of content distribution, demonstrating continuous adaptation to circumvent existing restrictive measures.
The shift from theoretical risk to operationalized political coercion is evident in the specific targeting of democratic processes. During Q1 2025, 14% of all recorded deepfake incidents were explicitly dedicated to political manipulation.2 These campaigns are geographically expansive, utilizing cross-border elements to achieve maximum political interference and delegitimization. Documented examples include AI-generated audio of a Ukrainian presidential candidate falsely discussing election manipulation and deepfake videos of Donald Trump making inflammatory statements about foreign leaders and international policies.2 The global reach and instant deployability of this borderless threat—fabricated imagery and audio deployed across multiple linguistic platforms—ensure that the manipulated narrative reaches critical political saturation long before human-led verification or formal state refutation can be completed, underscoring the strategic goal of achieving cognitive superiority by permanently degrading trust in all forms of digital evidence.2 The EU‘s adoption of the Digital Services Act (DSA) and its election-specific risk mitigation guidelines, including the critical requirement for clearly labeling content generated by AI like deepfakes, is a direct, mandatory regulatory response to this accelerating threat.3 This proactive legal posture represents an attempt to force a defensive parity in the information arms race that the technology itself has fundamentally destabilized.
Yet, the current crisis posed by AI is merely the precursor to a long-term, existential threat posed by the projected dominance of Quantum Computing (QC), which introduces an asymmetry defined not by speed or scale, but by strategic cryptographic decay. Experts agree that QC represents an inevitable advancement poised to fundamentally alter the strategic balance of power and how future conflicts are managed.4 Unlike classical computers, which process information symmetrically using binary bits, QC leverages quantum bits, or qubits, enabling it to perform calculations at unprecedented speeds, making previously intractable security problems solvable.4 For the defense and national security sectors of the North Atlantic Treaty Organization (NATO) and the EU, the implications are profound and encompass a strategic silent takeover of critical infrastructure.5
The deployment of a fully capable QC system would immediately trigger the catastrophic failure of current cryptographic infrastructure, the decay of Signals Intelligence (SIGINT) capabilities, and the capacity for hybrid actors to bypass network security in real time.5 This capability would grant adversaries the ability to engage in highly stealthy operations, including clandestine efforts to influence, coerce, sabotage, or communicate within the electromagnetic spectrum, while simultaneously providing aggressors the means to unveil the stealth technologies relied upon by NATO and its allies.5 This technological leap introduces an asymmetric vulnerability that includes the loss of technological leadership and a silent, untraceable takeover of civilian and military critical infrastructure.5 The risk profile moves beyond conventional kinetic or cyber attack to an epistemic risk where the integrity of all secured communications is compromised.
The most insidious threat posed by QC is the potential for retrospective strategic surprise, often conceptualized as the “Store Now, Decrypt Later” capability. The cryptanalytic power of fully mature QC means that sophisticated state adversaries are currently engaging in the massive harvesting of sensitive, currently encrypted data—including military planning, classified industrial secrets, and high-level diplomatic cables—that is protected only by contemporary, symmetric cryptography. The intent is to instantaneously decrypt this archived data once QC is achieved, essentially compromising years or decades of past communications and planning in a single moment.5 This scenario shifts the vulnerability timeline backward, demanding immediate, preemptive defensive investment in post-quantum cryptography (PQC) migration to preempt future, inevitable strategic compromise.5 This PQC development is not a long-term IT initiative; it is a critical defense requirement that must be integrated alongside the core 3.5% GDP defense budget and the dedicated 1.5% allocated for security-related investments agreed upon at the 2025 The Hague Summit.6
The technological acceleration afforded by AI and the potential for strategic decay from QC must be understood as tools accelerating the operational doctrine of cognitive warfare. This doctrine leverages ideological and informational tools to influence and disrupt the adversary’s decision-making cycles, pushing the conflict into the realm of perceptual incursions. The goal is to manipulate public opinion and perceived threats to influence strategic military and budgetary allocations. The connection between information warfare and strategic deterrence stability is now being rigorously quantified. SIPRI‘s research on “Nuclear Weapons and Artificial Intelligence” advocates for the immediate adoption of AI arms control regimes and “human-in-the-loop” protocols in critical systems as a hard security measure, not merely an ethical consideration.7 These prescriptive measures are projected to mitigate strategic miscalculation probabilities by an estimated 30%, with an associated margin of error of 13% derived from trial data.7 This calculation mathematically links the integrity of the informational environment to the probability of large-scale military conflict.
Furthermore, the influence of perceived FIMI success dictates the deployment of hard military assets and the necessity for defensive spending. For instance, IISS October 2025 recommendations prioritize budget reallocations to physical military defenses based on threat perceptions. Specifically, the recommendations call for a 10% budget reallocation toward littoral defenses to enhance Black Sea deterrence against Russian “perceptual incursions” which are estimated to be at 15% effectiveness, with a margin of error of 7%.7 This confirms that success in cognitive warfare directly dictates the deployment of conventional military assets and the requirement for specific defensive expenditure, making the cognitive domain the primary indicator of necessary changes in kinetic force posture. The calculus of asymmetry in 2025 is thus defined by the ability of a state to leverage low-cost, high-volume AI and the long-term, existential threat of QC to achieve systemic, self-imposed instability in an adversary, compelling them to exhaust resources and distort strategic planning in defense of the cognitive domain.
Weaponizing Global Interdependence: Statecraft Through Supply Chains and Critical Infrastructure
The current era of hybrid warfare has fundamentally re-engineered the operational methodology of geopolitical competition, shifting the strategic focus from conventional force application to the targeted, asymmetric coercion of global logistical and economic systems. This transformation mandates that interdependent commercial networks are no longer viewed primarily as vectors for economic efficiency but as critical strategic liabilities and inherent single points of failure, ripe for exploitation by adversarial state actors. The new standard dictates that the core objective is to replace the logic of free trade with the logic of security, thereby imposing substantial, non-kinetic costs on adversaries. The International Institute for Strategic Studies (IISS) defines hybrid warfare as the integrated use of both military and nonmilitary tools within a synchronized campaign designed specifically to achieve strategic surprise, seize the initiative, and generate both psychological and physical advantages.1 The operational toolkit is expansive, including diplomatic instruments, rapid information operations, electronic and cyber tools, covert intelligence action, and, most critically in this context, targeted economic pressure.1 This expansive methodology prioritizes the disruption of strategic sectors, including transport, energy supply, space-based assets, and the global financial system, requiring a comprehensive defense strategy to secure industry, energy production, health, and food safety across the entire defensive perimeter.1
A textbook example illustrating this asymmetric standard occurred in October 2025, demonstrating the speed and ease with which commercial corridors can be weaponized into geopolitical chokepoints. Following Russian–Belarusian wargames, a series of events culminated in at least 19 unmanned aerial vehicles (UAVs) entering Polish airspace, a provocative military maneuver that fell deliberately below the threshold of conventional aggression. The Polish response was immediate and focused on systemic denial: the government suspended rail traffic on its eastern border, the boundary shared with the Russian ally Belarus. This localized military-intelligence pressure cascaded instantly into massive global logistical disruption, immediately halting approximately 90% of all rail freight moving from the European Union (EU) to the People’s Republic of China (PRC), a major artery of the PRC’s New Silk Road infrastructure project. The suspension, though temporary, revealed how rapidly the political logic of security supersedes the commercial logic of efficiency when faced with non-conventional threats. As the Polish government stated, the incident confirmed that the logic of trade was being replaced by the logic of security, exposing a critical vulnerability in Europe’s systemic resilience against the sophisticated Russian playbook of hybrid warfare. This kind of asymmetrical disruption, often classified as Military Operations Other Than War (MOOTW), achieves its strategic effect—a massive interruption of global trade, imposing simultaneous economic pressure on both EU importers and PRC exporters—without crossing a conventional military threshold, underscoring the high return on investment for the aggressor.
The deliberate targeting of critical national infrastructure (CNI) through cyber and electronic means forms the second pillar of this weaponized interdependence. The operational objective is to introduce persistent, low-level instability that increases the systemic cost of doing business, amplifies economic uncertainty, and degrades the functional trust between public and private sectors. The United Kingdom government’s analysis of Russian cyber and hybrid threat operations provides detailed attribution of these activities, specifically identifying units responsible for destructive cyber operations against CNI. Unit 74455, for instance, is identified as a highly sophisticated, longstanding cyber actor specializing in destructive cyber operations, principally targeting CNI, industrial control systems (ICS), and entities of strategic interest to Russia, including Ukrainian military and governmental targets. The history of this unit’s operations includes the NotPetya attack in 2017, a destructive cyber attack targeting the Ukrainian financial, energy, and government sectors, which had widespread and significant collateral impact on the global economy. Similarly, the deployment of BlackEnergy in 2015 against the Ukrainian energy sector demonstrated the capacity to cause operational disruption and power outages by targeting CNI. The persistence of this methodology is confirmed by the attribution by France of Unit 26165 for cyber-attacks on entities involved in the 2025 Olympic and Paralympic Games, demonstrating the continued, high-level focus on disrupting major international events and key national infrastructure within NATO member states. These non-kinetic attacks, which are often coupled with economic pressure and sophisticated information operations, aim to disrupt financial systems and energy networks to maintain a state of perpetual systemic tension, underscoring the shift to persistent, non-kinetic conflict, as evidenced by reports tracking state-sponsored cyber activities and hacktivism in various global conflicts throughout 2025.
The economic context amplifies the coercive effect of these hybrid attacks. Even as global inflation is projected to continue its steady decline to 4.5% in 2025 , and despite the International Monetary Fund (IMF) revising global growth projections upward to 3.2% in 2025 following unexpected resilience and policy adjustments, the targeted disruption from hybrid warfare acts as a stress amplifier. By increasing friction, transactional costs, and geopolitical uncertainty, localized acts of coercion disproportionately impact the overall economic outlook, making the global financial system perpetually susceptible to externally induced volatility. The complexity of the cyber landscape, driven by escalating geopolitical tensions, has profound and far-reaching implications for both organizations and nations, creating a more uncertain environment that elevates risk management to a central strategic concern. This instability requires a shift away from efficiency-at-all-costs to a dedicated focus on resilience and the defense of strategic resources, validating the NATO agreement at the 2025 The Hague Summit to push defense spending to 5% of GDP, with 1.5% explicitly dedicated to security-related investments that fund hybrid warfare defense and systemic resilience.3
This operational shift compels the intelligence and defense communities to treat key data and physical resources not merely as commercial goods but as strategic assets under constant asymmetric siege. Policy prescriptions across the transatlantic space are now mandating a strategic defense of these resources, moving from abstract risk assessment to quantified resilience investment. This includes the explicit recognition of biological data as a strategic resource, placing its protection alongside the Department of Energy’s critical mineral reserves.2 The focus is on building resilient reserves and ensuring supply chain continuity against wartime sustainment scenarios. Scenario modeling supports this strategic shift, projecting a $12 billion ROI in wartime sustainment by 2030 (10% derived from trial data) through the implementation of these resilience measures.2 Furthermore, this defense mandates geopolitical cooperation aimed at bypassing single points of failure. Bilateral Mexico–US cooperation is being actively advocated to yield an estimated 15% uplift in manufacturing capacity (9%), a direct measure designed to mitigate the vulnerabilities exposed by high API dependencies and complex global supply chains.2
The competition for strategic resources, particularly critical minerals essential for defense and digital technologies, is simultaneously being weaponized by state actors like the PRC. As part of a counter-expansion strategy, policy recommendations advocate for mineral pacts with over 20 states in West Africa to directly counter the growing influence of China and avert an estimated 22% loss in critical access (8%).2 This proactive resource diplomacy is now considered a vital component of hybrid warfare defense, recognizing that control over the materials that underpin modern military and digital infrastructure constitutes a pre-kinetic offensive posture. This same principle extends to physical infrastructure protection, where, for instance, IISS October 2025 recommendations prioritize a 10% budget reallocation to littoral defenses to specifically enhance Black Sea deterrence against Russian “perceptual incursions” which are estimated to be at 15% effectiveness, with a margin of error of 7%.2 The defense of strategic resources, therefore, is directly quantified in terms of necessary military expenditure and the projected avoidance of systemic failure, making it an integrated component of the new defense budget structures adopted by NATO Allies.
The geopolitical significance of this weaponization extends far beyond the immediate adversaries, manifesting as a deep transformation in the nature of statecraft and fragmenting the established global economic order. Interdependence is increasingly viewed by states not merely as an economic risk to be managed, but as an active source of strategic power to be instrumentalized. This active construction of fragmentation is not limited to the West; the pushback is becoming a pivotal factor driven by states in the Global South. The use of extraterritorial sanctions and the instrumentalization of economic networks by great powers are now widely regarded by many nations as violations of sovereign rights and new forms of neo-imperial power. This perception has led to severe pushback against aligning with Western-led sanctions regimes, with key states like India, Turkey, and South Africa maintaining independent positions or actively resisting secondary sanctions. Even more critically, states across Africa, Asia, and Latin America are increasingly hedging their geopolitical positions, utilizing their “geopolitical spoiling power” to extract concessions and assert greater strategic autonomy, often by playing competing initiatives, such as the PRC’s Belt and Road Initiative (BRI) against the Western-led Global Gateway (PGII) off each other. These reactions are enormous accelerants of cleavage within the global economic order, fueling demands for genuine reform of the structures of global economic governance, specifically targeting the perceived unrepresentative nature and geopolitical capture of the IMF and the World Bank. The weaponization of interdependence, therefore, has not only created an asymmetric advantage for hybrid aggressors but has simultaneously destabilized the consensus-based foundation of the entire post-war financial architecture.
The Policy Chasm: Divergence in Transatlantic Counter-FIMI Strategy in 2025
The urgency posed by accelerating Foreign Information Manipulation and Interference (FIMI) and the operational threat of Generative Artificial Intelligence (AI) has precipitated a profound and strategically destabilizing divergence in how the European Union (EU) and the United States conceptualize and institutionalize defense against non-kinetic state coercion in 2025. This policy chasm, rooted in fundamentally different interpretations of democratic governance and free expression, introduces a substantial vulnerability that undermines the collective security posture of the democratic West, effectively providing a seam for adversaries to exploit. The EU has established a highly centralized and mandatory regulatory fortress for the digital information space through the comprehensive Digital Services Act (DSA), representing a wholesale institutionalization of sovereignty over the digital environment.1 The DSA imposes strict, legally binding obligations upon Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs), compelling them to analyze, assess, and mitigate the systemic risks that their services create, particularly concerning negative effects on electoral processes, disinformation, and the amplification of illegal content.1 This framework demands that platforms adapt their internal systems, processes, and resources to ensure compliance, including setting up independent compliance mechanisms and conducting annual risk assessments within four months of designation.1
This regulatory posture explicitly mandates the defense against FIMI as a permanent compliance issue, rather than a discretionary public affairs response. The EU’s proactive stance, backed by the European External Action Service (EEAS)’s extensive work since 2015 to identify and analyze FIMI 2, has been formalized through specific guidelines. On February 12, 2025, the European Commission endorsed the integration of the voluntary Code of Practice on Disinformation into the DSA framework, making adherence to the Code a critical benchmark for determining platform compliance and subject to annual independent audit.1 Furthermore, the Commission published a new best-practice election toolkit on February 20, 2025, providing practical guidance for applying the DSA Election Guidelines to mitigate systemic risks such as online harassment, manipulation of public opinion, and the utilization of AI-generated content and impersonation.1 Crucially, the DSA mandates that platforms implement election-specific risk mitigation measures tailored to the local context, including promoting verified official information, adapting recommender systems to empower users, and, most critically in the age of AI, clearly labeling content generated by AI, such as deepfakes.1 By legally binding technical mitigation requirements, the EU effectively guarantees resource allocation for defense against foreign state manipulation.
The necessity of this stringent, top-down regulatory model is confirmed by intelligence on adversary operational architecture. The EEAS’s third report on FIMI threats, issued in March 2025, explicitly mapped the digital infrastructure deployed by foreign actors, primarily attributed to Russia and China, whose tactics, techniques, and procedures (TTPs) are characterized by continuous adaptation to harness new and emerging technologies, including AI, and to circumvent restrictive measures imposed against them. The strategic objective of these campaigns, as confirmed by EU High Representative Kaja Kallas, is global destabilization: to “destabilise our societies, damage our democracies, drive wedges between us and our partners and undermine the EU‘s global standing”. The EEAS analysis confirmed that both state and non-state actors participate in these campaigns to exploit existing political tensions in order to influence policy decisions and undermine the relations between the EU and local governments and communities, validating the DSA’s focus on systemic risk as an essential countermeasure.4 The EU further secured its enforcement capabilities on July 2, 2025, when the Commission adopted a delegated act outlining rules that grant qualified researchers access to the internal data of VLOPs and VLOSEs for the purpose of studying and researching systemic risks.1
In profound ideological and strategic opposition, the United States executed a fundamental strategic withdrawal from its centralized counter-FIMI efforts in 2025, dismantling institutional defense mechanisms in favor of a maximalist interpretation of free expression. The September 17, 2025, press statement from Principal Deputy Spokesperson Thomas “Tommy” Pigott officially confirmed the cessation of all Frameworks to Counter Foreign State Information Manipulation and any associated instruments that had been implemented by the former administration.5 This action formalized the earlier directive issued on April 16 by Secretary of State Marco Rubio ordering the closure of the Department’s Counter Foreign Information Manipulation and Interference (R/FIMI) Hub, which was formerly known as the Global Engagement Center (GEC).5 The official rationale provided for this institutional dismantling was the claim that the previous counter-disinformation framework “devolved into tools for political censorship instead of protecting Americans from foreign adversarial propaganda”.5 This decision aligns directly with President Trump’s January 20, 2025, Executive Order on Restoring Freedom of Speech and Ending Federal Censorship, which explicitly prohibits federal censorship and promotes freedom of expression.5 The new policy posits that the United States will counter genuine malign propaganda from adversaries through the robust exercise of free speech, rather than relying on centralized government attribution and response.5
This fundamental ideological conflict—where the EU prioritizes security through systemic platform control, and the US prioritizes untrammeled expression—is now fully operationalized as a critical strategic vulnerability for the transatlantic alliance. This tension has been amplified by high-ranking US officials who view the EU’s regulatory overreach as a threat to fundamental freedoms. FCC Commissioner Brendan Carr has argued that the DSA is “incompatible with America‘s free speech tradition,” while US Vice President J.D. Vance stated at the Munich Security Conference in February 2025 that the EU‘s content moderation policies amount to “authoritarian censorship”. Critiques formalized in internal US reports contend that the EU’s enforcement results in the censorship of protected political speech, including forms of humor and satire, and that closed-door workshops—such as the one held by the European Commission in May 2025—reveal an overreach in interpreting key DSA terms to broaden the scope of mandated platform action beyond acceptable limits.
The structural nature of the DSA, which compels American technology platforms to modify their worldwide terms of service and content moderation policies to align with EU mandates, is an act of de facto extraterritoriality that governs global digital behavior for the world’s largest online platforms. This regulatory imposition carries a significant economic burden, quantified by a 2025 study estimating that EU digital regulations inflict approximately $2.2 billion annually in direct compliance costs on US companies, with the Digital Services Act alone accounting for roughly $750 million of this total. The primary geopolitical consequence of this policy chasm is the creation of a severe, self-imposed asymmetric vulnerability on the US side, which directly undermines the collective security and deterrence posture of NATO.6 The closure of a critical federal FIMI attribution and response structure severs a vital node for verified threat intelligence sharing within the Alliance and other partner networks, providing adversaries with an unchecked informational battlespace within the world’s largest digital economy.6 Given that strategic rivals like Russia and China actively sought to influence the 2024 US presidential election using a variety of sophisticated interference tactics, including the misuse of AI and disinformation campaigns, the subsequent abandonment of the centralized defense structure by the US creates a critical seam for coordinated exploitation. Adversaries can route their FIMI campaigns through the jurisdiction with the weakest institutional resistance, ensuring that the conflict over democratic values is weaponized against the democratic system itself.
The New Deterrence Posture: Reconfiguring Geopolitical Resilience
The evolving, persistent character of Foreign Information Manipulation and Interference (FIMI) and hybrid warfare—which prioritizes cognitive coercion and systemic disruption over conventional military engagement—demands a fundamental and urgent reconfiguration of the transatlantic deterrence posture in 2025. Success in this new spectrum of conflict hinges less on the promise of kinetic retaliation and more on achieving instantaneous, systemic resilience, thereby imposing the denial of strategic effect upon the aggressor. This strategic pivot is formally codified by the North Atlantic Treaty Organization (NATO)’s unprecedented financial commitment agreed upon at the 2025 The Hague Summit: the mandatory 5% of GDP defense requirement, which is meticulously divided into 3.5% for core defense needs and a dedicated 1.5% allocated explicitly for security-related investments.1 This 1.5% allocation represents a formal, institutional recognition of the fiscal cost of defending against non-kinetic, asymmetric threats like FIMI and cyber coercion, elevating resilience building from a discretionary intelligence function to an institutionalized strategic pillar.1 The primary objective of this doctrinal shift is to enhance the Allies’ ability to sustain democratic governance and economic functionality under constant, non-kinetic attack, thereby denying Russia and other adversarial actors the strategic goal of splintering Allied cohesion.2
The efficacy of deterrence against asymmetric tactics is entirely predicated on the ability to achieve immediate and confident attribution. Given that hybrid attacks often operate intentionally within a mostly non-legal “grey zone” , traditional deterrence models based on massive retaliation are rendered ineffective, as they either escalate disproportionately or fail to address the core harm—the erosion of internal political trust. Therefore, the strategic priority shifts to denial: making the target so robustly resilient that the hybrid attack fails to achieve its intended political or economic outcome, thus systematically reducing the aggressor’s return on investment. This principle validates the European Union (EU)’s maximalist focus on systemic risk mitigation under the Digital Services Act (DSA), which compels Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) to analyze, assess, and mitigate risks related to FIMI and the amplification of illegal content and disinformation.3 This regulatory architecture enforces immediate defensive action, such as mandatory risk assessments, the establishment of internal compliance mechanisms, and the clear labeling of AI-generated content like deepfakes 3, thereby institutionalizing the defense of the cognitive domain as a legal compliance liability for the commercial sector. By integrating technical mitigation requirements—validated by the integration of the voluntary Code of Practice on Disinformation as a benchmark for platform compliance 3—the EU enforces a state of perpetual defense designed to achieve instantaneous systemic resilience in the face of continuous foreign manipulation.
The long-term stability of the international system, however, depends on successfully defending the integrity of information and the security of critical data assets against sophisticated, technology-accelerated state manipulation, placing the defense of Artificial Intelligence (AI) governance at the center of the new deterrence posture. The speed and scale of AI-driven FIMI—where deepfake files surged from 500,000 in 2023 to a projected 8 million by 2025 4—requires mandating cognitive safeguards across technological domains to prevent strategic miscalculation. The SIPRI Yearbook 2025 provides granular policy recommendations, including the adoption of AI arms control regimes and the strict implementation of “human-in-the-loop” protocols in critical military and civilian systems.5 These prescriptive measures are not merely ethical considerations; they are hard security mandates projected to mitigate strategic miscalculation probabilities by an estimated 30% (13% derived from trial data), thereby mathematically linking the defense of the cognitive domain directly to the reduction of global conflict risk.5 This principle of preemptive, quantified risk mitigation is further reflected in the IISS October 2025 recommendations, which advocate for 10% budget reallocations to specialized littoral defenses to enhance Black Sea deterrence, directly targeting the perceived 15% effectiveness of Russian “perceptual incursions” in that strategic theater (7%).5 This defense posture ensures that perceived cognitive influence directly dictates the deployment and expenditure of hard military assets, making investments in cognitive resilience a quantifiable defense metric.
Beyond the immediate crisis posed by AI, the Alliance must immediately address the existential threat of strategic cryptographic decay introduced by Quantum Computing (QC). Fully capable QC is recognized as an inevitable advancement that fundamentally threatens conventional military and security advantages, specifically through the “Store Now, Decrypt Later” strategy, wherein adversaries harvest sensitive, currently encrypted data for instantaneous compromise once QC is achieved . This risk profile necessitates the mandatory, time-bound framework for Post-Quantum Cryptography (PQC) migration across all critical military, intelligence, and civilian infrastructure, including energy and financial systems . The United States‘ defense posture is advancing this requirement through NIST‘s standardization process, which selected the HQC algorithm for standardization on March 11, 2025, following the publication of FIPS 203, FIPS 204, and FIPS 205 algorithms on August 13, 2024.2 Meanwhile, the EU is demonstrating robust political will, formalizing a Coordinated Implementation Roadmap for the transition to PQC, which specifies quantum-safe algorithms, development standards, and certification schemes to protect critical infrastructures.3 This focus on implementation is evidenced by the EU‘s objective to make hybridization—the transitional phase of integrating both classical and quantum-resistant cryptography—standard across all European quantum computing facilities by the end of 2025.3 The urgency is further underscored by the high level of PRC investment in these domains, with China announcing in March 2025 a venture capital guidance fund to mobilize 1 trillion yuan ($\approx$$138.01 billion) into cutting-edge fields like AI and quantum technology 7, positioning the PRC as a formidable competitor in achieving quantum superiority. The US Commission on China has responded to this threat by urging Congress to adopt a “Quantum First” national goal by 2030 to secure US leadership in mission-critical quantum technologies.8 The integration of PQC migration into the NATO security budget is therefore a non-negotiable component of the 1.5% security-related investments 1, a necessary defense against a silent, long-term strategic surprise that could compromise decades of sensitive planning.
The necessity for a unified technological and cognitive defense strategy is compounded by the profound policy divergence across the Atlantic, demanding the institutionalization of parallel, verified intelligence-sharing channels that are impervious to shifting domestic politics. The US strategic withdrawal from centralized counter-FIMI efforts, marked by the closure of the State Department’s R/FIMI Hub on April 16, 2025, and the cessation of its counter-manipulation frameworks on September 17, 2025 , creates a critical leadership vacuum within the Alliance’s informational defense structure . This ideological conflict, where the US prioritizes untrammeled free expression over institutional counter-manipulation , compels EU and NATO allies to strengthen parallel intelligence and OSINT mechanisms. Defense forums, such as the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) 9, and international regulatory bodies like the EEAS 10, must be leveraged to maintain a continuous, verified threat picture that bypasses potential national policy chokepoints. This reconstituted cohesion must move beyond verbal agreements to mandates that require the sharing of verified attribution data for non-kinetic acts, such as supply chain manipulation and deepfake campaigns, thereby establishing an international consensus on the standard of proof for grey zone aggression.
Furthermore, geopolitical resilience must be physically mandated through policy designed to protect strategic resources and critical supply chains, recognizing that the weaponization of global interdependence is a permanent feature of hybrid warfare. The defense community now advocates for treating biological data as a strategic resource, similar to critical mineral reserves.5 Policy must enforce the strategic protection of these dependencies through cross-border pacts designed to build resilient reserves, with scenario modeling projecting a $12 billion ROI in wartime sustainment by 2030 (10%) through these resilience measures.5 This means actively shifting away from sole reliance on just-in-time efficiency toward geopolitical security. For example, specific policy advocacy centers on bilateral Mexico–US cooperation to yield a 15% uplift in manufacturing capacity (9%) 5, a tangible resilience measure against supply chain coercion. In the global resource competition, defense strategy must include proactive mineral pacts with over 20 states in West Africa to counter the expansion of actors like China, a preventative measure estimated to avert a 22% loss in critical access (8%).5 These financial, industrial, and diplomatic measures are no longer optional foreign policy tools; they are integrated components of the new deterrence posture, designed to deny adversaries the ability to impose systemic costs through the targeted disruption of global logistics, financial networks, and critical resources. The core challenge for NATO and its partners is demonstrating the institutional resilience and strategic patience necessary to sustain democratic governance while under constant, persistent, and technology-accelerated non-kinetic attack.
| Conceptual Domain / Sub-Theme | Specific Data Point / Metric / Finding | Organization / Context | Source Document / Citation |
| I. Threat Definition & Doctrine | |||
| FIMI Definition | Describes a mostly non-illegal pattern of behavior that is manipulative in character, threatening democratic values and political processes | State and non-state actors / EU definition and target | 1 |
| Hybrid Warfare Definition | Integrated use of military and nonmilitary tools to achieve strategic surprise, seize the initiative, and gain psychological/physical advantages | IISS definition / Tools span diplomatic, cyber, information, and economic pressure | 3 |
| Cognitive Warfare Doctrine | Defined as “the fight itself.” Focuses on attacking and degrading rationality to exploit systemic vulnerabilities | NATO Allied Command Transformation (ACT) framework / China includes “Lawfare” in its definition | |
| FIMI Operational Objective | Exploits existing internal political tensions to influence policy decisions and undermine EU’s global standing | EEAS analysis / Adversary actors, notably Russia and China | 4 |
| FIMI Defenses | Requires designated governance structures and institutions within governments to coordinate national and international efforts | National government level / Key to countering foreign state information manipulation | 1 |
| II. Geopolitical & Strategic Context | |||
| Russia’s Threat Level | Poses the most significant and direct threat to Allies’ security | NATO / Confirmed by the 2025 Patterson Report (October 12, 2025) | 6 |
| Defense Spending Requirement | 5% of GDP target established for defense funding | NATO Allied Heads of State and Government / Agreed at the 2025 The Hague Summit | 6 |
| Defense Spending Breakdown | 3.5% for core defense requirements; 1.5% for security-related investments (hybrid defense/resilience) | NATO / New mandated spending structure | 6 |
| Adversary Cohesion | Russia and China remain the most prolific FIMI threat actors, characterized by continuous adaptation of tactics, techniques, and procedures (TTPs) | EEAS / Confirmed by 3rd Report (March 2025) | [13],, |
| Global Economic Outlook | Global growth projected to slow to 3.2% in 2025 and 3.1% in 2026; global inflation forecast to decline to 4.5% in 2025 | IMF (October 2025 World Economic Outlook) | , [14] |
| III. Technological Asymmetry (AI/Deepfakes) | |||
| Deepfake File Volume Growth | Surged from 500,000 (2023) to a projected 8 million (2025) | Global digital environment / Fueled by Generative AI | , |
| Deepfake Human Detection Rate | Accuracy plummets to a dismal 24.5% for high-quality video deepfakes | Controlled studies / Failure of human vigilance | ,, |
| Deepfake Societal Failure Rate | A minuscule 0.1% of participants could correctly identify all fake and real media | 2025 iProov study / Crisis of verifiability | |
| AI Fraud Spike Rate | Fraud attempts spiked 3,000% in 2023, with 1,740% growth in North America | Financial systems / Voice cloning is the top attack vector | , |
| Political Manipulation Share | 14% of recorded deepfake incidents are explicitly dedicated to political manipulation | Q1 2025 data / Targeting political figures and electoral processes | 7 |
| European Readiness Gap | 51% of European cyber professionals fear AI-driven threats; only 14% feel ‘very prepared’ | ISACA research (October 2025) / 37 percentage point capability disparity | 8 |
| IV. Technological Asymmetry (Quantum Computing/PQC) | |||
| QC Strategic Threat | Threatens loss of cryptographic infrastructure, Signals Intelligence (SIGINT), and silent takeover of CNI | NATO, EU, and member states / Hybrid actors capability | 9 |
| PRC Quantum Investment | China announced a national venture capital guidance fund to mobilize 1 trillion yuan ($\approx$$138.01 billion) | Chinese Government / Mobilizing funds for AI and quantum technology (March 2025) | |
| EU PQC Roadmap Milestone | Hybridization (integrating classical and PQC) will be standard across all European quantum computing facilities | European Commission / Coordinated Implementation Roadmap (end of 2025) | |
| US PQC Standardization | HQC selected for standardization on March 11, 2025; FIPS 203, FIPS 204, FIPS 205 published August 13, 2024 | NIST / Post-Quantum Cryptography Standardization Process | |
| V. Weaponized Interdependence & Resilience | |||
| Logistics Weaponization Case | Poland suspended rail traffic on its eastern border; halted 90% of rail freight from EU to PRC | Russian–Belarusian wargames (October 2025) / 19 UAVs entered Polish airspace | 10 |
| Cyber CNI Attribution | Unit 74455 identified as a highly sophisticated cyber actor specializing in destructive cyber operations | UK government attribution / Linked to NotPetya (2017) and BlackEnergy (2015) against Ukrainian CNI | |
| Resilience Investment ROI | Projected $12 billion ROI in wartime sustainment by 2030 ($\pm$10%) | US intelligence/defense community / Via cross-border supply chain pacts | 11 |
| Manufacturing Resilience Goal | Bilateral Mexico–US cooperations advocated to yield 15% uplift in manufacturing capacity ($\pm$9%) | US Policy Prescriptions / Mitigating supply chain dependencies | 11 |
| Strategic Mineral Access | Mineral pacts with over 20 states in West Africa to avert 22% loss in critical access ($\pm$8%) | Atlantic Council / Countering Chinese expansion | 11 |
| Cognitive Defense Metric | AI arms control and “human-in-the-loop” protocols could reduce 30% miscalculation probabilities ($\pm$13%) | SIPRI (2025 addendum) / Aimed at mitigating nuclear risks | 11 |
| VI. Transatlantic Policy Divergence | |||
| EU Regulatory Framework | Digital Services Act (DSA) establishes mandatory obligations on VLOPs and VLOSEs to mitigate systemic risks | European Commission / Institutionalization of digital sovereignty | 5 |
| DSA Counter-FIMI Mandate | Platforms must clearly label content generated by AI (deepfakes) and implement election-specific mitigation measures | VLOPs and VLOSEs / Mitigation for electoral processes | 5 |
| US Policy Withdrawal | Ceased all Frameworks to Counter Foreign State Information Manipulation; ordered closure of R/FIMI Hub (April 16, 2025) | U.S. Department of State / Confirmed via Press Statement (September 17, 2025) | 12 |
| US Withdrawal Rationale | Frameworks “devolved into tools for political censorship” instead of protecting Americans from propaganda | Principal Deputy Spokesperson Thomas “Tommy” Pigott / Aligned with January 20, 2025, Executive Order | 12 |
| DSA Compliance Cost | Estimated $750 million annually in direct compliance costs on US companies from the DSA alone | US companies / Burden of EU digital regulations | |
| US Policy Critique of EU | DSA is “incompatible with America‘s free speech tradition” and amounts to “authoritarian censorship” | FCC Commissioner Brendan Carr, US Vice President J.D. Vance / Critique expressed at Munich Security Conference (February 2025) |
References
- Source Type: Website Author/Organization: Disinformation.ch Title of the Document/Page: Foreign Information Manipulation and Interference (FIMI) Publisher/Issuing Organization: Disinformation.ch Date of Publication: 2025 : Internet Available from: https://www.disinformation.ch/EU_Foreign_Information_Manipulation_and_Interference_(FIMI).html Accessed: November 25, 2025
- Source Type: Website Author/Organization: Istituto Gino Germani di Scienze Sociali e Studi Strategici Title of the Document/Page: The Foreign Information Manipulation and Interference (FIMI) threat and the European Union’s responses Publisher/Issuing Organization: Istituto Gino Germani di Scienze Sociali e Studi Strategici Date of Publication: 2025 August 19 : Internet Available from: https://www.istitutogermani.org/2025/08/19/the-foreign-information-manipulation-and-interference-fimi-threat-and-the-european-unions-responses/ Accessed: November 25, 2025
- Source Type: Report Author/Organization: European External Action Service Title of the Document/Page: 3rd EEAS Report on Foreign Information Manipulation and Interference Threats Exposing the architecture of FIMI operations Publisher/Issuing Organization: European External Action Service Date of Publication: 2025 March 19 : Internet Available from: https://www.coe-civ.eu/kh/3rd-eeas-report-on-foreign-information-manipulation-and-interference-threats-exposing-the-architecture-of-fimi-operations Accessed: November 25, 2025
- Source Type: Website Author/Organization: EEAS Stratcom Title of the Document/Page: Behind the curtain: a novel analytical approach to FIMI exposure Publisher/Issuing Organization: EUvsDisinfo (European External Action Service) Date of Publication: 2025 March 19 : Internet Available from: https://euvsdisinfo.eu/behind-the-curtain-a-novel-analytical-approach-to-fimi-exposure/ Accessed: November 25, 2025
- Source Type: Journal Article Author/Organization: IISS (International Institute for Strategic Studies) Title of the Document/Page: Hybrid warfare and strategic sectors Publisher/Issuing Organization: European Union Institute for Security Studies Date of Publication: 2020 July : Internet Available from: https://library.oapen.org/bitstream/handle/20.500.12657/58862/1/9781786736550.pdf Accessed: November 25, 2025
- Source Type: Government Publication Author/Organization: Patterson, W. (NATO Parliamentary Assembly) Title of the Document/Page: NATO’s Future Russia Strategy (Patterson Report) Publisher/Issuing Organization: NATO Parliamentary Assembly, Defence and Security Committee Date of Publication: 2025 October 12 : Internet Available from: https://www.nato-pa.int/document/2025-013-dsc-25-e-natos-future-russia-strategy-patterson-report Accessed: November 25, 2025
- Source Type: Press Release Author/Organization: ISACA Title of the Document/Page: AI-driven Cyber Threats Are the Biggest Concern for Cybersecurity Professionals Going Into 2026, Finds New ISACA Research Publisher/Issuing Organization: ISACA Date of Publication: 2025 October 21 : Internet Available from: https://www.isaca.org/about-us/newsroom/press-releases/2025/ai-driven-cyber-threats-are-the-biggest-concern-for-professionals-finds-new-isaca-research Accessed: November 25, 2025
- Source Type: Report Author/Organization: Resemble AI Title of the Document/Page: Q1 Deepfake Threats: Political Manipulation and Cross-Border Impact Publisher/Issuing Organization: Resemble AI Date of Publication: 2025 April : Internet Available from: https://www.resemble.ai/wp-content/uploads/2025/04/ResembleAI-Q1-Deepfake-Threats.pdf Accessed: November 25, 2025
- Source Type: Website Author/Organization: EU-Digital-Services-Act.com Title of the Document/Page: Digital Services Act (DSA) Provisions for Systemic Risks in Electoral Processes Publisher/Issuing Organization: EU-Digital-Services-Act.com Date of Publication: 2025 July 2 : Internet Available from: https://www.eu-digital-services-act.com/ Accessed: November 25, 2025
- Source Type: Press Statement Author/Organization: Pigott, T. (Principal Deputy Spokesperson) Title of the Document/Page: United States Champions Free Expression, Ceases Censorship Frameworks Publisher/Issuing Organization: U.S. Department of State Date of Publication: 2025 September 17 : Internet Available from: https://www.state.gov/releases/office-of-the-spokesperson/2025/09/united-states-champions-free-expression-ceases-censorship-frameworks Accessed: November 25, 2025
- Source Type: Publication Author/Organization: Hanna, H. Title of the Document/Page: The Emerging Potential for Quantum Computing in Irregular Warfare Publisher/Issuing Organization: Irregular Warfare Center Date of Publication: 2025 November : Internet Available from: https://irregularwarfarecenter.org/publications/insights/the-emerging-potential-for-quantum-computing-in-irregular-warfare/ Accessed: November 25, 2025
- Source Type: Working Paper Author/Organization: Hybrid CoE (Hybrid Centre of Excellence) Title of the Document/Page: Working Paper 7: Quantum Technologies for Hybrid Threats Publisher/Issuing Organization: Hybrid CoE Date of Publication: 2020 July : Internet Available from: https://www.hybridcoe.fi/wp-content/uploads/2020/07/Working-Paper-7_2020.pdf Accessed: November 25, 2025
- Source Type: Report Author/Organization: Debuglies.com Title of the Document/Page: U.S. Cognitive Warfare: Ideological Tools for Hegemony in 2025 Publisher/Issuing Organization: Debuglies.com Date of Publication: 2025 October 9 : Internet Available from: https://debuglies.com/2025/10/09/us-cognitive-warfare-ideological-tools-for-hegemony-in-2025/ Accessed: November 25, 2025
- Source Type: Yearbook Author/Organization: SIPRI (Stockholm International Peace Research Institute) Title of the Document/Page: SIPRI Yearbook 2025 Publisher/Issuing Organization: SIPRI Date of Publication: 2025 : Internet Available from: https://www.sipri.org/yearbook/2025 Accessed: November 25, 2025
- Source Type: Report Author/Organization: The Soufan Center Title of the Document/Page: IntelBrief: Russia’s Hybrid Playbook—Weaponizing Trade Routes Publisher/Issuing Organization: The Soufan Center Date of Publication: 2025 October 10 : Internet Available from: https://thesoufancenter.org/intelbrief-2025-october-10/ Accessed: November 25, 2025
- Source Type: Report Author/Organization: Radware Title of the Document/Page: Cyberattacks, Hacktivism and Disinformation in the 2025 Israel-Iran War Publisher/Issuing Organization: Radware Date of Publication: 2025 June 18 : Internet Available from: https://www.radware.com/security/threat-advisories-and-attack-reports/cyberattacks-hacktivism-and-disinformation-in-the-2025-israel-iran-war/ Accessed: November 25, 2025
- Source Type: Report Author/Organization: IMF (International Monetary Fund) Title of the Document/Page: World Economic Outlook (WEO) Publisher/Issuing Organization: IMF Date of Publication: 2025 : Internet Available from: https://www.imf.org/en/publications/weo Accessed: November 25, 2025
- Source Type: Website Author/Organization: European External Action Service Title of the Document/Page: Information integrity and countering foreign information manipulation and interference (FIMI) Publisher/Issuing Organization: European External Action Service Date of Publication: 2025 March 14 : Internet Available from: https://www.eeas.europa.eu/eeas/information-integrity-and-countering-foreign-information-manipulation-interference-fimi_en Accessed: November 25, 2025
- Source Type: Report Author/Organization: European External Action Service Title of the Document/Page: 1st EEAS Report on Foreign Information Manipulation and Interference Threats Publisher/Issuing Organization: European External Action Service Date of Publication: 2023 February 7 : Internet Available from: https://www.eeas.europa.eu/eeas/1st-eeas-report-foreign-information-manipulation-and-interference-threats_en Accessed: November 25, 2025
- Source Type: Press Release Author/Organization: CCIA (Computer & Communications Industry Association) Title of the Document/Page: New Study Finds EU Digital Regulations Cost U.S. Companies Up to $97.6 Billion Annually Publisher/Issuing Organization: CCIA Date of Publication: 2025 July 29 : Internet Available from: https://ccianet.org/news/2025/07/new-study-finds-eu-digital-regulations-cost-u-s-companies-up-to-97-6-billion-annually/ Accessed: November 25, 2025
- Source Type: Threat Briefing Author/Organization: DeepStrike Title of the Document/Page: Deepfake Statistics and Trends 2025 Publisher/Issuing Organization: DeepStrike Date of Publication: 2025 November : Internet Available from: https://deepstrike.io/blog/deepfake-statistics-2025 Accessed: November 25, 2025
- Source Type: Threat Briefing Author/Organization: DeepStrike Title of the Document/Page: Deepfake Statistics and Trends 2025: Human Detection Rates Publisher/Issuing Organization: DeepStrike Date of Publication: 2025 November : Internet Available from: https://deepstrike.io/blog/deepfake-statistics-2025 Accessed: November 25, 2025
- Source Type: Website Author/Organization: NATO Allied Command Transformation (ACT) Title of the Document/Page: Cognitive Warfare: The Brain is Both the Target and the Weapon Publisher/Issuing Organization: NATO ACT Date of Publication: 2025 October 16 : Internet Available from: https://www.act.nato.int/activities/cognitive-warfare/ Accessed: November 25, 2025
- Source Type: Analysis Author/Organization: Qureca Title of the Document/Page: Quantum Initiatives Worldwide: China Investment Overview Publisher/Issuing Organization: Qureca Date of Publication: 2025 March : Internet Available from: https://www.qureca.com/quantum-initiatives-worldwide/ Accessed: November 25, 2025
- Source Type: Report Author/Organization: The Quantum Insider Title of the Document/Page: U.S. Commission on China Calls for “Quantum First” National Goal by 2030, Recommends Significant Funding Publisher/Issuing Organization: The Quantum Insider Date of Publication: 2025 November 18 : Internet Available from: https://thequantuminsider.com/2025/11/18/u-s-commission-on-china-calls-for-quantum-first-national-goal-by-2030-recommends-significant-funding/ Accessed: November 25, 2025
- Source Type: Government Publication Author/Organization: National Institute of Standards and Technology (NIST) Title of the Document/Page: Post-Quantum Cryptography Standardization Process Publisher/Issuing Organization: NIST Date of Publication: 2025 March 11 : Internet Available from: https://csrc.nist.gov/projects/post-quantum-cryptography Accessed: November 25, 2025
- Source Type: Government Publication Author/Organization: European Commission Title of the Document/Page: Recommendation on a Coordinated Implementation Roadmap for the transition to Post-Quantum Cryptography Publisher/Issuing Organization: European Commission Date of Publication: 2025 February : Internet Available from: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52025DC0363 Accessed: November 25, 2025
- Source Type: Government Publication Author/Organization: Government of the United Kingdom Title of the Document/Page: Profile: GRU Cyber and Hybrid Threat Operations Publisher/Issuing Organization: Government of the United Kingdom Date of Publication: 2025 : Internet Available from: https://www.gov.uk/government/publications/profile-gru-cyber-and-hybrid-threat-operations/profile-gru-cyber-and-hybrid-threat-operations Accessed: November 25, 2025
- Source Type: Report Author/Organization: World Economic Forum Title of the Document/Page: Global Cybersecurity Outlook 2025 Publisher/Issuing Organization: World Economic Forum Date of Publication: 2025 : Internet Available from: https://reports.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2025.pdf Accessed: November 25, 2025
- Source Type: Report Author/Organization: IMF (International Monetary Fund) Title of the Document/Page: World Economic Outlook, October 2025: Global Economy in Flux, Prospects Remain Dim Publisher/Issuing Organization: IMF Date of Publication: 2025 October 14 : Internet Available from: https://www.imf.org/en/publications/weo/issues/2025/10/14/world-economic-outlook-october-2025 Accessed: November 25, 2025
- Source Type: Journal Article Author/Organization: ResearchGate Title of the Document/Page: The Weaponization of Economic Interdependence: Sanctions, Financial Statecraft, and the Fragmentation of the Global Economic Order Publisher/Issuing Organization: ResearchGate Date of Publication: 2025 : Internet Available from: https://www.researchgate.net/publication/394013971_THE_WEAPONIZATION_OF_ECONOMIC_INTERDEPENDENCE_SANCTIONS_FINANCIAL_STATECRAFT_AND_THE_FRAGMENTATION_OF_THE_GLOBAL_ECONOMIC_ORDER Accessed: November 25, 2025
- Source Type: Analysis Author/Organization: Center for Strategic and International Studies (CSIS) Title of the Document/Page: Does the EU’s Digital Services Act Violate Freedom of Speech? Publisher/Issuing Organization: CSIS Date of Publication: 2025 February : Internet Available from: https://www.csis.org/blogs/europe-corner/does-eus-digital-services-act-violate-freedom-speech Accessed: November 25, 2025
- Source Type: Article Author/Organization: University of Luxembourg Title of the Document/Page: A Transatlantic Conflict Over the DSA’s Systemic Risk Paradigm—An Analysis of the US House Judiciary Committee Report Publisher/Issuing Organization: University of Luxembourg, Faculty of Law, Economics and Finance Date of Publication: 2025 August 19 : Internet Available from: https://www.uni.lu/fdef-en/articles/a-transatlantic-conflict-over-the-dsas-systemic-risk-paradigman-analysis-of-the-us-house-judiciary-committee-report/ Accessed: November 25, 2025
