May 18, 2023

A Second Front: EU-Ukraine Cooperation in the Internal Security Domain
Police cadets attending their graduation on 12 April 2023, in Kyiv.
Police cadets attending their graduation on 12 April 2023, in Kyiv.

A rising need to protect Ukrainian war refugees against organised crime networks, investigation of war crimes, combatting human trafficking and firearms smuggling, and enforcement of sanctions are the main concerns and cooperation priorities between the EU and Ukraine in the internal security domain.

Russia’s full-scale conventional invasion of Ukraine marks the second wave of contemporary strategic warning for the European Union since the Balkan wars of the 1990s. The subsequent spread of international terrorism, as well as the interdependence of internal and external challenges, forced the EU to adopt its first-ever European Security Strategy (ESS).

With this, the EU began to define itself as a security actor with global responsibilities and called for a proactive strategic culture in Europe that could foster early, rapid, and – when necessary – robust intervention.

The ESS formulated an ambition that the EU was tasked to accept as a bold vision but has not achieved so far in terms of hard security capabilities. However, when Russia started its war of aggression against Ukraine, it met a different, much more united, and decisive European Union than it had expected. What the Kremlin certainly did not expect was that already in June 2022, the European Council would grant Ukraine candidate status for EU membership. The European Union thus assumed a political obligation and a moral responsibility to protect the sovereignty and territorial integrity of Ukraine.


Together with the US, the EU has imposed ten historic sanctions packages (as of April 2023). According to the European Council’s data, the EU has frozen 321.5 billion euros worth of Russian state and private assets and cut bilateral trade flows by approximately 150 billion US dollars, banning oil imports by price cap, sanctioning transportation and exports of technology, machinery, and electronics.

As for individual sanctions after the annexation of Crimea, the EU has so far sanctioned 207 entities and 1 473 persons – including Vladimir Putin and Sergey Lavrov – by imposing travel bans and freezing assets. Strangely late, on 13 April 2023, the Council finally decided to add the Wagner Group and RIA FAN (part of the Patriot Media Group also headed by Yevgeniy Prigozhin) to the sanctions list.

There is also a SWIFT ban imposed on ten Russian and four Belarusian banks, and the broadcasting licenses of several outlets, such as Sputnik and RT (formerly Russia Today), have been suspended. Sanctioning media channels proven to be controlled by Russia’s authorities is in line with European law, which prohibits war propaganda and the justification of violence, thus protecting the values of freedom and security of information space in the European Union. I will explain this further below.

Alarms in the Information Domain

Based on the EU vs Disinfo database, I identified 236 different communication platforms in active use that spread anti-Ukraine false narratives, disinformation, and war-preparations propaganda during the six-month escalation period from 1 September 2021 to 22 February 2022. A year into the full-scale aggression, NewsGuard has identified over 350 hostile sites, including 182 English, 51 French, 39 German, and 35 Italian language platforms. Many facts testify to the escalation of information warfare by the Russian Federation, including systematic influence activities in the information space of Western Europe.

In order to prepare and support hostile information operations, the special services of the Russian Federation and their affiliates organised several different types of cyber operations against Ukraine. The main targets were the websites, information systems, and databases of government agencies (mainly defence agencies), critical infrastructure (including government communications, banking, and energy systems), and large media companies. To facilitate the desired strategic result, the websites of Ukrainian local governments were also compromised, with false information about Kyiv having already fallen and signed a truce with Moscow posted at the beginning of the invasion.

Tricks to Learn From

A noticeable amount of newer malware – such as WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper, and Double-Zero – was used. It had been planted in the government’s information systems (and remained “on standby”) several months before the conventional attack started. If the initially planned effect had not been achieved, some follow-up cyberattack would be carried out. In order to better cover their cyber “signature,” Russians also cooperated with hacker groups with a Belarusian background.

Importantly, a cyberattack against the Viasat KA-SAT system (Viasat Outage) on 24 February 2022 caused a large-scale communications blackout on the first day of the invasion. Contracted to provide internet service to the Ukrainian military and police units, Viasat was unable to fully restore the system’s operation for three weeks. That large-scale cyberattack affected tens of thousands of satellite modems throughout Europe, including the wind turbines of the German energy company Enercon – just one example of interdependence vulnerability in the cyber domain.

As a conclusive lesson, during the first phase of the invasion, Russia managed to sow some confusion among the EU member states and disrupt or, to a lesser extent, slow down the collective decision-making processes, but not for too long and to the extent planned. By now, the Kremlin has been forced to switch from the initial blitzkrieg tactics to a longer war of attrition strategy due to Ukraine’s resistance. The same can be observed in the information space, where the centre of gravity of influencing activities has shifted more towards controlling the information field of Russia’s internal audience and fostering an anti-Western coalition among the swing countries in the Middle East, Asia, Africa, and Latin America.

Ukrainian refugees living at a refugee centre in Nadarzyn, near Warsaw, on 14 February 2023. AP/Scanpix

Protecting Ukrainian War Refugees

Russia’s military aggression and large-scale violence against the civilian population have caused an extensive humanitarian crisis and sent a huge wave of refugees fleeing from Ukraine. By today, approximately 4 million people have temporary protection status in the EU. According to the European Migration Network data, most refugees have settled in Germany (25.3%), Poland (25.1%), and the Czech Republic (11.3%). The ratio of war refugees per 1 000 inhabitants (as of 2022) is the highest in Ireland (0.9), Estonia (0.9), and Poland (0.8).

In addition to other worries, the status of many refugees from Ukraine is undefined. According to European Union Agency for Law Enforcement Cooperation (Europol), many opportunistic criminal networks exploit them for human and weapons trafficking, money laundering, terrorist activities, and war crimes. The European Border and Coast Guard Agency (Frontex) focuses on tackling crossborder organised crime, especially human trafficking and firearms smuggling.

In January 2023, Frontex and the State Border Guard Service of Ukraine signed a 12-million-euro grant agreement to supply professional equipment. In addition to regular coordination with the EU Advisory Mission Ukraine and the EU Border Assistance Mission to Moldova and Ukraine, the Frontex exchanges situational information with the UNHCR and the IOM and shares its reports with INTERPOL. Early warning, timely information exchange, and intelligence sharing between the EU and Ukraine are the key to disrupting transnational organised crime.

On 7 March 2022, nine EU Agencies cooperating within the Justice and Home Affairs Agencies’ Network (JHAAN) issued a Joint Statement declaring the commitment to provide assistance to Ukraine. From the main operational agencies, the European Union Agency for Criminal Justice Cooperation (Eurojust) is focused on core international and war crimes committed in Ukraine and the enforcement of EU financial sanctions on Russian and Belarussian entities.

War Crimes

Eurojust supports the deployment of an International Centre for the Prosecution of the Crime of Aggression (ICPA), whose main purpose is to enhance investigations by securing evidence and facilitating case-building for the Joint Investigation Teams (JIT) on Ukraine. Eurojust is also a member of the Freeze & Seize Task Force established by the European Commission to ensure coordination of member states’ activities in enforcing EU sanctions and to explore other legal measures.

Europol engages with Ukrainian law enforcement through the Ukrainian Liaison Officer stationed at the agency’s headquarters. There are three main operational lines with Ukraine: investigation of war crimes, the enforcement of EU sanctions, and combating cybercrime, extremism, and human trafficking. Investigations of war crimes in Ukraine are supported by the Analysis Project Core International Crimes (AP CIC). Also, an Operational Taskforce of OSINT experts was established to support those investigations. Europol reports that more than 7 000 photos and video footage have been taken, more than 540 witness statements collected, and more than 150 suspects identified. To enforce the EU sanctions, the Operation OSCAR – to crosscheck sanctions lists against operational data between 41 participating countries – has been launched.

It is important that Western countries do not let ‘war fatigue’ take over their political decisiveness and continue to support Ukraine to the maximum extent possible. The results of the war in Ukraine can lead to two main development paths for the EU: either a more unified and decisive strategic self-definition than ever before or a bitter acceptance that Europe’s security interests cannot be sufficiently guaranteed.


The imposition of sanctions has revealed a greater dependence on Russia than we might have expected. Despite this, it is necessary to move forward with a well-targeted sanctions policy and to allocate significant additional funds to their effective enforcement.

Furthermore, learning from Ukraine’s experience, the EU must pay more attention to protecting its information and cyberspace, as well as other critical infrastructure, and continue providing cooperative assistance to Ukraine in these areas on a larger scale.

As identified, a rising need to protect Ukrainian war refugees against organised crime networks, investigation of war crimes, enforcement of sanctions, and combatting human trafficking and firearms smuggling are the main concerns and cooperation priorities between the EU and Ukraine in the internal security domain. The “Second Front” of law-and-order cooperation must intensify so that Ukraine wins and joins the European Union – sooner rather than later.

Views expressed in ICDS publications are those of the author(s). This article was written for the Lennart Meri Conference 2023 special edition of the ICDS Diplomaatia magazine.

Filed under: CommentaryTagged with: , , ,