A Chinese-Flagged Ship Cut Baltic Sea Internet Cables. This Time, Europe Was More Prepared.

“If I had a nickel for every time a Chinese ship was dragging its anchor on the bottom of the Baltic Sea in the vicinity of important cables,” Lithuanian Foreign Minister Gabrielius Landsbergis posted on X (formerly Twitter) on November 20, “I would have two nickels, which isn’t much, but it’s weird that it happened twice.” The first instance was in October 2023, when the anchor of a Hong Kong–flagged, Chinese-registered vessel named NewNew Polar Bear damaged two subsea data cables and a gas pipeline in the Baltic Sea. The second incident occurred just over two weeks ago, when two subsea communications cables connecting Germany and Finland and Lithuania and Sweden, respectively, were allegedly severed by the Yi Peng 3, a Chinese cargo ship.

These are just two examples of a complex security challenge that Europe is learning to navigate. Over the past couple years, suspicious Russian activity near critical underwater infrastructure in NATO’s Northeast has alarmed European lawmakers regarding the security of their subsea data cables, which are vital for European internet connectivity and societal functioning. In response, NATO, the EU, and individual European governments have introduced a plethora of initiatives aimed at increasing know-how, capabilities, and awareness to secure these cables. Where in the past there were no contingency plans for sabotage, there are now more maritime patrols, an attempt to forge deeper intelligence connections, and the beginnings of a new relationship with the private sector.

Yet many of these efforts remain in their infancy. For decades, policymakers in Europe were intent on sheltering global assets, including telecommunications infrastructure, from securitization. Of the hundreds of disruptions to cables that occur each year, the vast majority are caused by accidental human activity, like fishing, or natural events, like earthquakes. Europe benefits from its many existing redundancies to protect against instances of cable damage—whether intentional or not. Although some internet traffic had to be rerouted because of the November cable breakages, there were no reports of widespread connectivity outages in Germany, Finland, Lithuania, or Sweden.

Nevertheless, Europe’s islands are more vulnerable to attacks against their limited number of subsea cables. And adversaries can use cable sabotage—causing delays or temporary loss in connectivity—as a low-cost way of unnerving societies below the threshold of a complete outage. Such events undermine the targets’ sense of security and allow the perpetrator to prepare for a broader attack. Even a modest disruption in internet connectivity that would be a minor nuisance to the general public could have drastic consequences for European and global financial markets, which rely on rapid information flows to optimally perform. Europeans have begun to recognize that damage to subsea data cables in their immediate vicinity could be part of a broader toolkit of hybrid aggression directed against them, in which single events do not amount to acts of war and attribution can be remarkably difficult.

European governments and militaries have placed their initial focus on Russia, given both the context of the war in Ukraine and a series of recent incidents linked back to the Kremlin. Russia has carried out underwater military exercises at depths below 6,000 meters, is “actively mapping” the critical undersea infrastructure of NATO members, and is increasing its activity over and around cables in the Baltic Sea. On multiple occasions, Russian vessels have also been known to be sailing near damaged European subsea data cables at the time of breakages. Several Western officials believe Russian intelligence agencies, not the Chinese government, were responsible for the damage from the most recent Baltic Sea cable cuts.

Lawmakers also worry about the possibility that both subsea cables themselves and the landing stations they connect to could be tapped by malign actors for espionage purposes. Officials in the United States and Europe have expressed concern over subsea data cables built and operated by China’s Huawei Marine Networks (HMN) Tech, citing cybersecurity and espionage risks.  The United States has pushed particularly hard to persuade third countries, including its European allies, to avoid installing cables owned by Chinese companies. Europeans have not always shared this risk assessment, highlighted by the installation of the Pakistan and East Africa Connecting Europe Cable, a 25,000-kilometer project operated by HMN Tech that connects Singapore to Marseilles, France, that became fully operational in December 2022. But China’s increasingly blatant support for Russia’s war and the involvement of Chinese-flagged vessels in the two Baltic Sea cable-cutting incidents, has led Europe to begin to consider China as a threat to European security, including its subsea cables.

Transatlantic cooperation on this issue is complicated by fierce competition between U.S. and European cable installation companies, as demand for new systems continues to skyrocket. This increase is largely driven by U.S.-based hyperscalers—large-scale cloud providers such as Google and Meta—not telecommunications firms, and Europe lacks a peer competitor to these tech giants. Yet both European and U.S. policymakers have an interest in their allies’ industry leaders succeeding in this space and should consider the establishment of joint venture and technology sharing agreements among U.S. and European cable firms.

Even before the October 2023 incident, NATO, the EU, and certain European governments began to increase their efforts to boost subsea cable resilience and security. In February 2023, NATO stood up a new Critical Undersea Infrastructure Coordination Cell in Brussels to convene stakeholders and enhance coordination between the public and private sectors. In July 2023, NATO allies at the Vilnius Summit established a Maritime Center for the Security of Critical Undersea Infrastructure as part of the alliance’s Maritime Command in Northwood, UK. In October 2023, after the first incident, NATO defense ministers endorsed a new Digital Ocean Vision, an initiative aimed at improving undersea surveillance. And in February 2024, the European Commission released its first “Recommendation on Secure and Resilient Submarine Cable Infrastructures,” encouraging member states to conduct regular stress tests, improve information sharing amongst themselves, and improve cable maintenance and repair capabilities.

Late last month at a summit of Nordic and Baltic leaders in Sweden, Polish Prime Minister Donald Tusk proposed a joint naval policing program among Baltic Sea countries to protect their undersea infrastructure against external security threats. This program would run parallel to a Baltic air policing mission already in place. But these states well know that any protective measures must be closely intertwined with deterrence—no military patrolling can cover all undersea infrastructure.

Some observers say that the most recent cable-cutting incident is proof that Europe’s efforts have failed. But differences in responses to the two incidents demonstrate the new seriousness with which these issues are being considered throughout Europe. In 2023, the NewNew Polar Bear continued sailing after damaging two subsea cables and a gas pipeline. The vessel ignored requests from Finnish and Estonian authorities to halt its voyage and returned to port in Tianjin, China. As of publication, Estonian authorities are still waiting on their Chinese counterparts to complete necessary procedures for Estonia to end its criminal investigation into the incident.

In contrast, the Yi Peng 3 currently remains in international waters in the Kattegat, with naval and coast guard vessels from Denmark, Germany, and Sweden circling close by. Under international maritime law, these countries’ authorities are not allowed to board the Yi Peng 3 unless given consent by its flag state—in this case, China. The one exception is from the 1884 Convention on Submarine Cables, in which authorities from signatories’ warships are allowed to board vessels suspected of damaging subsea cables to determine the crew’s nationalities. The situation and legality for authorities to board the ship to further investigate would be different if the vessel were in Swedish or Danish territorial waters, which is likely why Swedish Prime Minister Ulf Kristersson has requested the Yi Peng 3 return closer to Sweden.

Current provisions of international law are neither formulated to adequately protect subsea data cables from sabotage nor hold perpetrators accountable. This reality should lead the EU, as a body inherently focused on the resilience of international legal regimes, to push for updates that are better suited for the current geopolitical reality. In doing so, European governments should make sure that they are better aligning their legal and regulatory instruments regarding subsea cable protection, pushing for greater standardization in this area of fragmented regulatory regimes. Lawmakers should also explore ways to increase penalties for subsea cable damage, in part to deter acts of sabotage in the first place.

Looking ahead, Europeans must improve their information-sharing mechanisms and public-private stakeholder exchanges to obtain a clearer picture of their underwater vulnerabilities. They should invest in new undersea infrastructure protection technology and cable repair capacities to better the physical security of their cables. They should strategically allocate resources to support Europe’s market leaders in subsea cable installation. Finally, they should pursue creative initiatives with partner countries to ensure the data flowing through their cables is secure and deepen global partnerships with countries that lack cable redundancies or sufficient repair capacities. A forthcoming Carnegie Endowment report will detail more in-depth recommendations on how Europe can both protect itself against future subsea cable damage and help expand trusted networks around the world.