EU intelligence centre facing new challenges

The European Union installs a „Cyber Diplomacy Toolbox“, in which secret services should play a bigger role. Among other things, the member states want to find a common diplomatic response to „malicious cyber activities“ as quickly as possible. The new tasks of the Intelligence Situation Centre are highly controversial.

The European Union has no competence to coordinate secret services. Nevertheless, there is a network for them in Brussels. The EU Intelligence Analysis Centre (INTCEN) employs around 100 staff. They are not allowed to conduct their own spying or use informerants. Instead, they process „finished intelligence“ material from the Member States. INTCEN’s products include „intelligence assessments“, „strategic assessments“ and „special reports and briefings“.

INTCEN could now take on new tasks. In a paper to the Member States, the European External Action Service (EEAS) proposes that the Centre support the attribution of cyber attacks using its own intelligence capabilities. INTCEN should also make proposals for countermeasures. The „Hybrid Fusion Cell“ recently set up to deal with „disinformation“ would be also involved.

Attribution of attacks

The proposals are part of the „Cyber Diplomacy Toolbox“ launched by the European Union two years ago. It aims to provide a „common diplomatic response“ to „malicious cyber activities“. These can be conclusions or sanctions after a Member State has been attacked. To this end, the origin of the „malicious cyber activity“ should be ensured.

Civil and military intelligence authorities are organised in the INTCEN, both domestic and foreign services. It consists of the four working units Analysis, Open Sources, Situation Centre and Consular Crisis Management. Together with the Military Intelligence Directorate of the EU Military Staff (EUMS INT), the INTCEN belongs to the crisis management structures of the EEAS. They both report to the High Representative of the Union for Foreign Affairs and Security Policy and together form the Single Intelligence Analysis Capacity (SIAC).


The extension of the INTCEN’s tasks is a source of controversy in Brussels. Some Member States demand that the Situation Centre will not be given any further reconnaissance capabilities. This can be found in a second version of the document from the External Action Service in several places. It contains substantial reductions.

The original document already stresses that the role of the INTCEN should at most be „introductory, complementary or accessory“. The passage is now changed to „INTCEN does not substitute Member States analyses and cannot be considered in itself as a shared understanding of the threat“. However, it is questionable which technology and methods INTCEN may use in the future. So-called OSINT procedures are already being used in Brussels. Open sources on the Internet, especially social networks, are observed.

„Remote chance“ to „almost certain“

The Commission had called for the development of „pro-active and objective“ intelligence cooperation in the „EU Action Plan against Disinformation“. It is explicitly addressed to „Russia“, which is described as primarily responsible for „disinformation“. The action plan includes demands for Internet service providers to remove such content quickly. A rapid alert system is to ensure „early crisis detection“.

According to the first proposal, INTCEN should actually also determine the probability with which a „malicious cyber activity“ was attributed. For this purpose, the Centre should use a scale ranging from „remote chance“ to „almost certain“. This table also went too far for some Member States and was deleted. Perhaps because it would symbolically transfer the responsibility for cyber attacks to the INTCEN.

Image: European Union

Autor: Matthias Monroy

Knowledge worker, activist, editor of the German civil rights journal Bürgerrechte & Polizei/CILIP.