Uncharted territory? Towards a common threat analysis and a Strategic Compass for EU security and defence

Introduction

Words have meaning. European Commission President Ursula von der Leyen took up her mandate calling for a ‘geopolitical Commission’ and Josep Borrell, the High Representative of the Union for Foreign Affairs and Security Policy/Vice-President of the European Commission (HR/VP), echoed this by stating that the EU needs to ‘learn the language of power’. Reflecting the current geopolitical turbulence facing Europe, the EU’s rhetorical shift could split opinion – at the very least, the choice of language is open to interpretation. It could be argued that the word ‘geopolitics’ sits uneasily alongside terms such as ‘multilateralism’, especially when one considers the historical connotations of geopolitics. The implication is that visions of peace and international cooperation cannot simultaneously sit alongside ideas such as the military control of the ‘heartland’ or mastery of the seas – to put it differently, if the EU is Monnet, can it ever survive in the world of Mackinder or Mahan?¹ EU member states would react to this statement in different ways and this is one among many reasons why it is so difficult to form a ‘common strategic culture’ in Europe.

Behind the EU’s mosaic of various national strategic cultures lie profound differences between geopolitical interests and strategic histories. As the 2017 French Defence and National Security Strategic Review observes, ‘[g]eography and history remain important factors in the manner in which European states rank threats and risks, and more generally, in the diversity of their strategic cultures.’² Despite the direction offered by the EU Global Strategy, there is as yet no common approach to how member state governments understand threats to the EU’s security. Defining ‘threats’ is not an easy task and it has split security scholars. Nevertheless, member states have stressed the need for a strategic reflection on security and defence based on ‘a shared assessment of threats and challenges.’³ This echoes the EU Global Strategy, which stated that ‘European security hinges on better and shared assessments of internal and external threats and challenges.’⁴

If the EU is Monnet, can it ever survive in the world of Mackinder or Mahan?

With a view to advancing a shared EU threat analysis, the informal meeting of defence ministers in Zagreb, Croatia, on 4 and 5 March 2020 resulted in a call for a new initiative labelled the ‘Strategic Compass’. The Compass will be a 2-year process designed to provide enhanced politico-strategic direction for EU security and defence and its level of ambition in this area – it is not designed to replace the EU Global Strategy but to further refine it.⁵ The level of ambition – agreed to in November 2016 – called for the EU to: (i) engage in crisis management; (ii) support capacity building for partners; and (iii) protect the EU and its citizens.⁶ Yet it did not offer any further clarity on how the EU should fulfil these tasks in operational terms. What is more, the level of ambition clearly needs to be assessed in the light of the shift towards a more competitive geopolitical context and rapidly evolving technological trends. This is the gap the Compass is designed to fill, plus it will seek to better link the EU’s strategic, operational and capability needs. On this basis, the first step in the Strategic Compass process will be a threat analysis to identify the nature and severity of threats facing the EU over the short to medium term (i.e. 2025 to 2030).⁷

However, a number of questions arise out of the planned Strategic Compass initiative. Primarily, there is a need to better understand how member states currently perceive, describe and rank threats but, more than this, to think about how EU security and defence capacities and mechanisms could respond to them. There will also be a need to analyse the types of vulnerabilities that may arise out of the identified threats, and to get a better grasp of how security trends may evolve (in terms of proximity, overlap, intensity and temporality). Not only are geopolitical trends likely to aggravate and intersect with a range of threats, but threats will also emerge in a context of greater digitalisation and disruptive technologies; these technology trends could help manage security threats, but they may equally aggravate them. Additionally, it will be essential to link the conclusions of the threat analysis with the subsequent steps of the Strategic Compass. This means that the conclusions of the threat analysis should ideally assist with follow-on reflections about the EU’s defence posture and its capabilities and resources.

To reflect on these points, this Brief asks two interrelated questions: (i) how do EU member states collectively understand threats today?; and (ii) how can such an understanding of threats lay the foundation for the Strategic Compass in such a way that the EU can strive in a more concrete way towards its level of ambition? Accordingly, this Brief has three main parts. The first part starts with a reflection on the term ‘threats’ and then conducts its own threat analysis by drawing on 25 of the most up-to-date national security and defence strategies to show how member states conceive of threats today.⁸ The second part offers some pointers on how an updated understanding of threats could help refine the EU’s level of ambition. The final part ponders the potential pitfalls that may arise when conducting the Strategic Compass.

The power of language

The term ‘threats’ continues to be a point of contention among security scholars. One school of thought believes that threats can be understood as a ‘combination of perceived intentions, ideology and distance, as well as aggregate capabilities’ that can threaten the existence of a state.⁹ This view can, however, be deemed too state- and military-centric and it underplays wider phenomena such as climate change or pandemics (which may also threaten the existence of a state, albeit in other ways). Another school argues that ‘threats’ need to be understood in a more subjective manner. From this perspective, threats can also be seen as set of choices that reflect security concerns, values, culture and identity.¹⁰ We do not have the space here to unpack these mammoth concepts, but suffice to say that the latter conceptual understanding implies that threat perceptions can nourish a state’s strategic culture or identity. According to this theory, a state’s threat perception can illustrate how it may think or act in a given situation and show us what values and interests it purports to defend.

Based on these definitions, and acknowledging that not all threats can or should be understood from a military perspective, it can be assumed that an analysis of individual security and defence strategies in the EU could help to reveal the characteristics of national threat perceptions. Comparing national strategies may also allow us to observe whether there is a common threat perception in the EU or whether such a perception can amount to a common ‘strategic culture’. Looking at the 25 national strategies that are publicly available, one is confronted with a diverse set of strategies with different word counts, styles and structure. They are also produced at different rates and in some cases there can be up to a 10-year gap between their publication. So, for example, the six strategies that were published prior to Russia’s invasion of Ukraine unsurprisingly have little to say about Moscow’s aggressive action. Finally, comparing documents in the English language may not entirely capture the nuances or connotations of the original language.¹¹

Having a common threat perception does not necessarily amount to having a common strategic culture

Despite these caveats, comparing 25 of the most recent national strategies reveals some noteworthy indicators about how EU member states perceive threats. For instance, if we conduct a word search for security issues and record them only when they are described as a ‘threat’ in the national strategies, it is possible to build a more complete picture of what issues concern member states. As can be seen from the data (see the ‘Threats from, threats to’ graphic below), there are some unsurprising results. For example, many of the Baltic and central European states classify Russia as a threat when compared to others. On the whole, more than half of the total 25 states analysed agree that terrorism, cybersecurity, hybrid threats,¹² organised crime, proliferation, violent conflict, resource and energy supply, espionage and illegal migration are threats (and in this order too). One can also see that pandemics and disease were considered a security threat by many member states long before Covid-19 struck.

Data also reveals that there are interlinkages between the issues that have been labelled as threats by governments. So, those states that list Russia as a threat also believe that espionage, intelligence operations and hybrid threats should rank highly too. There are limits to establishing linkages, however. Most member states see the proliferation of chemical, biological, radiological and nuclear (CBRN) weapons and weapons of mass destruction (WMD) as a threat but only two specifically refer to North Korea or Syria in this regard. Perhaps also of note here is that it is not clear how relatively new threats (i.e. those that have intensified over the past decade) such as European disunity, the erosion of the international order and economic instability connect with existing, more long-standing, threats. Finally, it is clear that the majority of member states are disinclined to use their national strategies to formally label individual countries as threats, and the focus is more on cross-border security issues. This is, in itself, a reason why a common EU understanding of threats is necessary.

A focus on the word ‘threats’ can, therefore, be relatively revealing of national threat perceptions. For example, it is noteworthy that the strategies of Latvia, the Netherlands and Slovenia have the most references to ‘threats’ even though their strategies are comparably shorter in terms of word count. However, earlier we pointed to how certain security scholars believe that the meaning of ‘threats’ is subjective. While the word 'threats' can be used to denote a sense of urgency or to rally domestic political support for a particular security issue, only analysing threats has limitations. The reality is that national strategies use a range of words to describe how they perceive individual security issues. For example, words such as ‘challenge’, ‘tension’ or ‘problem’ are used to soften the description of a threat and ‘risk’ or ‘vulnerability’ can in turn be used to describe security issues that, despite there being a policy response, will continue to be present over a longer period of time (e.g. climate change or cybersecurity). Additionally, many words are often combined with adjectives to create a sense of urgency or calm (e.g. high risk or low risk).

Nevertheless, when we compare the words used to describe security issues with the types of issues listed in each national strategy, a more comprehensive picture of threat perceptions in the EU emerges (see the ‘Grammar of threats’ graphic). For example, a number of member states view geopolitical rivalry, the erosion of multilateralism, instability in the EU and technological uncertainty as challenges and risks rather than threats (i.e. slow-burning issues rather than immediate ones). Additionally, collective issues such as critical infrastructure protection and supply disruptions may be seen to trump more region-specific concerns such as insecurity in Africa, Asia or the Middle East. Moreover, out of all of the regions, insecurity ranks the highest in eastern Europe. However, we have to be careful here because many of the high-ranking cross-border security issues (e.g. illegal migration, terrorism and proliferation) cut across regions such as Africa and the Middle East.

The data also reveals some positive news for the EU – namely, that a number of member states coalesce around similar threats. More than half believe that climate change, cybersecurity, the erosion of multilateralism, hybrid threats, illegal migration, organised crime, proliferation, supply disruptions and terrorism are threats to national security. This means that there is sufficient common ground between governments on a range of threats, but there are challenges despite this seeming critical mass. First, not all of the threats automatically relate to defence policy and they may even call for internal security tools and responses (e.g. critical infrastructure protection). In this respect, it may not be easy to see how they specifically relate to the Strategic Compass initiative. Second, even if there is common ground on a range of threats this may not amount to a common perception of what actually constitutes a threat because governments may disagree as to the means and strategies to tackle them. Third, even if we assume that a common EU threat perception can be generated during the Compass process this is still a far cry from saying that the EU has a ‘strategic culture’.

Data: Various, 2010−2020

Destination unknown?

While the Strategic Compass will seek to further refine the range of tools created since 2016 and hopefully defuse residual institutional frictions, a truly ambitious process must move beyond the sequencing of mechanisms or definition of institutional remits. As HR/VP Josep Borrell has already insisted, what the EU needs today is a ‘shared strategic culture and empathy’ in respect of its main security challenges^.13 This is a point that was reiterated during the informal meeting of defence ministers in Zagreb, Croatia, on 4 and 5 March 2020.¹⁴ As we have seen above, however, even if a number of member states agree on the threats this may not amount to a common threat perception or indeed a strategic culture. Depending on the scope and nature of the threat analysis, it may even be possible to observe how far away from a strategic culture the European Union is and EU institutions may have to humbly acknowledge that the Compass will not lead to a strategic culture in its own right. Perhaps the threat analysis can be of service in confronting member state governments with the strategic trade-offs involved in comparing threats and devising responses to them with available EU resources.

The Strategic Compass is not designed to re-write the EU's level of ambition but it should refine it

In this sense, if the threat analysis is to serve a purpose it could help member state governments better contextualise the geopolitical and technological environment in which the EU’s existing level of ambition in security and defence must be achieved. To be clear, the Strategic Compass is not designed to rewrite the EU’s three-pronged level of ambition, but it is supposed to result in more concrete politico-strategic guidance on how the level of ambition can be achieved in terms of operations and capabilities. The threat analysis is a first step in this process, but, as of now, it is unclear how the analysis will feed into each of the three areas of the level of ambition or how this exercise will go on to inform the full 2-year Strategic Compass process. Based on the data collected above, however, it is possible to offer a preliminary insight into how a threat analysis could further refine the three pillars of the EU’s level of ambition.

1. Responding to external conflicts and crises

Based on the data above, it is clear that several member states believe that the rise of militarism, the erosion of multilateralism, cyberattacks, climate change and conflict can all be considered as threats to their security. What is unclear, however, is how this security context can alter how, why and where the EU deploys Common Security and Defence Policy (CSDP) missions and operations in line with the first pillar of its level of ambition. Today, the EU is still expected to be able to deploy up to 50,000-60,000 personnel within 60 days and for up to a year for joint disarmament operations, peacekeeping and peacemaking tasks (among other tasks listed in Article 43.1 of the Treaty on European Union (TEU)). However, these were goals set back in 1999 in a completely different geopolitical and technological environment to that of today. It is not clear whether there is an appetite to revise the ‘Headline Goals’, the Petersberg Tasks or the tasks outlined in the ‘annex to the annex’ of the Council conclusions of 14 November 2016. As the argument goes, any step to revise these targets may be an admission of failure to meet them and serve as a pretext to lower the military level of ambition. Of course, if there is no ambition to revise these existing targets then member state governments need to devise a plan to meet them over an agreed timeline, otherwise EU security and defence will lose credibility.

Based on several of the threats documented in the national strategies, however, it is questionable whether the objectives set in the 1990s still hold. For example, with the EU Battlegroups (EUBGs) the Union has committed to rapidly deploying somewhere between 1,500-2,500 troops in case of a crisis. Even if the EUBGs can be flexibly configured into say amphibious packages, they are largely framed for land-based scenarios. However, threats to critical infrastructure protection or supply routes would call for more flexible force packages that draw on maritime, cyber, air and special forces assets. In this sense, even if the deployment of EUBGs is still politically dependent on member states, the EU’s threat analysis and Strategic Compass could help governments fashion more strategically relevant EUBG packages based on commonly agreed objectives. Alternatively, the EU Crisis Response Operation Core (CROC) Permanent Structured Cooperation (PESCO) project could be used to create the necessary operational flexibility. Relatedly, the Strategic Compass could also launch a contemporary reflection on Article 44 TEU. While this Treaty provision can only be used after unanimous approval by the Council, it could provide further flexibility for CSDP deployments by allowing a group of willing and able member states to take on specific CSDP operations or specific tasks within them.¹⁵

Data: Various, 2010−2020

In addition to the EUBGs and CROC, the EU could do more to link existing capability initiatives with threats. For example, the national strategies reveal that a majority of governments see supply disruptions as a threat, so on this basis why not attempt to prioritise and assemble a maritime force package. The Coordinated Maritime Presence (CMP) concept already aims to create a pool of naval resources that could be used in the event of maritime supply shocks. The concept is based mainly on information exchange and maritime awareness, but following the Strategic Compass it could evolve to include naval exercises and capability packages that would enhance the EU’s maritime presence. For example, the CMP could link together ongoing CSDP naval operations and the technological and capability projects being advanced through PESCO and the European Defence Fund (EDF). It may therefore be more advantageous to use the identified threats as a means to structure EU forces and capability packages.

Linked to the discussion about deployability is capability development, especially given how many member state governments believe proliferation, technological uncertainty, cyberattacks and geopolitical rivalry are threats. However, there has been no substantial improvement in Europe’s capability landscape for the past two decades.¹⁶ What is more, capability development is likely to come under pressure in the years ahead because of a combination of high costs for high-end defence technologies on the one hand, and budgetary strains due to Covid-19, on the other. The EU already has an established Capability Development Plan (CDP) that focuses on 11 key capability areas. It is clear today, however, that the EU needs to be able to better prioritise capabilities in line with the need to enhance operational effectiveness and meet the challenge of digitalisation.¹⁷ True, the High Impact-Capability Goals (HICGs) detail what precise capabilities are required to meet the EU’s level of ambition over a 6- to 12-year period, but questions remain about the coherence of PESCO projects and whether they can collectively boost the EU’s operational and defence technological credibility over the next 5 to 10 years. As the old saying goes, ‘if you prioritise everything, you are prioritising nothing.’

2. Capacity building of partners

With regard to capacity building and the second pillar of the EU’s level of ambition, an analysis of the national strategies reveals that several member states believe that failed states, ethnic and religious strife, illegal migration, crime, terrorism and the influx of refugees and asylum should be conceived of as threats. They also highlight that development issues pertaining to climate change, poverty, inequality, health, demography and urbanisation could aggravate existing and future conflicts. The EU can boast of having deployed around 34 missions and operations since 2003, and its capacity-building and military training missions have attempted to enhance security sector reform, promote international law and human rights, and implement several UN Security Council resolutions. However, the geostrategic and technological context is changing in many partner countries. In fact, many are already susceptible to hybrid threats (e.g. cyberthreats and disinformation) and several will feel the ill effects of climate change in the coming years. Thus, there is an opportunity for member state governments to specify how CSDP could be adapted to issues such as climate change resilience.

Many member states are concerned about geopolitical rivalry, growing authoritarianism and an erosion of multilateralism

What is more, a majority of member states rank possible disruptions of food, water, energy and raw materials supplies as threats. The fact that the EU’s critical supply chains extend globally is an invitation to stretch its definition of capacity building and partners by first bringing the two concepts together. For example, greater interlinkages between neighbourhood policies, infrastructure development and overseas investment could be explored with an inbuilt emphasis on technological resilience (e.g. cybersecurity). Additionally, while the EU already has strategic partnerships with countries such as Canada, Japan, South Korea, Vietnam and others it could be worth thinking about countries (that may not be formally EU partners today) that will be relevant from a geostrategic and technological perspective in the coming 5 to 10 years. Initiatives such as the PESCO co-basing project already aim to link military bases and nodes that could be critical for EU security and defence, but ‘technology alliances’ with partners for critical security supplies and systems could equally be explored. Indeed, the Strategic Compass could help refine the European Union’s concept of partnerships.

3. Protecting the European Union and its citizens

The third pillar of the EU’s level of ambition in security and defence may also be further refined by the forthcoming threat analysis and Strategic Compass. Although a sensitive aspect of the EU’s security and defence, the data derived from the national strategies reveals that member state governments are concerned about threats to the EU’s stability and regions like the Western Balkans and the Aegean, Baltic and Black Sea regions. Concerns about cyberattacks and critical infrastructure protection also reveal the range of threats that could harm the EU’s territory and citizens. Although member state governments that are part of NATO state that the alliance is the bedrock of their defence, many member states are concerned about geopolitical rivalry, growing authoritarianism and an erosion of multilateralism. Yet a number of member states are not part of the alliance and there remain questions about how the EU could assist governments in different crisis scenarios (either in tandem with NATO or alone if necessary). In this respect, it is worth thinking about how a shifting threat landscape could influence the way member state governments think about Article 42.7 TEU and Article 222 of the Treaty on the Functioning of the EU (TFEU).

Both the mutual assistance and solidarity clauses assume that the EU and member states would respond if a state ‘is the victim of armed aggression on its territory’ or when a crisis ‘clearly overwhelms the response capabilities available to it.’¹⁸ In this respect, the EU threat analysis could highlight those security issues that would make the invocation of the two clauses more likely than not. As the data presented in this Brief shows, however, the security issues deemed as threats by member state governments do not automatically call for a military response. This means that the threat analysis and Strategic Compass would need to adopt a broader concept of security for this third pillar that draws on tools and response mechanisms found in the Council of the EU, the European Commission and other bodies. There is also a need to use the Strategic Compass process to trigger a strategic reflection on the possible scenarios that may call for the invocation of Article 42.7 TEU or Article 222 TFEU.¹⁹ While this is perhaps the most politically sensitive aspect of the Strategic Compass process, it is worth asking what EU–NATO cooperation would look like if either treaty article were invoked, or how the EU would honour them without NATO.

Charting a way forward

To recap the analysis thus far, this Brief has analysed 25 national security and defence strategies to illustrate how member state governments perceive the threats they face. It then considered how these threats could inform a reflection about the three pillars of the EU’s level of ambition on security and defence. In the coming months, member state governments and institutions will conduct their own threat analysis as a first step in a 2-year process called the Strategic Compass. It is hoped that the Compass will give concrete politico-strategic guidance for the existing level of ambition so that it can deliver on operational deployability and capability development. The threat analysis conducted in this Brief is by no means the only way to conduct such an exercise, but it is free from the political constraints that will confront the EU when it conducts its own version, including the following.

Only a few states seem willing to publicly label China, Russia or other states as threats

First, the EU’s threat analysis will probably avoid overly focusing on security issues for which it has no political mandate (e.g. nuclear deterrence). Here, some member states will insist on complementarity between EU and NATO strategic processes, especially at a time of transatlantic discord. In particular, there will be calls to ensure complementarity between the Strategic Compass and NATO’s 2019 Political Guidance for the Defence Planning Process (NDPP) and the recent ‘reflection process’ started under the auspices of the Secretary General to strengthen the alliance’s political dimension in line with the December 2019 ‘London Declaration’.

Second, there could be a reluctance on the part of member states to use the Strategic Compass to endorse an expansion of the CSDP beyond conducting missions and operations outside of the European Union for the purposes of the mutual assistance and solidarity clauses. Additionally, a number of member states may fear that broadening the concept of security and defence under the Strategic Compass could open the door to greater communitarianism in a traditionally intergovernmental field and disrupt the existing framework of mechanisms (PESCO, EDF, CDP). In fact, in some respects the Compass could be seen as an attempt by member states to politically reassert their authority over EU security and defence.

Political buy-in from the member states is a necessary precondition for the success of the Strategic Compass

Third, there will also be a reluctance on the part of some member states to see the threat analysis lead to any prioritisation of threats.²⁰ Such fears could, however, be alleviated by ensuring that the EU’s threat analysis is conducted as a classified exercise by the Single Intelligence Analysis Capacity (SIAC). Obviously, member state governments may find it difficult to endorse a threat analysis that potentially contrasts with (or even contradicts) national strategies. Beyond the fetishisation of any single threat, the added value of any EU threat analysis is to first show how individual threats effect the EU as a whole, and second, to apply EU-level tools and capabilities to mitigate or alleviate them.

Finally, some member states may be reluctant to label certain non-EU states as a ‘threat’ for economic and political reasons. As the earlier analysis highlighted, only a few states seem willing to publicly label China, Russia or other states as threats. The fear is that labelling an adversary a threat could result in a deterioration of economic relations and damage inward investment.

Data: Various, 2010-2020

To conclude, in the coming months and years the EU will conduct a threat analysis and Strategic Compass to refine the politico-strategic guidance necessary for the operationalisation of the three pillars of the EU’s level of ambition in security and defence. There will be a number of political obstacles during the 2-year Compass exercise, but if it is to bring greater coherence to EU security and defence policy then an inclusive process is needed. The last similar strategic exercise of this nature – the EU Global Strategy – was not, it should be recalled, officially endorsed by member state governments, even though governments have in many respects retrospectively validated the strategy by agreeing to the subsequent initiatives on security and defence.²¹ Political buy-in for the Strategic Compass is a necessary precondition if there is to be any hope that member states will remain committed to the process and implement the final conclusions. What is more, there is no guarantee that the Strategic Compass will lead to a common threat perception or indeed a strategic culture, although it could chart a route towards a better understanding of what type of security and defence actor the EU should be.

References

1  The inspiration for this question follows a conversation the author had with a colleague from the Spanish EU Permanent Representation on a cold night in Helsinki.
2  République Française, Defence and National Security Strategic Review, 2017, p. 56,  https://www.defense.gouv.fr/layout/set/popup/content/download/520198/8733095/version/2/file/DEFENCE+AND+NATIONAL+SECURITY+STRATEGIC+REVIEW+2017.pdf. 3
3  Council of the EU, ‘Council conclusions on security and defence in the context of the EU Global Strategy’, 10048/19, Luxembourg, June 17, 2019, p. 3, https://www.consilium.europa.eu/media/39786/st10048-en19.pdf. 
4  ‘Shared vision, common action: a stronger Europe – A Global Strategy for the European Union’s foreign and security policy’, June 2016, p. 45, https://eeas.europa.eu/sites/eeas/files/eugs_review_web_0.pdf. 
5  Council of the EU, ‘Informal meeting of defence ministers, 4-5 March 2020’, https://www.consilium.europa.eu/en/meetings/fac/2020/03/04-05/.
6   Council of the EU, ‘Council conclusions on implementing the EU Global Strategy in the area of security and defence’, 14149/16, Brussels, November 14, 2016.
7   The European External Action Service (EEAS) published a scoping paper on the ‘Strategic Compass’ on 16 January 2020 outlining the main lines of departure and questions. A second, more refined, paper was published on 21 February 2020 with further details on the ‘threat analysis’ providing a starting point for the ‘Strategic Compass’.
8   This Brief draws on the most up-to-date national security strategies, as these documents provide the most comprehensive description of threats and are the culmination of a wider national consultation and debate. In total, the Brief analysed 18 national security strategies, but if one of these was not readily accessible, it turned to seven defence strategies, defence white papers or national threat assessments. National strategies for Cyprus and Malta were unavailable. Finally, to verify the conclusions of the 18 national security strategies, the data was cross-referenced with national defence strategies. In total, 42 separate national strategic documents were analysed.
9   Jack S. Levy and William R. Thompson, ‘Hegemonic threats and great-power balancing in Europe, 1495-1999’, Security Studies, vol. 14, no 1 (2005), p. 3.
10   See Barry Buzan, Ole Waever and Jaap de Wilde, Security: A New Framework for Analysis (Boulder/London: Lynne Rienner Publishers, 1998).
11  Except for the national security strategies of Bulgaria, Hungary, Portugal and Slovakia, all strategies had already been translated into English by the member states. To analyse the Bulgarian, Hungarian, Portuguese and Slovak strategies a web-based translation service was utilised.
12  Another drawback is using the term ‘hybrid threats’, which more often than not appears as a threat in national strategies.
13  European Parliament, ‘Hearing with High Representative/Vice President-designate Josep Borrell’, press release, October 7, 2019, https://www.europarl.europa.eu/news/en/press-room/20190926IPR62260/hearing-with-high-representative-vice-president-designate-josep-borrell.
14  Council of the EU, ‘Preliminary remarks by Josep Borrell following the informal meeting of EU defence ministers’, Zagreb, March 5, 2020, https://newsroom.consilium.europa.eu/events/20200304-informal-meeting-of-defence-ministers-march-2020/127165-1-press-conference-part-1-20200305. 
15  Council of the EU, ‘Military advice on EEAS Food for Thought paper on Article 44 TEU’, 7032/15, Brussels, March 9, 2015 and Council of the EU, ‘Legal Service contribution on the conditions and modalities of recourse to Article 44 TEU’, 5225/15, Brussels, January 13, 2015, p. 16.
16  Claudia Major and Christian Mölling, ‘The EU’s Military Legacy: Over-Institutionalised, Under-Equipped and Strategically Divided’, in D. Fiott (ed.), The CSDP in 2020: The EU’s Legacy and Ambition in Security and Defence (Paris: EU Institute for Security Studies, 2020), p. 43.
17  Daniel Fiott, ‘Digitalising Defence: Protecting Europe in the age of Quantum Computing and the Cloud’, EUISS Brief, no. 4, March 2020, https://www.iss.europa.eu/content/digitalising-defence. 
18  Council of the EU, ‘Council decision on the arrangements for the implementation by the Union of the solidarity clause’, Council Decision 2014/415/EU, June 24, 2014, https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014D0415&from=EN. 
19  There is already a mandate for such scenario testing. See Council of the EU, ‘Council conclusions on security and defence in the context of the EU Global Strategy’, Luxembourg, 10048/19, June 17, 2019. The recent letter by the so-called ‘PESCO4’ also calls for Article 42.7 exercises that ‘cover all possible worst-case scenarios of crisis’. See ‘Lettre des ministres de la défense française, allemande, espagnole et italien, le 29 mai 2020’, May 29, 2020, p. 2, https://www.defense.gouv.fr/salle-de-presse/communiques/communique_lettre-des-ministres-de-la-defense-francaise-allemande-espagnole-et-italien-le-29-mai-2020.
20  Not even the US intelligence community ranks threats when it conducts its threat assessments. Despite the fact that the US intelligence community opts for an adversary-driven assessment, it specifically avoids a ranking of threats. See: Daniel R. Coats, ‘Worldwide Threat Assessment of the US Intelligence Community’, January 29, 2019, p. 2, https://www.dni.gov/files/ODNI/documents/2019-ATA-SFR–SSCI.pdf.
21   Only seven of the 15 national strategies released after 2016 reference the EU Global Strategy.