Skip to main content
Geopolitics & DefenseNational Security

Europe's Drone Defense Gap Exposes Critical Infrastructure Risks

Drone flies over a power plant or industrial area, highlighting security risks.

"Rules of engagement are the primary issue. There is no ownership of responsibility." — one industry stakeholder

That blunt verdict sits at the centre of new primary research showing Europe’s drone problem is, above all, a governance problem. The hardware to disrupt or destroy critical infrastructure exists; what the continent largely lacks is the legal authority, jurisdictional clarity and political will to deploy it where and when it matters.

Research basis: who spoke and what was examined

The conclusion comes from a strategic intelligence briefing by Challenger Research in partnership with policy consultancy TWA. The work drew on 23 stakeholder interviews across politicians, defence experts, strategic advisors and critical infrastructure professionals in Britain and Europe, and paired those interviews with regulatory analysis of Britain, Poland, Germany and Italy. The findings were described as consistent across every jurisdiction examined: legal authority and jurisdictional fragmentation are fundamental constraints on effective counter‑UAS response.

Legal fragmentation in Britain, Germany, Italy and Poland

The briefing documents a patchwork of rules across Europe. In Britain, the Civil Aviation Authority regulates civil UASs, police hold operational authority under the Air Traffic Management and Unmanned Aircraft Act 2021, and the Ministry of Defence’s jurisdiction is largely confined to its own estate. Electronic countermeasures in Britain require senior‑level authorisation as well as approval from telecommunications regulators. Germany opened a Joint Drone Defence Centre in December 2025, but command remains civilian and proposed reforms to allow armed‑forces involvement are politically contested. Italy faces additional constraints under international law in offshore environments. Poland stands apart: it has adopted an effects‑based jurisdiction model under Operation SAN that empowers police, border guard and armed forces simultaneously and treats ambiguity as a threat rather than a reason to pause.

Operational reality at airports, ports and other critical infrastructure

The scale of the problem is accelerating: drone‑related disruptions at European airports more than tripled between January 2024 and November 2025. The research found that the interval between detection and disruption at an airport is less than five minutes, yet few airports hold the legal authority to act on what they have detected. Runway closures, as seen in Copenhagen and Oslo last year, are enormously costly in flight cancellations. Across ports, energy networks and data infrastructure, operators can detect hostile unmanned aerial systems but are legally barred from taking active countermeasures. The available counter‑UAS hardware cannot be lawfully deployed fast enough to matter in the few minutes between identification and response.

Cross‑border movement, strategic value and real incidents

Drones can transit multiple countries before reaching their targets, which creates a collective exposure defined by the least prepared member. The briefing recounts a concrete cross‑border episode: fifteen drones observed above a Belgian military site in 2025 flew directly into Germany and were tracked by police across the border. The report frames the drone’s strategic value as less about physical payload than about sowing confusion, eroding public confidence and forcing expensive defensive reactions from a cheaper offensive position. The authors warn that "Russia only needs success in one EU country to land a blow felt across the entire bloc." Several respondents raised the prospect of a mass‑casualty attack carried out by a UAS whose operator is more than 1,000 km from the strike zone — a strike that could bring down an aircraft on approach, hit a high‑visibility target, or detonate inside critical infrastructure while the aggressor is already beyond reach.

What this means for policymakers, critical infrastructure operators, and security forces

  • Policymakers and regulators: Politicians were clustered at the low end of both awareness and concern in the research, while defence industry professionals registered the highest scores on both axes. Electronic countermeasures need senior authorisation and telecom regulator approval, complicating swift response.
  • Critical infrastructure operators (airports, ports, energy and data): Operators can detect hostile UAS activity but are often legally barred from taking active countermeasures; airports face a detection‑to‑disruption window of under five minutes and high operational and financial costs when runways must close.
  • Security forces (police, border guard and armed forces): Poland’s Operation SAN demonstrates an effects‑based model that empowers multiple agencies simultaneously; by contrast, the research captures views that Britain has had "essentially no adequate air defence for 20 years" and that, outside a small specialist circle, "no one is thinking about this." Those with operational knowledge are often the least able to move policy, while those with power to act remain largely unaware of urgency.

The briefing makes a structural case for a binding European framework: one that harmonises neutralisation thresholds, assigns unambiguous jurisdictional authority, and brings civil aviation and critical national infrastructure into a common legal architecture. The data and instruments exist; the question the authors leave is stark: will Europe build its governance framework in advance of a crisis, or because of one?

https://www.aspistrategist.org.au/who-has-authority-to-deal-with-drones-in-most-of-europe-thats-unclear/