2026: Three cyber risks Europe should have on its radar 

1. Digital sovereignty under pressure

The new US national security strategy describes Europe as a “continent in decline” and portrays the European Union as a problem case with restrictions on freedom of expression and democratic deficits. At the same time, European digital laws such as the Digital Services Act and the Digital Markets Act (DMA) are openly framed as interference in American business models.

US Commerce Secretary Howard Lutnick accuses Brussels of using the Digital Services Act to “suppress free speech and American technology companies.” And US Secretary of State Marco Rubio described the €120 million fine against Elon Musk's social media platform X as “an attack on all American technology platforms and the American people by foreign governments” – coupled with a fighting statement: “The days of Americans being censored on the internet are over.”

This rhetoric comes at a time when key European services – from cloud and SaaS to communication platforms – are heavily dominated by US providers.

It is therefore to be expected that digital dependencies will become more politicized in 2026: through price increases, more restrictive contract terms, trade policy measures, or targeted restrictions on individual services. Lutnick had already stated that Europe should reconsider its regulations for large US tech companies if it wants to achieve lower US tariffs on its steel and aluminum exports. The risk that the US could use its technological dominance as political and economic leverage will increase dramatically once again. Microsoft has already announced price increases of between 5 and 33 percent, depending on the subscription, which are to take effect in July 2026.

It is therefore clear that the more one-sidedly administrations, KRITIS operators, and companies rely on a few non-European platforms, the more serious the consequences will be in terms of risks to technological availability, business capability, and the organization as a whole.

2. Elections as a target for geopolitical influence

In the past, elections in Europe have been the target of cyberattacks, disinformation campaigns, and leaks – often with a suspected Russian background. DDoS campaigns surrounding the Austrian National Council election and the 2024 European elections have shown how much criminal or state-sponsored actors focus on party and government websites during these times.

The new US security strategy exacerbates the situation because it explicitly announces its intention to “cultivate” ‘resistance’ against the current course of European governments and views the rise of “patriotic parties” as a promising signal. At the same time, US politicians and Elon Musk are stylizing the DSA penalty against X as evidence of an allegedly censorship-happy EU – a narrative that is readily taken up and reinforced by voices such as Russian Putin hardliner Dmitry Medvedev.

It is therefore likely that in 2026, national elections in the EU will be even more heavily influenced from outside, especially via social media, in addition to the expected cyberattacks. After all, algorithms determine what people see on social media. If the power over these algorithms lies in a country that wants to cultivate resistance to the current course of European governments, it is likely that parties particularly critical of the EU will benefit from this. The risk posed by coordinated disinformation campaigns on platforms such as X, algorithmically enhanced support, and classic cyber operations against parties, media, and election infrastructure is high. Whether this influence actually tips election results depends on many factors. One thing is certain, however: the digital resilience of governments, media companies, and EU citizens will be put to the test in 2026.

3. New AI attack vectors

AI-powered tools are increasingly finding their way into operational and development environments—in the browser context, now directly on the desktops of administrators and developers. Agentic AI systems operate semi- or fully autonomously and often obtain extensive access rights to internal tools, data sources, and APIs via protocols such as the Model Context Protocol (MCP). This creates a new, largely unregulated attack surface that many are not even aware of yet:

• Indirect prompt injection can cause agents to execute hidden instructions from web content and exfiltrate data or trigger unwanted actions.

• AI browser extensions and sidebars can act as “shadow AI,” consolidating sensitive information from different web applications and processing it outside of traditional security controls.

• MCP integrations pose the threat of overprivileged agents moving laterally through systems due to misconfiguration or compromised credentials.

It is therefore more than likely that specific exploits for these attack vectors will increase in the coming year – from prepared websites and malicious documents to manipulated artifacts in the software supply chain. The severity of the consequences will depend on whether companies consider AI agents as a new critical component: with clear authorization limits, monitoring, and realistic threat analysis.

Conclusion

Regardless of the calendar year, European IT security depends on three factors: political will, targeted investments, and a security culture that takes digital dependencies and new attack surfaces seriously. Those who now promote their own sovereignty, harden critical IT infrastructures, and introduce AI agents in a controlled manner are not only deciding on the technical resilience of their systems, but also on how confidently Europe can act in the digital space.