EU’s Action Plan on subsea cable security and resilience

EU’s Action Plan on subsea cable security and resilience

Though published as a response to anxiety around subsea cable sabotage, the plan does not grapple with the increasing control of the market by big tech firms

The EC published its Action Plan on Cable Security, the first of a number of subsea cable related publications expected this year

On 21 February 2025, the EC published its EU Action Plan on Cable Security, directed to the European Parliament and the European Council. The plan follows on from the bloc’s Recommendation on Secure and Resilient Submarine Cable Infrastructures published in February 2024 – as well as a number of high-profile cable damage incidents that have occurred in recent months, especially in the Baltic Sea. Despite continued assurances from industry that the vast majority of cable breaks are accidental, the EC suggests that the pattern of incidents witnessed in the Baltic Sea could be evidence of intentional and hostile attacks carried out against critical EU infrastructure. The Action Plan is the first of a number of subsea cable related publications previewed in the prior Recommendation and expected from the EC throughout 2025, including a complete mapping of subsea cable infrastructure, a Coordinated Risk Assessment on submarine cables, a Cable Security Toolbox of mitigating measures and a priority list of Cable Projects of European Interest (CPEI).

The plan is written around four core objectives, the funding for which remains unclear

The EC defines its aims to better secure both subsea communications and energy infrastructure through four main objectives: prevention; detection; response and recovery; and deterrence. Within each objective, the Action Plan lays out a range of immediate, short-term and medium-term actions to be taken in coordination with Member States and cable operators to improve security, including:

  • Prevention: Implementing fully the existing legal and regulatory framework, including the NIS2 Directive and the Recommendation on submarine cables, and growing the EU’s investment framework for subsea infrastructure, including CPEI and Smart cable systems;

  • Detection: Developing a coordinated surveillance system for subsea cables through the capacities of European Maritime Safety Agency (EMSA) beginning in the Baltic Sea, launching a dedicated surveillance drone programme and strengthening public-private partnerships with cable operators to improve incident reporting;

  • Response and recovery: Investing in an EU Cable Vessels Reserve to bolster repair and maintenance capacity, stockpiling key materials and equipment to secure cable supply chains and enhancing cooperation with NATO on cable security; and

  • Deterrence: Conducting proactive diplomatic outreach to global partners on cable security, improving understanding of, and response to, the actions of the “shadow fleet” of civilian vessels operated by malicious actors, and making best use of existing sanctioning regimes to hold perpetrators accountable.

While the Action Plan references the €420m (£352m) of public funds already invested in connectivity backbone infrastructure through the Connecting Europe Facility (CEF) Digital programme, it does little otherwise to address the scale of funding needed to implement its recommendations. For reference, the Center for Strategic and International Studies has estimated the cost of laying 1km of communications cable as between $30,000 (£23,000) and $50,000 (£38,700), meaning that if the total relevant CEF spending to date was invested in subsea cable infrastructure, it would still only equal between 9,000km and 15,000km of cable – or approximately two transatlantic connections between Spain and the US. 

The success of EU intervention on cable security still remains reliant on cooperation from industry and Member States

The Action Plan is also published both during a time of heightened concern around European security in the context of Russian sabotage but also during a shift in the relationship between the EU and US big tech firms. While telecoms operators continue to play a key role in cable deployment, particularly as coalition members, the vast majority of new cable deployment today is undertaken by big tech firms meaning that the private partners with whom the EC seeks greater collaboration are increasingly the firms at the centre of its digital services rulebook. Similarly, while the EC does discuss its intention to cooperate closely with Member States on the implementation of its plans, many of the core policy levers that govern cable infrastructure, including permitting and the implementation of supply chain restrictions, are within the jurisdiction of individual governments. While some EU countries, including France and Italy, have recently made public investments in domestic subsea cable infrastructure, the actions of some governments, including Ireland in relation to permitting, have been criticised by industry as overly burdensome and likely to discourage cable investment within the bloc. In order to deliver on the objectives it sets out, the EU will need to ultimately make a rather significant shift in its relationships with key stakeholders based around addressing an urgent national security concern, which could be especially difficult as its suspicions of malicious cable sabotage remain largely unproven to date.