European Commission takes aim at end-to-end encryption and proposes Europol become an EU FBI

The European Commission announced on Tuesday its intention to join the ongoing debate about lawful access to data and end-to-end encryption while unveiling a new internal security strategy aimed to address ongoing threats.

ProtectEU, as the strategy has been named, describes the general areas that the bloc’s executive would like to address in the coming years although as a strategy it does not offer any detailed policy proposals.

In what the Commission called “a changed security environment and an evolving geopolitical landscape,” it said Europe needed to “review its approach to internal security.”

Among its aims is establishing Europol as “a truly operational police agency to reinforce support to Member States,” something potentially comparable to the U.S. FBI, with a role “in investigating cross-border, large-scale, and complex cases posing a serious threat to the internal security of the Union.”

Alongside the new Europol, the Commission said it would create roadmaps regarding both the “lawful and effective access to data for law enforcement” and on encryption.

The aim is to “identify and assess technological solutions that would enable law enforcement authorities to access encrypted data in a lawful manner, safeguarding cybersecurity and fundamental rights,” said the Commission. The identification of such solutions has been the subject of much controversy when attempted elsewhere.

The strategy also sets out objectives and actions that echo uncontroversial assessments of the European Union’s shortcomings, including on a lack of situational awareness and threat analysis at its executive level.

The problem for the European Union is that defense, security and intelligence have always been sovereign matters for each member state, and there is little appetite from those member states’ governments to donate their national capabilities to the bloc.

ProtectEU calls for the Commission to enhance intelligence-sharing through the EU's Single Intelligence Analysis Capacity (SIAC), effectively a structure for voluntary intelligence sharing by individual member states with its own entirely open source analysis capability.

A report written for the European Commission by Sauli Niinistö, the former President of Finland, warned last year that the existing arrangement was “constrained by institutional, legal and political limitations” and led to the failure to optimally address the Russian invasion of Ukraine.

As he noted, the success of any change “ultimately depends on the political will, commitment and concerted efforts of Member States. In this regard, the risk and, alas, too often the reality of short-termism and diverging interests, security priorities and political views hampering joint actions and investment remains real, in particular considering the polarised societal and political landscape across Europe.”

The strategy also announced that the Commission would introduce a new Cybersecurity Act, even as it recognized that Member States had not fully implemented its existing cybersecurity laws within their own domestic legislation.

“Security is a pre-condition for our democracy and prosperous economies. The EU must be bold and proactive in addressing the complex security challenges we face,” stated Henna Virkkunen, the Commission's executive vice-president for tech sovereignty, security and democracy.

“We will make the EU more secure by reinforcing our capabilities, leveraging technology, enhancing cybersecurity, and combatting security threats decisively. This Strategy, together with the Preparedness Union [Strategy], the Defence White Paper and the forthcoming Democracy Shield, sets out the vision for a safe, secure and resilient Union.”