The joint communication
The European Union has adopted a strategy on the security and resilience of submarine cables. This is a communication[1] issued jointly by the European Commission, in the person of the Commissioner for Digital Affairs, Executive Vice-President Henna Virkkunen, and the High Representative for Foreign Affairs and Security, Vice-President Kajas Kallas. The fact that the new act was adopted in Helsinki by two European personalities from the Baltic region is highly symbolic, because it is precisely the Baltic region that has highlighted, in recent years and especially following tensions with the Russian Federation, the strategic importance and at the same time the fragility of the European submarine infrastructure system.
The joint communication intends to introduce a series of measures to strengthen the resilience of these critical infrastructures, addressing the issues of prevention, detection, response, recovery, and deterrence.
Political and legal context
The topic of security and resilience of submarine cable infrastructures had already been addressed in the 2024 European Recommendation on the security and resilience of submarine cable infrastructures [2], as well as in the White Paper on “How to master Europe’s digital infrastructure needs“[3]. To implement the Recommendation, the European Commission has established an ad hoc group of experts, composed of authorities from Member States, including Italy, and ENISA.
These initiatives fall within the scope of the European legal framework on the resilience of critical infrastructures, both physical and IT, which aims to coordinate actions within the EU to effectively detect, prepare for, and respond to growing threats and cybersecurity incidents. This framework includes, in particular, the Critical Entities Resilience Directive (CER)[4], the Network and Information Systems Directive (NIS2)[5] and the Cyber Resilience Act[6].
The EU’s strategic initiative is complementary to NATO’s existing activities in support of national and regional efforts. Over the next few years, specific actions are planned, including mapping existing and planned submarine cable infrastructures, a coordinated risk assessment on submarine cables, a security toolbox for cables with mitigation measures, and a priority list of cable projects of European interest.
Submarine cables in the EU
Submarine cables carry internet and electrical connections across countries and continents, and their loss can cause disruptions to digital services, including web access and payments, and force telecommunications providers to redirect traffic. According to the International Cable Protection Committee, more than 95% of global data traffic passes through submarine cables. Regarding the EU, communication cables connect different Member States to each other, islands to the mainland, as well as the EU itself to the rest of the world. Furthermore, submarine electrical cables facilitate the integration of Member States’ electricity markets, strengthen their security of supply, and provide offshore renewable energy to the mainland.
In recent times, incidents involving European submarine cables have risked causing serious disruptions to essential functions and services in the EU, with repercussions on the daily lives of European citizens. Just considering the issue of repairing damaged submarine cables, it has become apparent how much the EU needs to progress to equip itself with sufficient resources to counter such threats and vulnerabilities. Currently, the European system relies on 4 ships from the French group Orange[7] hat can each perform, on average, about 12-15 operations per year. There are also Italian companies, namely Prysmian, which has a fleet of 8 ships specialized in laying submarine cables[8],and Vard, a subsidiary of Fincantieri, which is designing and building cable-laying ships for various companies, including a cable repair ship for Orange Marine. In 2023, Orange SA launched a new ship costing 50 million euros.
The situation is rapidly evolving, especially due to the growing tensions triggered by Russia’s invasion of Ukraine, and consequently, the EU has begun to work to significantly increase its capacity to protect and repair submarine cables in the coming years.
Purpose and content of the joint communication
The new European communication intends to introduce a series of measures to strengthen the resilience of these critical infrastructures, addressing the issues of prevention, detection, response, recovery, and deterrence. Its key measures are as follows:
Prevention: strengthen security requirements and risk assessments on submarine cables, prioritizing funding for the installation of new and smart cables, which allow for increased redundancies and consequently improved resilience.
Rilevamento: strengthen threat monitoring capabilities for each sea basin, such as the Mediterranean or the Baltic Sea, to build a comprehensive picture of the situation. This will allow for more timely alarms and more effective reactions.
Response and recovery: improve the efficiency of the crisis framework at the EU level for rapid action on incidents affecting submarine cables and increase repair capacity to ensure rapid repair of damaged cables.
Deterrence: apply sanctions and diplomatic measures against hostile actors and the “shadow fleet,” fully utilizing the Hybrid Toolbox to address hybrid campaigns. This also includes promoting “cable diplomacy” with global partners.
Between 2025 and 2027, 540 million EUR will also be invested to finance digital infrastructure projects, including smart submarine cables, prioritizing strategic projects of European interest in the cable sector.
— By Innocenzo Genna, Legal specialist in EU digital policy, competition and liberalization regulations
[1] See: https://digital-strategy.ec.europa.eu/en/library/joint-communication-strengthen-security-and-resilience-submarine-cables
[2] See: https://digital-strategy.ec.europa.eu/en/library/recommendation-security-and-resilience-submarine-cable-infrastructures
[3] See: https://digital-strategy.ec.europa.eu/en/library/white-paper-how-master-europes-digital-infrastructure-needs
[4] The CER Directive aims to strengthen the resilience of critical entities against a range of threats, including natural disasters, terrorist attacks, insider threats, or sabotage, see: https://home-affairs.ec.europa.eu/policies/internal-security/counter-terrorism-and-radicalisation/protection/critical-infrastructure-resilience-eu-level_en.
[5] NIS2 establishes a unified legal framework to support cybersecurity in 18 critical sectors across the EU and calls on Member States to define national cybersecurity strategies and collaborate with the EU for cross-border reaction and enforcement, see: https://digital-strategy.ec.europa.eu/en/policies/nis2-directive.
[6] This is the EU’s first-ever legislation imposing mandatory cybersecurity requirements for products that include digital elements, which entered into force on December 10, 2024, see: https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act
[7] See: http://www.elettratlc.it/resources-group.php?lang=it
[8] See: https://www.shippingitaly.it/2025/02/17/leuropa-si-prepara-a-finanziare-la-costruzione-di-navi-per-riparare-i-cavi-sottomarini-danneggiati/
