The disruption began just after nightfall. On 22 September 2025, Copenhagen Airport's air traffic controllers spotted two large drones hovering near approach corridors. Within minutes, Denmark's busiest aviation hub went dark—runways closed, departures halted, thousands of passengers stranded. The shutdown lasted nearly four hours. Over the following days, the pattern repeated: Aalborg Airport, a dual-use facility hosting F-35 fighters, closed repeatedly; drones appeared over Esbjerg, Sønderborg, and Skrydstrup air base. Across the Kattegat, Oslo Airport suspended operations for three hours after its own sighting. Within a week, Denmark had imposed a nationwide ban on civilian drone flights, raised its threat level, and convened emergency consultations with Germany, France, and Sweden. What officials initially treated as isolated security incidents quickly crystallized into something far more unsettling: a coordinated surge of unauthorized airspace incursions that would, over the next two months, ripple across at least a dozen European countries, exposing systemic gaps in the continent's ability to protect critical infrastructure from small, cheap, and legally ambiguous threats.
Unlock this in-depth audio analysis. This content is reserved for Front Line Members.
By early November, the focus had shifted west. Belgium recorded ten airport-linked drone incidents in eight days, forcing temporary closures at Brussels Zaventem and the Liège cargo hub—disrupting tens of thousands of passengers and prompting urgent requests for allied counter-drone assistance. Germany's air navigation authority reported 192 drone-related air traffic disruptions for 2025, up from 141 the previous year; Munich Airport alone suspended operations twice within 24 hours in early October. The Netherlands saw repeated incursions over Volkel Air Base, home to both Dutch F-35s and U.S. Air Force assets under NATO; weapons were deployed but failed to bring the drones down. Poland, Lithuania, Romania, and Estonia reported cross-border violations, some involving drones carrying explosives or decoy payloads. France opened an investigation after unidentified platforms overflew a tank regiment base that had trained Ukrainian soldiers.
The incidents share operational hallmarks: concentration around strategically sensitive nodes—airports, air bases, logistics hubs, energy facilities—and timing designed to maximize disruption while minimizing detection. Many occur at night or in low visibility; some platforms switched lights on and off as they approached, suggesting deliberate signaling. Yet attribution remains contested. Officials in Belgium, Germany, Lithuania, and Poland have publicly assessed links to Russian hybrid warfare operations, framing the incursions as reconnaissance probes designed to map defenses, test response times, and normalize sovereignty violations below thresholds that would trigger Article 5. The Kremlin denies involvement. Hard public evidence varies sharply by case: Poland's September incidents yielded physical remnants and suspect detentions; Oslo's sighting could not be confirmed after investigation. What remains indisputable is the pattern itself—a rapid, geographically dispersed escalation that has forced European governments and NATO to confront an uncomfortable question: if Europe cannot reliably detect, identify, and interdict small drones over its most sensitive facilities, what does that reveal about the continent's broader readiness to defend critical infrastructure in an era of hybrid conflict?
The surge: Mapping two months of incursions across northern and eastern Europe
Between September and November 2025, unauthorized drone activity over European airports and military installations increased at a pace that outstripped both detection infrastructure and regulatory frameworks. Euronews' fact-checking unit documented that drone-related disruptions at European airports quadrupled between January 2024 and November 2025, with a pronounced spike beginning in September 2025. Germany's DFS air navigation agency recorded a clear upward trend: 172 drone-related air traffic disruptions between January and the end of September 2025, reaching 192 by year's end compared to 141 in 2024. Belgium experienced the most concentrated cluster—ten incidents within eight days in early November. The temporal pattern is striking: the majority of documented cases occurred during hours of darkness or reduced visibility, and nearly all targeted dual-use or overtly military infrastructure alongside civilian aviation nodes.
Geographically, the incidents cluster in northern and eastern Europe but span a broad arc. Scandinavia saw the initial wave: Denmark reported incursions over Copenhagen, Aalborg, Esbjerg, Sønderborg, and Skrydstrup air base between 22 and 26 September; Norway's Oslo Airport closed for three hours on 23 September. Germany followed in early October, with Munich Airport suspending operations twice within 24 hours and confidential reports—cited in local media—suggesting wider activity across German airports and installations throughout the month. Belgium's November surge included sightings near Brussels, Liège, and Kleine-Brogel air base, which hosts U.S. nuclear-capable assets. The Netherlands reported repeated incursions over Volkel Air Base and near Eindhoven in late November. Further east, Poland documented between 19 and 23 Russian drone violations of its airspace on 9 September, with up to four confirmed shot down by allied forces and subsequent sightings over government buildings in Warsaw leading to the detention of two Belarusian citizens; Lithuania reported cross-border drones, including an explosives-laden platform discovered on a training ground in July; Romania logged incursions on 8 and 13 September; Estonia reported a 12-minute airspace violation by Russian MiG-31 jets on 19 September, part of a broader pattern that mixed manned and unmanned intrusions. France opened an investigation after drones overflew the Mourmelon-le-Grand base on 22 September.
The operational signature suggests intent beyond hobbyist error. Platforms often loitered near approach corridors or installation perimeters—zones where civilian radar coverage is weakest and where operational risk thresholds favor conservative responses. Danish police noted that some drones switched lights on and off as they neared facilities, behavior inconsistent with navigation error or equipment malfunction. Several incidents occurred on consecutive nights at the same location, indicating persistent surveillance rather than one-off flights. The choice of targets—airports that double as logistics hubs, air bases with NATO roles, and defense industry sites—points toward intelligence collection, stress-testing of response protocols, or deliberate economic disruption through flight cancellations and airspace closures.
Copenhagen to Volkel: Inside the most significant incidents
The Danish-Norwegian wave of 22–26 September offers the clearest window into how these incidents unfold and cascade. Copenhagen Airport's nearly four-hour closure on 22 September disrupted thousands of passengers and triggered an immediate national-level response. Over the following days, Aalborg—a dual-use facility hosting F-16s and preparing for F-35 deployments—closed repeatedly; drones were sighted over Skrydstrup air base, home to Denmark's frontline fighter squadrons. Danish authorities labeled the incidents a "hybrid attack" and considered invoking NATO Article 4 consultations, ultimately opting for heightened national measures and bilateral allied support instead. Denmark imposed a temporary nationwide ban on civilian drone flights during an EU summit scheduled for 29 September–3 October, seeking to reduce signal clutter that might mask hostile activity. Germany, France, Sweden, and Ukraine provided counter-drone systems and specialist personnel; NATO increased its Baltic Sea presence and vigilance during the summit period. The Danish government raised its national alert level and committed to expanding permanent anti-drone capabilities, a process that remains ongoing.
Germany's Munich Airport incidents on 2–3 October demonstrated how quickly disruptions can compound. Two suspensions within 24 hours forced the diversion or cancellation of dozens of flights, affecting thousands of passengers and revealing the cascading vulnerabilities in tightly scheduled hub operations. Authorities deployed laser-based detection systems in the immediate aftermath. A confidential report cited by German media suggested that Munich was part of a wider pattern across German airports and installations during October, though details remain classified. The German government responded with draft legislation to authorize police to interdict or shoot down threatening drones and announced the establishment of a federal drone defense center, targeted for operational launch in December 2025. Northern German states announced additional defensive measures around airports, signaling recognition that the threat extended well beyond Bavaria.
Belgium's early November cluster was both intense and politically sensitive. Multiple sightings near airports and military installations—including Kleine-Brogel air base, which hosts U.S. assets under NATO nuclear-sharing arrangements—triggered temporary closures at Brussels Zaventem and Liège cargo hub, disrupting tens of thousands of passengers. Belgium's Defense Minister Theo Francken characterized some activity as resembling "a spying operation" beyond amateur capability, though Belgian intelligence services publicly acknowledged they lacked hard proof of attribution. Officials noted that the timing coincided with European Union discussions over using frozen Russian assets held by Euroclear—headquartered in Brussels—to support Ukraine, raising the possibility of signaling or pressure tactics. Belgium urgently sought allied counter-drone assistance; Germany provided systems and the United Kingdom deployed Royal Air Force specialists and equipment. Civilian airlines updated contingency plans and passenger-handling protocols in response, institutionalizing the assumption that such incidents would recur.
The Netherlands incidents at Volkel Air Base in late November underscored both the military dimension and the limits of current interdiction capabilities. Drones overflew Volkel—home to a Royal Netherlands Air Force F-35 wing and a U.S. Air Force squadron under NATO—and near Eindhoven, forcing hours-long airspace closures. Dutch authorities confirmed that weapons were used against drones over Volkel but failed to bring them down. Officials declined to disclose details of detection or interdiction methods, citing operational security. The failures at Volkel highlight a recurring problem: even military installations with robust rules of engagement and layered defenses struggle to reliably neutralize small, low-altitude platforms, especially when constrained by safety considerations in proximity to civilian populations or flight paths. The Netherlands incidents followed earlier sightings over other Dutch bases and mirrored patterns observed in neighboring Belgium, Denmark, and Germany, suggesting either coordinated operations or rapid learning and imitation by multiple actors.
Poland's 9 September incidents present the strongest publicly available evidence of state-level attribution and hostile intent. Between 19 and 23 Russian drones violated Polish airspace; Polish forces, supported by allied aircraft, shot up to four of them down. Subsequent analysis indicated that some carried explosives or decoy payloads designed to overwhelm air defenses or probe response capabilities. Additional sightings over government buildings in Warsaw led to the detention of two Belarusian citizens. Poland invoked NATO Article 4 consultations in connection with the September events, a step that formalized alliance-level discussion of the threat and contributed to broader posture adjustments across the eastern flank. Lithuania's discovery of an explosives-bearing drone on a training ground in July, Romania's September incursions, and Estonia's reporting of Russian MiG-31 violations all fit within a pattern of airspace pressure concentrated along NATO's eastern periphery, where proximity to Russian territory enables cross-border operations with short transit times and multiple potential vectors.
Members are reading: Why airport defenses lag far behind military capabilities—and the legal, technical, and safety constraints preventing rapid deployment of jamming, nets, and kinetic interdiction systems.
The result is a protection differential between civilian and military environments. Military installations operate under clearer rules of engagement, can restrict airspace more aggressively, and accept higher collateral risk in interdiction decisions. Airports, by contrast, must prioritize passenger safety and operational continuity; when faced with an unidentified drone near approach corridors, controllers typically default to airspace closure rather than deploying countermeasures whose side effects are uncertain. This creates an exploitable asymmetry: civilian nodes bear higher disruption costs and lower interdiction thresholds, making them attractive targets for actors seeking maximum economic and psychological impact at minimal operational risk. The Copenhagen and Brussels closures—each lasting hours and affecting thousands of passengers—illustrate how a single small platform can impose costs vastly disproportionate to its acquisition price or technical sophistication.
The Netherlands' failure to bring down drones over Volkel Air Base, despite deploying weapons, underscores that even military facilities with robust capabilities face real limitations. Officials' refusal to disclose what systems were used or why they failed likely reflects operational security concerns, but it also signals a broader problem: Europe has not yet fielded a reliable, cost-effective layered defense optimized for small UAS threats. High-end surface-to-air missiles designed for fighter aircraft or cruise missiles are economically and tactically unsuitable for engaging drones that may cost a few hundred euros. NATO Secretary General Mark Rutte has emphasized the need for asymmetric responses—electronic warfare, spoofing, and affordable kinetic options—that do not exhaust expensive interceptors on cheap threats. Developing, testing, and integrating these capabilities at scale across both civilian and military sites is a process measured in years, not months, and requires alignment across national procurement systems, regulatory frameworks, and operational doctrines.
National and alliance responses: Bans, deployments, and the search for a "drone wall"
European governments' responses to the September–November surge have combined immediate operational measures—temporary flight bans, expedited counter-drone deployments, allied assistance requests—with longer-term institutional and legislative reforms designed to close capability and authority gaps. Denmark's nationwide civilian drone ban, imposed during the EU summit week of 29 September–3 October, represents the most sweeping immediate measure: all non-essential civilian UAS operations were prohibited to reduce signal clutter and eliminate potential cover for hostile activity. The ban was time-limited and tied to a specific high-profile event, but it established a precedent for emergency airspace restrictions that other countries have since studied. Denmark also elevated its national threat level, expanded coordination with allied counter-drone teams from Germany, France, Sweden, and Ukraine, and committed to procuring additional permanent detection and interdiction systems—though procurement timelines and budget allocations remain under negotiation.
Germany has pursued a legislative and institutional approach. Draft legislation introduced in late 2025 would authorize police forces to interdict or shoot down drones deemed to pose imminent threats to critical infrastructure or public safety, closing a legal gap that previously required case-by-case ministerial authorization. The establishment of a federal drone defense center—targeted for operational launch in December 2025—centralizes expertise, coordinates procurement, and provides a national clearinghouse for incident reporting and analysis. Northern German states announced additional defensive measures around airports following the Munich incidents, signaling recognition that the threat extends across the country. However, translating legislative authority into deployed capability requires training, equipment acquisition, liability frameworks, and cross-agency protocols, processes that will extend well into 2026.
Belgium's response illustrates both the urgency of the threat and Europe's reliance on bilateral allied support to fill immediate gaps. Faced with ten incidents in eight days and lacking organic counter-drone capabilities at scale, Belgium requested and received systems from Germany and specialist personnel from the United Kingdom's Royal Air Force. This rapid allied assistance—facilitated through existing NATO and bilateral defense relationships—provided a stopgap, but it also exposed Belgium's prior under-investment in this domain and the broader challenge of building sovereign capabilities across all European countries. Civilian airlines operating in Belgium updated contingency plans and passenger-handling protocols, institutionalizing the expectation that drone-related disruptions would recur and required standardized responses to minimize chaos and reputational damage.
The Netherlands confirmed active interdiction attempts at Volkel but withheld operational details, a posture reflecting the tension between public accountability and operational security. By acknowledging weapons use but declining to specify systems or explain failures, Dutch authorities sought to signal resolve without revealing tactical limitations that adversaries might exploit. This operational secrecy is consistent across multiple countries and complicates public assessment of how capable European defenses actually are; much of the most relevant data on detection ranges, intercept success rates, and countermeasure effectiveness remains classified.
At the European Union level, the "drone wall" concept has emerged as a focal point for policy debate and institutional positioning. Initially proposed as a layered detection and interdiction architecture along the EU's eastern flank—analogous to air defense systems but optimized for small UAS threats—the concept has been incorporated into broader discussions of a Defense Readiness Roadmap under the incoming European Commission. Proponents, including the Latvian Prime Minister, argue for rapid deployment within months; Germany's Defense Minister has suggested a more realistic timeline of three to four years, citing procurement, testing, interoperability, and legal harmonization challenges. European Commission leadership has called for immediate interim steps while emphasizing the need for NATO cooperation and integration of Ukrainian counter-drone expertise, given Ukraine's operational experience defending against Russian UAS attacks at scale.
Regulatory harmonization remains a persistent challenge. The EU's Drone Strategy 2.0 and the Critical Entities Resilience (CER) Directive provide frameworks for U-space integration and resilience requirements for operators of essential services, but implementation is uneven and national discretion remains wide. Legal authorities governing who may interdict drones, under what circumstances, and with what tools vary across member states and between civilian and military jurisdictions. The UK's post-Gatwick measures—expanded no-fly zones, counter-UAS procurement for airports, police authorities for interdiction—are often cited as a model, but replicating them across 27 EU member states plus non-EU NATO allies requires legislative alignment, budget commitments, and operational coordination that EU institutions can facilitate but not compel. The result is a patchwork in which some countries and facilities have advanced layered defenses while others remain reliant on visual detection and airspace closures.
NATO's posture adjustments have focused on enhanced vigilance, information sharing, and rapid assistance rather than escalatory measures. Increased presence in the Baltic Sea region during and after the September incidents, the broader "Eastern Sentry" effort to strengthen air defense and surveillance along the eastern flank, and allied deployments such as the RAF team to Belgium all demonstrate alliance responsiveness. However, NATO's role is necessarily constrained by the hybrid character of the threat: most incidents involve civilian airspace and critical infrastructure under national jurisdiction, not direct attacks on military forces that would trigger collective defense obligations. Article 4 consultations—invoked by Poland and considered by Denmark—provide a forum for coordination and signaling but do not automatically generate operational NATO responses. The alliance's focus remains on deterrence, interoperability, and ensuring that member states have access to capabilities and expertise, rather than on establishing a standing NATO counter-drone force.
Members are reading: How the drone incursions fit Russia's decade-long hybrid playbook—and why Ukrainian battlefield experience offers both lessons and limits for European civilian defenses.
Regulatory fragmentation: The patchwork of drone laws across Europe
Europe's regulatory landscape for unmanned aircraft systems reflects a layered accumulation of national rules, EU frameworks, and international aviation standards that were designed primarily to enable civilian commercial drone use rather than to counter hostile deployments. The resulting patchwork creates exploitable gaps, complicates cross-border enforcement, and slows the deployment of detection and interdiction capabilities that might otherwise reduce vulnerability. While the European Union has made significant strides toward harmonization through the EU Drone Regulation (in force since 2021) and the updated Drone Strategy 2.0, implementation remains uneven and key domains—particularly counter-drone authorities—remain largely national in character.
The EU Drone Regulation established common technical and operational standards for civilian UAS, including registration requirements, remote identification mandates for most platforms, and risk-based operational categories (Open, Specific, Certified). These rules facilitate legal commercial activity—package delivery, infrastructure inspection, agricultural monitoring—and provide a baseline for safety and accountability. However, they do little to address hostile or non-compliant operators who by definition disregard registration, remote ID, and no-fly zone requirements. Enforcement depends on national police and aviation authorities whose powers, resources, and priorities vary widely. A drone operator violating no-fly zones in one member state may face administrative fines; in another, potential criminal prosecution; in a third, minimal consequence due to under-resourced enforcement agencies.
Counter-drone authorities—who may deploy detection systems, when jamming or spoofing is permissible, under what circumstances kinetic interdiction is lawful—remain largely national prerogatives even as the threat increasingly operates trans-nationally. Germany's draft legislation to empower police interdiction and shoot-downs represents an effort to close this gap domestically, but similar reforms are at varying stages across the EU. The United Kingdom, outside the EU regulatory framework post-Brexit, implemented expanded counter-drone measures after the December 2018 Gatwick Airport incident, including exclusion zones around airports, police acquisition of detection and jamming equipment, and legal authority for interdiction. These UK precedents are frequently cited as models, yet replicating them across 27 EU member states requires legislative action in each national parliament, budget appropriations, procurement processes, and training programs—a timeline measured in years.
Liability frameworks compound the challenge. Airport operators, airlines, and police forces face legal exposure if counter-drone measures cause collateral damage—jamming that disrupts navigation and causes an incident, kinetic intercepts that produce debris strikes, or wrongful interdiction of a compliant civilian operator mistaken for a threat. In the absence of clear statutory safe harbors for good-faith actions taken under exigent circumstances, operators default to conservative risk management: airspace closures rather than active interdiction. Some countries are developing legal protections modeled on self-defense or necessity doctrines, but harmonization across jurisdictions is limited. The result is that even where technical capabilities exist, legal uncertainty constrains their operational use.
The Critical Entities Resilience (CER) Directive, which entered into force in 2023, requires operators of essential services—including airports, energy facilities, and transport hubs—to assess risks and implement resilience measures. Drone threats fall within the directive's scope, but the specific measures required are left to member states and individual operators to define. This flexibility accommodates varying threat environments and resource constraints, but it also permits wide variation in actual protection levels. An airport in one member state may invest heavily in layered counter-drone systems; another may conduct risk assessments but defer major investments pending clearer regulatory guidance or budget availability.
Cross-border coordination mechanisms exist but are underdeveloped for real-time operational response. The European Union Aviation Safety Agency (EASA) provides technical standards and safety oversight; Europol facilitates law enforcement information sharing; the EU Intelligence and Situation Centre (INTCEN) produces classified threat assessments. However, these bodies operate on timescales and through channels designed for policy development and strategic analysis, not tactical incident response. When drones appeared over Danish airports in September, Denmark's requests for allied assistance ran through bilateral defense relationships and NATO channels, not EU crisis management structures. This reliance on ad hoc coordination works when political will and prior relationships exist, but it is not a substitute for institutionalized rapid-response mechanisms with pre-delegated authorities and pre-positioned capabilities.
Harmonization advocates within the European Commission and Parliament argue that a truly integrated counter-drone architecture—analogous to the integrated air defense systems that protect European airspace from conventional threats—requires not only common technical standards but also shared legal authorities, pooled procurement, joint training, and unified command structures for cross-border incidents. Skeptics, particularly in member states with strong national defense traditions, counter that counter-drone operations involve core sovereignty functions (airspace control, use of force) that should remain national prerogatives, coordinated through NATO rather than EU structures. This tension between supranational efficiency and national sovereignty is a recurring theme in European security integration and is unlikely to resolve quickly in the counter-drone domain.
What prepared looks like: Benchmarks for resilience and integrated defense
Defining "prepared" in the context of small-UAS threats requires moving beyond reactive incident response toward a layered, integrated defense posture that spans detection, attribution, interdiction, legal frameworks, public communication, and continuous adaptation based on operational learning. No European country currently meets all these benchmarks, but elements exist across the continent and can be synthesized into a coherent model.
Detection preparedness requires sensor networks that combine radio frequency scanners, radar tuned for small slow-moving targets, electro-optical and infrared cameras, and acoustic arrays, integrated into a common operational picture accessible to air traffic control, airport security, police, and military responders. These networks must cover not only immediate facility perimeters but also approach corridors and buffer zones, providing early warning sufficient for decision-making before a drone reaches critical airspace. Redundancy is essential; reliance on a single sensor type creates exploitable gaps. Real-time data fusion—automated correlation of signals across sensor types to reduce false positives and provide high-confidence threat identification—is technically feasible but requires investment in software, operator training, and secure communication links. Munich Airport's post-October deployment of laser detection systems represents a step in this direction, but comprehensive coverage across all European airports and critical infrastructure remains years away at current funding and deployment rates.
Attribution preparedness means combining technical forensics (recovering platforms for analysis of components, software, and operational signatures), signals intelligence (intercepting command-and-control links to identify operators or relay points), human intelligence (cultivating sources within potential threat networks), and open-source intelligence (monitoring online communities where drone tactics and targets are discussed). Many incidents will remain unattributable in real time, but systematic collection and analysis over time can reveal patterns, identify recurring signatures, and support eventual attribution even when individual cases remain ambiguous. This requires dedicated analytical capacity, secure information-sharing channels across national agencies and with allies, and political will to invest in capabilities whose outputs are often classified and whose value accrues over strategic timescales rather than immediate incident response.
Interdiction preparedness demands a toolkit of scalable, proportionate responses tailored to civilian and military environments. For airports, this means precisely targeted electronic warfare systems that can jam or spoof individual drones without disrupting navigation or communication systems used by manned aircraft; net-capture systems deployable by ground teams or small interceptor drones; non-lethal directed-energy weapons (lasers calibrated to disable rotors or electronics); and, as a last resort, kinetic options (trained marksmen with shotguns or specialized munitions) used under strict protocols. For military installations, the toolkit can include higher-risk measures—broader jamming, heavier kinetic weapons, area-denial systems—justified by controlled perimeters and clearer rules of engagement. All options require trained operators, regular exercises, maintenance, and legal authority to deploy under time-sensitive conditions. The Netherlands' failure to interdict drones over Volkel suggests that even military sites with notional capabilities face real operational constraints; closing these gaps requires investment in training and doctrine, not only hardware.
Legal preparedness means harmonized statutory authorities that clearly define who may deploy counter-drone measures, under what circumstances, with what approval thresholds, and with what liability protections. Germany's draft legislation and the UK's post-Gatwick legal reforms provide models: pre-authorized police and military actions in defined threat scenarios, safe-harbor provisions for operators acting in good faith, streamlined approval for temporary no-fly zones during high-risk events, and penalties for non-compliant drone operation sufficient to deter casual violations. Extending these frameworks across all EU member states and ensuring interoperability with NATO allies would reduce response times, eliminate regulatory arbitrage, and clarify accountability in cross-border incidents.
Public communication preparedness involves transparent, timely information about incidents, government responses, and residual risks, calibrated to inform without inducing panic or resignation. The Copenhagen and Brussels incidents generated widespread media coverage and passenger frustration, much of it focused on lack of information during closures and confusion about compensation and rebooking. Airports and governments that develop templated communication protocols—pre-drafted statements, designated spokespersons, real-time updates via apps and social media, clear passenger rights information—can reduce chaos and maintain public confidence even during recurring incidents. Transparency about limitations is also critical; acknowledging that not all incidents can be prevented or immediately attributed, while demonstrating systematic efforts to improve defenses, builds credibility more effectively than overconfident claims subsequently undermined by repeat incidents.
Continuous adaptation requires institutionalized learning mechanisms: after-action reviews for every significant incident, systematic collection and analysis of drone tactics and technologies, red-team exercises that simulate adversary innovation, and regular updates to detection algorithms, interdiction protocols, and legal authorities based on operational experience. Ukraine's counter-UAS evolution—from ad hoc improvisations in 2022 to systematic integration of electronic warfare, kinetic intercepts, and volunteer networks by 2024—illustrates the pace of adaptation possible under existential pressure. European countries operating in peacetime will not match that tempo, but they can institutionalize feedback loops that ensure lessons from Copenhagen inform defenses in Brussels, that technical insights from Volkel improve readiness at other NATO bases, and that regulatory gaps identified in one member state drive legislative action across the EU.
Finally, resilience preparedness acknowledges that no defense is perfect and that some incidents will succeed despite best efforts. This means designing critical infrastructure with redundancy and fail-safes that limit cascading effects from individual disruptions; developing business continuity plans that enable airports, energy facilities, and logistics hubs to maintain or rapidly restore operations; and building societal resilience through public education that contextualizes risks and reduces susceptibility to panic or disinformation. Accepting recurring low-level disruptions as a feature of the contemporary threat landscape—while systematically working to reduce their frequency and impact—is politically difficult but strategically necessary.
Members are reading: Five scenarios for how the drone threat evolves—from normalized nuisance to weaponized swarms—and the narrow window Europe has to shape which trajectory prevails.
Conclusion: From reactive crisis to strategic posture
The wave of unauthorized drone incursions across Europe since September 2025 has forced a reckoning with vulnerabilities that institutional inertia and regulatory fragmentation allowed to persist despite years of warning signals. Gatwick's 2018 closure, sporadic incidents over nuclear facilities in France, and Ukrainian combat experience all foreshadowed the challenge now manifest across the continent. What distinguishes the current moment is scale, tempo, and the apparent coordination suggesting state-level direction or tacit sponsorship. European governments and NATO have begun to respond—temporary bans, expedited deployments, legal reforms, alliance consultations—but the gap between the threat's evolution and the defenses' maturation remains wide and, in some domains, widening.
The strategic imperatives are clear. First, accelerate deployment of layered detection and interdiction capabilities tailored to small-UAS threats, prioritizing civilian airports and dual-use facilities where the protection gap is widest and the potential for disruption greatest. This requires sustained budget commitments, streamlined procurement, and integration across sensor types and response agencies. Second, harmonize legal frameworks to eliminate regulatory arbitrage, clarify authorities and liabilities, and enable real-time cross-border coordination for incidents that do not respect national boundaries. Third, institutionalize learning mechanisms that capture tactical insights from every incident and ensure rapid dissemination across countries and sectors, leveraging Ukrainian expertise where applicable and investing in training and exercises that prepare operators for the scenarios most likely to occur. Fourth, communicate transparently with publics about the nature of the threat, the limitations of current defenses, and the timeline for meaningful capability improvements, building resilience through informed engagement rather than complacency or panic.
The broader lesson is that hybrid threats exploit the seams between domains—civilian and military, national and alliance, peacetime and conflict—and succeed not through overwhelming force but through persistent pressure that defenders struggle to categorize, attribute, and counter within existing institutional and legal frameworks. Small drones are a lever in this strategy, cheap and deniable yet capable of imposing disproportionate costs and revealing systemic weaknesses. Europe's ability to close the vulnerabilities they expose will signal not only the continent's preparedness for this specific challenge but its capacity to adapt to the broader logic of hybrid conflict that is likely to define the security environment for years to come. The question is not whether Europe will eventually develop robust counter-drone defenses—technological and institutional responses will come—but whether that adaptation occurs rapidly enough to avoid a prolonged period of exploitable vulnerability, and at what cost in disruption, economic damage, and eroded confidence the lessons will be learned.
Elena Kowalski
Elena Kowalski
Elena Kowalski
Subscribe to our free newsletter to unlock direct links to all sources used in this article.
We believe you deserve to verify everything we write. That's why we meticulously document every source.
