More subsea data cables connect to Europe than to any other continent around the world. But it was not until 2022 that European policymakers began to pay significant attention to the security of these cables. Russia’s invasion of Ukraine, as well as a subsequent series of incidents resulting in damages to European undersea infrastructure, raised alarm bells in Brussels and beyond. The Nord Stream explosion in fall 2022 and the Balticconnector gas pipeline incident just over one year later illustrated the glaring vulnerability of Europe’s undersea infrastructure to sabotage. The involvement of a Hong Kong–flagged vessel in the October 2023 Balticconnector incident also sparked awareness among Europeans of China’s potential interest in physically damaging undersea infrastructure in and near Europe. Most recently, in mid-November 2024, two undersea data cables—connecting Finland and Germany and Sweden and Lithuania, respectively—were damaged due to “external impact.”¹

In addition to the physical threats to Europe’s undersea infrastructure, subsea cable systems and the data that flow through them are vulnerable to hacks, espionage, and other cyber risks.² Militaries fear a range of threats: backdoors could be installed during the cable manufacturing or repair process; cable-landing stations, where subsea cables connect to terrestrial networks, could become targets to cyber attacks, especially as control over these centers is being shifted to remotely controllable network management systems; and rapid advances in subsea technology might even allow adversaries to tap cables at sea.³

The North Atlantic Treaty Organization (NATO), the European Union (EU), and individual European governments have over the last three years initiated a flurry of initiatives that aim to bolster the physical security and cybersecurity of cables and other undersea infrastructure. Yet information sharing and resourcing often remains insufficient. Approaches also vary from country to country. There is not a single regulatory regime for protecting subsea data cables.⁴ Instead, there are many different regimes, national agencies, authorities, and international entities involved in the protection of this critical infrastructure, complicating a joint European approach.⁵

Fierce competition between the United States and China over subsea cables is also forcing a debate in Europe about cable ownership and integrity, especially with regard to cybersecurity and espionage concerns.⁶ Partly in response to U.S. warnings, European policymakers are becoming increasingly wary of subsea cables supplied by vendors they consider high risk—chiefly those based in China.⁷ The U.S. government is keen to expand its cooperation with Europeans to better expand, protect, and repair trusted subsea cable networks.⁸

At the same time, however, competition between U.S. and European firms is complicating a more joint transatlantic approach. There is some concern in Europe over the emerging dominance in new cable investment by a few U.S. “hyperscalers,” or large-scale cloud providers such as Google and Meta, and what this new market dynamic might mean for European telecommunications firms. Absent a more strategic approach to building out its own digital network and providing the adequate resources to do so, Europe risks losing out in the competition between Washington and Beijing under the world’s seas.

This paper’s first section briefly maps the economic significance, strategic vulnerabilities, and key players of Europe’s undersea cable infrastructure. It also outlines the recent evolution of the European debate on the physical and economic security and cybersecurity of subsea cables, sketching the European perspective on the activities of Russia, China, and the United States in this field. The second section describes European countries’ steps—taken through NATO, the EU, and other multilateral groupings—to protect their subsea cable networks and increase their global competitiveness. The final section identifies shortcomings of current approaches and offers a list of policy recommendations to lawmakers in Europe, with a view to improving the physical security, cybersecurity, and resilience of their undersea data cables...

 more at Carnegie