Strategic rationale and political anchoring

The strategic prioritisation of critical infrastructure protection and national resilience has consolidated as a central organising principle across NATO[1], the European Union[2] and allied national security architectures because contemporary deterrence and defence now depend materially on the continuity of complex civilian networks and services under conditions of coercion, hybrid activity and high-intensity conflict. [3] This shift is visible in the formal elevation of resilience and civil preparedness within NATO’s strategic texts and summit outcomes, where resilience is framed simultaneously as a national responsibility and a collective commitment, explicitly linked to credible deterrence and defence. [4] It is equally visible in the EU’s framing of security and defence as dependent on a broader security union and preparedness architecture, in which essential services and infrastructure resilience become security-relevant instruments rather than only regulatory or economic concerns. [5]

The structural threat environment that elevated this priority is characterised by the interaction of conventional military risk with deliberate activity below the threshold of open armed attack and by systemic shock hazards. NATO’s 2022 Strategic Concept explicitly embeds the challenge of coercive political and economic tactics, hybrid methods, cyber threats, and the strategic significance of resilience within an integrated security environment shaped by state competition and persistent instability. [6] The post-February 2022 security context, defined by Russia[7]’s full-scale war against Ukraine[8] and the broader return of high-intensity war planning in Europe, has accelerated the recognition that the Alliance’s force posture, reinforcement plans, and industrial mobilisation are only credible if civilian infrastructure can absorb disruption while continuing to enable military movement, sustainment, command and public order. [9]

Within NATO, the political anchoring of resilience operates through the logic that Article 5 credibility requires Article 3 robustness: societies must sustain essential functions, and forces must continue to deploy, communicate, and operate when networks are targeted. This logic is repeatedly affirmed in NATO’s official framing of resilience and civil preparedness as a pillar of collective defence and as a basis for credible deterrence and defence. [10] The Madrid Summit Declaration formalises this linkage by treating resilience as both national responsibility and collective commitment, and by associating resilience with energy security, reliable military energy supplies, and resilience against cyber and hybrid threats. [11] Subsequent summit texts further reinforce the interdependence between deterrence, resilience and the protection of infrastructure, with explicit recognition of the resilience–technology–industry nexus in NATO–EU cooperation. [12]

Within the EU, the political anchoring of critical infrastructure protection and resilience has two mutually reinforcing vectors. The first is the security-and-defence policy vector expressed in the Strategic Compass, which positions crisis response capacity, resilience, and the mobilisation of EU instruments as part of the EU’s ambition to act as a security provider and to reduce vulnerability to coercion. [13] The second vector is the legal-regulatory and preparedness architecture expressed through harmonised requirements for cybersecurity and for the resilience of critical entities, which operationalise resilience through risk assessments, minimum measures, incident reporting and national strategies. [14] This dual anchoring matters strategically because it turns resilience from an abstract aspiration into enforceable obligations and budget-relevant programmes that shape market behaviour, procurement standards and investment decisions. [15]

A decisive accelerator for the EU and NATO has been the recognition of maritime and undersea infrastructure as strategic terrain. The EU’s Action Plan on Cable Security identifies submarine cables as critical and strategic infrastructure for European societies and economies, explicitly stating that submarine communication cables carry the overwhelming share of intercontinental internet traffic, and that recent patterns of incidents—particularly in the Baltic Sea—suggest deliberate hostile acts and hybrid campaign dynamics. [16] It also makes explicit that the relevant theatres are not limited to the Baltic but include the Mediterranean, Atlantic, North Sea and Black Sea, which aligns the resilience agenda with a broad Euro-Atlantic maritime geography. [16] NATO’s Washington Summit Declaration mirrors this emphasis by committing to strengthen the protection of critical undersea infrastructure and by continuing the development of NATO’s dedicated centre for this mission area. [17] NATO’s institutional follow-through includes the establishment of a Critical Undersea Infrastructure Network and a Maritime Centre for the Security of Critical Undersea Infrastructure, linking military commands and industry operators into information-sharing and coordination structures. [18]

The strategic effects intended by this priority are best understood as a deterrence-by-denial and continuity-of-war-effort logic. The operational aim is to deny adversaries the ability to achieve strategic outcomes through selective disruption of civilian systems and to prevent a political or societal breaking point that would constrain allied decision-making. This is consistent with the emphasis on resilience as an enabler of deterrence and defence in NATO’s framing and with the explicit resilience language in allied national defence strategy documents. [19] It also reinforces alliance cohesion by reducing vulnerability asymmetries among allies and by providing shared benchmarks for preparedness, which are necessary when reinforcement and sustainment in Europe depend on cross-border infrastructure and private-sector networks. [20]

The primary planning horizon is best characterised as a decade-long transition from “crisis response and episodic surge” to “permanent readiness and resilient enablement”, with concrete milestones. NATO’s 2022 Strategic Concept explicitly frames NATO priorities for the next decade. [21] The EU’s Strategic Compass frames objectives over a five-to-ten-year period, aligning naturally with a 2025–2035 planning horizon for infrastructure hardening, redundancy build-out and industrial capacity reinforcement. [22] The EU’s defence-industrial policy trajectory, moving from the European Defence Fund baseline to the industrial instruments and financing architecture culminating in EDIP and SAFE, is explicitly oriented toward readiness and resilience as enduring structural conditions rather than temporary measures. [23]

Operational generation and multidomain implications

Operationally, this strategic priority functions as a generator of cross-sector mission demands that sit at the seam between civil preparedness and military enablement. At NATO level, resilience is treated as both an underlying prerequisite for collective defence and a domain-spanning line of effort that must be integrated into operational planning, exercises and capability development, particularly because contemporary operations presume contested networks, degraded communications and deliberate attacks on enabling systems. [24] Within EU policy, the operational translation occurs through the integration of civil protection, cybersecurity risk management, critical entities resilience obligations, and targeted measures for specific infrastructure classes such as submarine cables, while explicitly acknowledging that Member States retain primary responsibility but that the cross-border nature of infrastructure requires EU-level coordination and solidarity mechanisms. [25]

A core operational characteristic is that the threat problem is inherently multi-domain. Submarine cables provide a clear example: they sit physically in the maritime domain, depend on digital network management systems, intersect with energy transmission, and have consequences in the information domain because disruption affects public communications, financial flows and political signalling. [26] NATO’s response has explicitly adopted a deterrence, detection and response framing for critical undersea infrastructure, implying persistent maritime awareness, intelligence fusion and escalation management under ambiguity. [27] The EU Action Plan adopts a full resilience-cycle approach—prevention, detection, response and repair, deterrence—therefore requiring capabilities that span surveillance, attribution support, repair logistics, and legal-political signalling vis-à-vis hostile actors and the “shadow fleet” phenomenon referenced by the Commission. [16]

Operationally relevant mission sets cluster around persistent situational awareness of infrastructure and its approaches, rapid detection of anomalies, crisis coordination across civil authorities and military commands, and restoration of service under degraded conditions. NATO’s Washington Summit Declaration singles out protection of critical undersea infrastructure as a discrete line of action and pairs it with broader commitments on cyber defence, CBRN defence capabilities, and interoperability through NATO standards, signalling that resilience is treated as a component of the Alliance’s warfighting readiness rather than merely a civil policy area. [17] The EU Action Plan on Cable Security formalises the operational logic that incidents can be deliberate hostile acts and elements of larger hybrid campaigns, explicitly locating the risk across multiple maritime basins and linking cable security to the EU’s broader preparedness and internal security agendas. [28]

The interaction between land-based reinforcement and infrastructure resilience is also operationally central. NATO’s concern with reinforcement and the movement of forces in Europe implies that ports, rail nodes, bridges, fuel distribution, and digital logistics systems constitute operational targets for disruption. [29] EU military mobility efforts and NATO force-planning priorities therefore intersect with critical infrastructure resilience as a condition of operational tempo and reinforcement credibility. [29] This integration expands the operational concept beyond “protecting objects” toward “ensuring continuity of essential functions”, including continuity of political decision-making and administrative capacity under stress, which the EU’s preparedness agenda frames as continuity of essential services and public warning and crisis communication systems. [30]

Doctrinally, the consequence is a requirement for integrated planning across hazards and across civil–military boundaries. NATO’s Allied Command Transformation has explicitly linked the Washington summit outcomes to warfighting adaptation and to a layered resilience imperative, indicating that resilience is treated as an element to be operationalised in military adaptation rather than only in national civil planning. [31] The EU’s approach, through a combination of binding directives and targeted infrastructure-specific action plans, embeds resilience requirements into operator obligations and national strategies, which can then be coupled with defence planning, procurement and training cycles. [32]

The NATO–EU interface is operationally significant because both organisations explicitly treat resilience and critical infrastructure protection as a cooperation domain. The Vilnius Summit Communiqué identifies resilience and the protection of critical infrastructure as areas for expanded NATO–EU cooperation and situates this within broader efforts against disinformation, hybrid and cyber threats, and cooperation on emerging and disruptive technologies. [33] NATO and the EU have further institutionalised this convergence through a dedicated taskforce on resilience and critical infrastructure protection announced in January 2023, signalling an intent to align assessments, messaging and practical coordination mechanisms. [34]

Capability families and tactical building blocks

At the level of capabilities, this strategic priority decomposes into families that jointly deliver three non-negotiable outcomes: anticipatory awareness, resistance under attack, and rapid recovery. The political–strategic logic behind these outcomes is that adversaries should be denied the ability to generate strategic effects through selective disruption and that allied decision-making and military enablement must remain functional under hybrid and multi-domain pressure. [19]

The first capability family concerns sensing, monitoring and situational awareness for critical infrastructure, including terrestrial networks, maritime approaches, and undersea systems. The EU Action Plan on Cable Security emphasises the need to increase detection capacity to identify and anticipate threats as early as possible, which operationally implies fused maritime-domain awareness, anomaly detection on cable systems, and persistent monitoring of risk areas across EU maritime basins. [16] ENISA’s technical guidance on undersea cables explicitly addresses supervision of undersea cable infrastructure, including landing stations and cable network management systems, supporting the inference that effective monitoring must include both the physical layer and the digital systems that operate the network. [35] NATO’s creation of a Critical Undersea Infrastructure Network and its Maritime Centre for the Security of Critical Undersea Infrastructure implies that the Alliance considers persistent maritime and undersea awareness to be a distinct capability requirement requiring both military and industry engagement. [36]

The second capability family concerns secure and resilient communications and command-and-control under contested conditions. NATO’s Washington Summit Declaration links critical undersea infrastructure protection with NATO cyber and network security measures and with accelerating implementation of NATO standards to strengthen interoperability, indicating that resilience requires not only national robustness but also compatible architectures and standards across the Alliance. [17] The EU’s NIS2 Directive explicitly requires entities to protect network and information systems, and the EU Action Plan on Cable Security clarifies that operators of submarine cable-related digital infrastructure must protect both network systems and their physical environment against all hazards, with formal incident reporting pathways through CSIRTs or competent authorities. [37] This combination implies concrete tactical requirements such as segmentation between IT and operational technology, hardened network management, cyber incident response mechanisms, and resilient routing and redundancy. [38]

A third capability family concerns physical protection, access control and layered security for high-value nodes, including landing stations, substations, ports, logistics hubs, data centres and governmental continuity sites. The CER Directive establishes an EU-level framework requiring resilience measures covering both man-made and natural risks, including physical protection of premises and critical infrastructure, response and mitigation capacity, and recovery planning. [39] The Council Recommendation on strengthening the resilience of critical infrastructure, produced in the context of sabotage concerns, reinforces the relevance of stress testing and systematic risk assessment. [40] This capability family is not reducible to guard forces; it implies integrated security design, crisis communications, and coordination protocols among operators, police, civil protection and military authorities.

A fourth capability family concerns rapid repair and restoration, including pre-positioned spares, specialist repair assets, and coordination frameworks to prioritise repairs in crisis. The EU Action Plan on Cable Security makes the “response and repair” component explicit and links the agenda to investment frameworks, the identification of cable projects of European interest, and the need to reduce dependencies on non-EU players, including for spare parts and repair-related supply chains. [41] This implies tactical requirements for deployable repair capacity, specialised vessels and equipment, access to cable segments and components, and mechanisms to coordinate repair operations in contested or ambiguous environments.

A fifth capability family concerns resilience governance, planning and continuity systems, including continuity of government, continuity of essential services, and whole-of-society preparedness. NATO’s framing of resilience as rooted in Article 3 and essential for deterrence and defence implies that civil preparedness, continuity and crisis governance are part of the strategic baseline rather than optional national add-ons. [10] The EU Preparedness Union Strategy explicitly includes encouraging households to maintain essential supplies for a minimum period and the integration of preparedness into education and public-private cooperation, illustrating an institutional preference for distributed resilience rather than reliance on emergency improvisation. [30] National strategies reinforce this pattern: Germany[42]’s National Security Strategy adopts an “integrated security” approach and directly ties resilience and critical infrastructure robustness to national security. [43] France[44]’s National Strategic Review places resilience as an explicit national requirement across both military and non-traditional challenges and frames coordination with EU and NATO mechanisms as necessary. [45] In the United States[46], the 2022 National Defense Strategy explicitly frames “deterrence by resilience” as a core requirement to deny adversaries the benefits of aggression across vital networks. [47]

A sixth capability family relates to chemical, biological, radiological and nuclear readiness and medical resilience for mass-casualty contexts, which forms part of national resilience because large-scale health or CBRN events can produce systemic effects comparable to hybrid disruption and can simultaneously constrain military operations and domestic governance. NATO’s Madrid Summit Declaration indicates endorsement of a new CBRN defence policy alongside resilience commitments, linking strategic resilience to the ability to operate and sustain in multiple threat environments. [11]

Across all families, interoperability is not mainly technical but institutional and procedural. NATO’s emphasis on standards and interoperability in the Washington declaration indicates that resilience is expected to be coalition-ready and scalable. [17] EU directives and action plans imply harmonisation across Member States, but also highlight the risk of uneven implementation and administrative duplication unless coherently aligned between NIS2 and CER obligations. [48]

Technology clusters and industrial transformation

Technologically, the protection of critical infrastructure and national resilience is structurally anchored in a limited number of technology clusters that are repeatedly activated across NATO and EU policy instruments: cyber defence and security of networks; sensing and surveillance; resilient communications and command-and-control; autonomy and uncrewed systems for persistent monitoring; and space-enabled services for communications, timing and observation. The Washington Summit Declaration’s explicit coupling of undersea infrastructure protection with cyber defence and interoperability measures indicates that NATO treats resilience as a technology-dependent mission area requiring modern, integrates systems rather than stand-alone protective measures. [27] The EU Action Plan on Cable Security similarly frames the problem as requiring detection, response and repair capacity, investment into new cables, and reduction of strategic dependencies, implying an industrial–technology policy approach rather than a narrow security posture. [41]

Cyber resilience is systemically central because modern critical infrastructure is managed through digital systems. The EU’s NIS2 Directive establishes the cybersecurity baseline for a broad set of entities and explicitly treats cybersecurity as an internal market and security condition through harmonised requirements and governance frameworks. [49] The EU Cybersecurity Strategy for the Digital Decade provides the policy basis for strengthening resilience against cyber threats, linking internal market rules and geopolitical risk. [50] In the cable domain, the EU Action Plan explicitly integrates NIS2 obligations with cable security measures and clarifies the reporting and risk management logic for incidents affecting undersea communication cables. [16]

Sensing and surveillance technologies constitute a second core cluster. Undersea infrastructure security requires monitoring of access routes and activities in the maritime domain, and the EU Action Plan positions detection as a strategic pillar grounded in surveillance and early identification of threats. [16] NATO’s establishment of a network and centre for critical undersea infrastructure security logically implies sustained surveillance capacity and data fusion across navies, relevant agencies and operators. [36] This surveillance requirement increasingly depends on autonomous or remotely operated systems, given the scale of maritime spaces and the impracticality of constant human monitoring, a point reflected in NATO’s approach to enhancing deterrence and detection capacities under resource constraints. [18]

Space-enabled services are both enabling and increasingly central. The EU Space Strategy for Security and Defence is explicitly oriented toward resilience and the security of EU space services, including the protection of space infrastructure and reduction of strategic dependencies. [51] The reliance of critical infrastructure protection on resilient communications, positioning and timing, and observation implies deep integration between terrestrial and space domains, particularly when monitoring remote maritime areas and when ensuring continuity of communications in crisis. [52]

Industrial transformation follows from the fact that critical infrastructure resilience is now embedded in the EU’s defence-industrial and financing architecture. The European Defence Fund provides an EU-level R&D and development mechanism with objectives tied to competitiveness and innovation in the European defence technological and industrial base. [53] The emergency industrial instruments adopted after 2022, including ASAP and EDIRPA, formalise the EU’s move toward treating industrial capacity as a determinant of readiness and therefore as a security asset. [54] The European Defence Industrial Strategy explicitly frames EU readiness as dependent on a responsive and resilient European defence industry, indicating a policy intent to shift from fragmented national procurement toward common demand aggregation and industrial reinforcement. [55]

This trajectory has been further institutionalised through EDIP, which establishes a programme and a framework aimed at ensuring timely availability and supply of defence products, and through SAFE, which establishes a large-scale EU financing instrument in the form of loans to reinforce defence industrial capacity. [56] Even where the strategic priority is “critical infrastructure protection” rather than “weapons production”, the industrial logic is directly relevant because resilience depends on the availability of components, repair assets, secure communications systems and the capacity to produce, integrate and sustain them at scale. [57]

A distinctive aspect of this priority is its dual-use industrial footprint. Many required capabilities are produced outside traditional defence primes, in sectors such as telecommunications, energy infrastructure engineering, subsea manufacturing and repair, industrial control systems security, data-centre engineering, and specialised sensing. The EU Action Plan on Cable Security explicitly acknowledges that coordination and investment must engage the private sector and financial actors, including structured dialogues with industry and financial institutions to align grant funding and non-budget financing. [16] This implies an industrial transformation in which infrastructure operators and suppliers become part of an extended security-industrial ecosystem that must satisfy regulatory resilience standards and, increasingly, defence-linked security requirements.

Structural bottlenecks and strategic dependencies

The most structurally important bottleneck is the asymmetry between the strategic importance of critical infrastructure and the persistent scarcity of repair and protection capacity, particularly in the undersea domain. The EU Action Plan on Cable Security identifies the need to improve response and repair and to enhance investment in redundancy, while acknowledging that protection of critical infrastructure remains primarily a Member State task, creating a structural coordination problem when threats manifest transnationally. [16] The policy implication is that crises affecting cables and related systems will immediately become cross-border political events, but operational response capacity is fragmented across national authorities and private operators unless formalised coordination mechanisms exist and are exercised. [58]

A second structural dependency concerns supply chains for critical components and spare parts. The EU Action Plan explicitly calls for risk assessments that include supply chain dependencies and emphasises the provision of spare parts in time and volume for deployment and maintenance, while also identifying the need to reduce dependencies on non-EU players, including those considered high-risk vendors. [16] This is directly amplified by EU defence-finance instruments that embed eligibility and origin constraints, such as SAFE’s financing architecture as set out in the regulation. [59] Even when applied primarily to defence procurement, these mechanisms shape the broader industrial environment in which dual-use resilience technologies compete for capital and production capacity.

A third bottleneck is regulatory and governance complexity. The EU’s horizontal framework consists of NIS2 and CER, and the Action Plan underscores the need to avoid duplication and reduce administrative burden by clarifying when NIS2 requirements substitute CER obligations for digital infrastructure operators. [48] This coherence requirement becomes a strategic issue because uneven national transposition, fragmented supervision, or inconsistent interpretations can create patchwork resilience across the single market, generating exploitable vulnerabilities and complicating cross-border crisis coordination. [60]

A fourth structural constraint is the mismatch between the pace of threat evolution and the pace of infrastructure investment cycles. Submarine electricity cables and interconnectors are designed for long lifetimes and require heavy capital investment, while the EU Action Plan highlights the need for significant additional investment, including large-scale grid modernisation requirements and the acceleration of infrastructure build-out. [16] This produces a strategic vulnerability because adversaries can exploit short-term windows of weakness faster than reconstruction and modernisation can close them, unless redundancy and modular repair capacity are built as deliberate design principles. [41]

A fifth dependency is the reliance on private operational data and private-sector capabilities for situational awareness, incident response and restoration. NATO’s Critical Undersea Infrastructure Network and the EU’s cable security governance both explicitly integrate industry actors, reflecting the fact that much of the relevant infrastructure is privately owned and that operational knowledge resides with operators. [61] This creates a persistent security challenge around trusted information sharing, classification boundaries, liability and incentives. The NATO–EU taskforce on resilience and critical infrastructure protection is a political response to this structural requirement for coordinated public-private and cross-institutional action. [34]

A sixth constraint concerns workforce and institutional capacity, particularly specialised skills in industrial cybersecurity, undersea engineering, and crisis management. The EU’s preparedness agenda places emphasis on building a culture of readiness and enhancing cooperation frameworks, but such strategies are only executable if Member States and operators possess the trained personnel to implement risk management, monitoring, and restoration activities. [62] National strategies reflect the same pressure, framing resilience as a whole-of-society effort requiring sustained investment and coordination. [63]

Implications for institutions, industry, research and capital

For institutions, the main implication is that critical infrastructure resilience has moved from a supporting policy area to a strategic filter that shapes defence planning, internal security regulation, civil protection, and industrial mobilisation. NATO’s summit decisions demonstrate that resilience is not treated as a parallel agenda but as an underpinning layer for deterrence and defence, with specific institutional outputs such as the centre and network for critical undersea infrastructure security and the acceleration of standards and interoperability. [27] The NATO–EU cooperation framework explicitly expands into resilience and critical infrastructure protection, reinforcing that institutional alignment is understood as necessary to avoid strategic seams exploitable by adversaries. [64]

Within the EU, the operationalisation of resilience through NIS2 and CER changes the institutional landscape by creating enforceable obligations, supervisory roles, incident reporting requirements and national resilience strategies tied to EU-level expectations. [32] The cable security agenda extends this by creating governance structures for mapping, risk assessment, toolbox measures, investments and coordination with partners, explicitly conceived in complementarity with NATO activities. [41] The Preparedness Union Strategy indicates that the EU seeks to normalise preparedness as a policy domain, including public-private mechanisms and public guidance on minimum self-sufficiency, which signals a shift to distributed societal resilience as a security policy instrument. [30]

For industry, the implication is a durable demand environment driven by regulatory compliance and by security-driven investment priorities. Under NIS2 and CER, compliance requirements incentivise spending on cybersecurity, physical security and resilience planning for a wide range of operators, transforming resilience into a recurring budget item and into a market access condition. [32] The cable security agenda further implies demand for redundancy design, monitoring and sensor integration, secure network management systems, and repair capacity. [65] In parallel, the EU’s defence-industrial policy instruments and financing architecture create an additional demand-side signal for dual-use technologies relevant to resilience, particularly where they intersect with cyber security, secure communications, space-enabled services and autonomy. [23]

For research actors, resilience as a strategic priority implies that R&D agendas increasingly align toward technologies that are integrable into operational systems and scalable within European industrial constraints. The European Defence Fund provides an institutional channel translating strategic requirements into funded innovation, while Commission adjustments to work programmes aimed at disruptive technologies suggest an emphasis on shortening pathways from research to deployable capability within EU frameworks. [66] The EU Space Strategy for Security and Defence and related analytical work indicate that space resilience and dependency reduction are likely to remain long-horizon research drivers linked to broader resilience and technological sovereignty agendas. [51]

For capital allocators, the implication is that infrastructure resilience and protection constitute a strategic-investment domain with increasing policy-backed de-risking levers, but also with compliance and sovereignty constraints. SAFE establishes a large-scale EU loan mechanism intended to reinforce the European defence industry and therefore indirectly affects the capital environment for dual-use resilience technologies, while EDIP creates a programme framework for supply availability and industrial readiness. [67] The EU Action Plan on Cable Security explicitly anticipates blended financing and structured engagement with the European Investment Bank and other financial institutions to support strategic cable projects, implying that resilience-related infrastructure investments are expected to leverage public funding to catalyse private capital. [16]

Overall, the strategic function of this priority across the NATO–EU–national ecosystem is to translate the security requirement of continuity into binding governance, operational planning assumptions, and investable industrial pathways. The strategic consequence is that “resilience” is increasingly treated as a measurable capability layer, embedded into standards, procurement eligibility, investment frameworks and public-private coordination mechanisms, rather than as an aspirational concept. [68]

[1] [2] [8] [16] [25] [26] [28] [41] [42] [46] [48] [58] [65] IMMC.JOIN%282025%299%20final.ENG.xhtml.3_EN_ACT_part1_v3.docx

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX%3A52025JC0009

[3] [6] [9] https://www.act.nato.int/wp-content/uploads/2023/05/290622-strategic-concept.pdf

https://www.act.nato.int/wp-content/uploads/2023/05/290622-strategic-concept.pdf

[4] [11] https://www.nato.int/en/about-us/official-texts-and-resources/official-texts/2022/06/29/madrid-summit-declaration

https://www.nato.int/en/about-us/official-texts-and-resources/official-texts/2022/06/29/madrid-summit-declaration

[5] [13] [22] https://www.eeas.europa.eu/sites/default/files/documents/strategic_compass_en3_web.pdf

https://www.eeas.europa.eu/sites/default/files/documents/strategic_compass_en3_web.pdf

[7] [30] [62] https://ec.europa.eu/commission/presscorner/detail/en/ip_25_856

https://ec.europa.eu/commission/presscorner/detail/en/ip_25_856

[10] [19] [24] [68] https://www.nato.int/en/what-we-do/deterrence-and-defence/resilience-civil-preparedness-and-article-3

https://www.nato.int/en/what-we-do/deterrence-and-defence/resilience-civil-preparedness-and-article-3

[12] [33] [64] https://www.nato.int/en/about-us/official-texts-and-resources/official-texts/2023/07/11/vilnius-summit-communique

https://www.nato.int/en/about-us/official-texts-and-resources/official-texts/2023/07/11/vilnius-summit-communique

[14] [15] [32] [37] [38] [49] https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022L2555

https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022L2555

[17] [27] https://www.nato.int/en/about-us/official-texts-and-resources/official-texts/2024/07/10/washington-summit-declaration

https://www.nato.int/en/about-us/official-texts-and-resources/official-texts/2024/07/10/washington-summit-declaration

[18] [36] [61] https://www.nato.int/en/news-and-events/articles/news/2024/05/23/nato-holds-first-meeting-of-critical-undersea-infrastructure-network

https://www.nato.int/en/news-and-events/articles/news/2024/05/23/nato-holds-first-meeting-of-critical-undersea-infrastructure-network

[20] https://www.congress.gov/crs-product/R48121

https://www.congress.gov/crs-product/R48121

[21] https://www.nato.int/en/about-us/official-texts-and-resources/strategic-concepts/nato-2022-strategic-concept

https://www.nato.int/en/about-us/official-texts-and-resources/strategic-concepts/nato-2022-strategic-concept

[23] [53] [66] https://eur-lex.europa.eu/eli/reg/2021/697/oj/eng

https://eur-lex.europa.eu/eli/reg/2021/697/oj/eng

[29] https://www.lemonde.fr/en/international/article/2025/11/16/nato-faces-logistics-challenge-over-moving-tanks-across-eu-in-face-of-russian-threat_6747508_4.html

https://www.lemonde.fr/en/international/article/2025/11/16/nato-faces-logistics-challenge-over-moving-tanks-across-eu-in-face-of-russian-threat_6747508_4.html

[31] https://www.act.nato.int/article/nato-summit-key-declarations/

https://www.act.nato.int/article/nato-summit-key-declarations/

[34] [44] https://www.nato.int/en/news-and-events/articles/news/2023/01/11/nato-and-the-eu-set-up-taskforce-on-resilience-and-critical-infrastructure

https://www.nato.int/en/news-and-events/articles/news/2023/01/11/nato-and-the-eu-set-up-taskforce-on-resilience-and-critical-infrastructure

[35] https://www.enisa.europa.eu/publications/undersea-cables

https://www.enisa.europa.eu/publications/undersea-cables

[39] https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022L2557

https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32022L2557

[40] https://data.consilium.europa.eu/doc/document/ST-13713-2022-INIT/en/pdf

https://data.consilium.europa.eu/doc/document/ST-13713-2022-INIT/en/pdf

[43] [63] https://www.nationalesicherheitsstrategie.de/National-Security-Strategy-EN.pdf

https://www.nationalesicherheitsstrategie.de/National-Security-Strategy-EN.pdf

[45] https://www.sgdsn.gouv.fr/files/files/rns-uk-20221202.pdf

https://www.sgdsn.gouv.fr/files/files/rns-uk-20221202.pdf

[47] https://media.defense.gov/2022/Oct/27/2003103845/-1/-1/1/2022-NATIONAL-DEFENSE-STRATEGY-NPR-MDR.PDF

https://media.defense.gov/2022/Oct/27/2003103845/-1/-1/1/2022-NATIONAL-DEFENSE-STRATEGY-NPR-MDR.PDF

[50] https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52020JC0018

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52020JC0018

[51] [52] https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52023JC0009

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52023JC0009

[54] https://eur-lex.europa.eu/eli/reg/2023/1525/oj/eng

https://eur-lex.europa.eu/eli/reg/2023/1525/oj/eng

[55] https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52024JC0010

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52024JC0010

[56] [57] https://eur-lex.europa.eu/eli/reg/2025/2643/oj/eng

https://eur-lex.europa.eu/eli/reg/2025/2643/oj/eng

[59] [67] https://eur-lex.europa.eu/eli/reg/2025/1106/oj/eng

https://eur-lex.europa.eu/eli/reg/2025/1106/oj/eng

[60] https://home-affairs.ec.europa.eu/policies/internal-security/counter-terrorism-and-radicalisation/protection/critical-infrastructure-resilience-eu-level_en

https://home-affairs.ec.europa.eu/policies/internal-security/counter-terrorism-and-radicalisation/protection/critical-infrastructure-resilience-eu-level_en