4th EEAS Report on Foreign Information Manipulation and Interference Threats

By EUvsDisinfo

EXECUTIVE SUMMARY

The 4th EEAS Report on Foreign Information Manipulation and Interference (FIMI) Threats provides a comprehensive assessment of FIMI activities worldwide, based on cases documented and investigated by the EEAS throughout 2025.

A key contribution of this report is the shift from diagnosis to impact through the FIMI Deterrence Playbook. By identifying critical nodes across infrastructures, intermediaries and supply chains, it operationalises deterrence by setting out an approach which targets the threat actor’s vulnerabilities. By striking at the key enablers of FIMI operations such as intermediaries, proxies and service providers the structure that sustains them can become progressively fragile and difficult to sustain. Existing instruments within the FIMI Toolbox — including sanctions, law enforcement, digital regulation and resilience-building — can be strategically mobilised to raise costs, limiting operational space and reduce the likelihood of future attacks.

The FIMI Deterrence Playbook contributes to bring the EU’s and its partners effort to counter FIMI, onto the front foot, marking a shift from a largely reactive to a proactive and anticipatory approach. In a context of continued escalation, deterrence becomes essential to generate tangible impact.

During the year, the EEAS detected 540 incidents globally. As in previous years, Ukraine remained the primary target, followed by France, Moldova and Germany. Attacks not only increased in frequency and intensity but also became more sophisticated. FIMI continues to adapt to technological advances, particularly in Artificial Intelligence (AI). AI-generated text, synthetic audio and manipulated video have shifted from experimental use to routine deployment, becoming cost-effective and scalable tools for threat actors.

In total, 10,500 social media channels and websites were mobilised to produce or amplify FIMI. Of all documented incidents, 35% were attributed to Russia (29%) and China (6%). Beyond the attributed figures, Russian and China rely on extensive covert and fabricated networks aligned with their strategic objectives. By outsourcing capabilities through these opaque networks, they expand their reach while preserving plausible deniability and complicating attribution.

Through systematic mapping of channels and their interconnections, the report updates the “Galaxy of FIMI operations” presented in the 3rd EEAS Report on FIMI Threats on in 2025 and deepens understanding of the structural architecture behind FIMI. The network analysis reveals a central group of digital channels functioning as the operational backbone, linked to regional hubs targeting specific geographies, including Sub-Saharan Africa, the Middle East and North Africa, Moldova and Armenia.

Electoral processes once again constituted a primary focus of Russian FIMI activity. In 2025, Russia targeted elections in Germany, Poland, Romania, Moldova, the Czech Republic and Côte d’Ivoire, replicating patterns observed in previous electoral cycles.

This data also enables forward-looking assessment, allowing the anticipation of new vectors of attack. Upcoming electoral processes in Member States (including Slovenia, Hungary, Bulgaria, Cyprus, Estonia, Sweden, Latvia and Denmark) may face similar interference patterns. Beyond the EU, Armenia is expected to remain a key target in the run-up to the June 2026 parliamentary elections. The attack patterns observed during the Presidential elections in Moldova reveal striking similarities with networks and tactics now emerging in Armenia.

Disclaimer: The data used in this report are provided for informational purposes and are based on the EEAS’ strategic monitoring activities and open-source research. The data presented reflect a selective, time-bound sample of observed activity associated, through public reporting or independent analytical attribution, with Foreign Information Manipulation and Interference (FIMI). The findings presented do not claim to be exhaustive or representative of overall FIMI activity and trends by the mentioned actors. The analysis is reflective of the authors’ judgments at the time of publication and are subject to revision.

INTRODUCTION

In 2025, Foreign Information Manipulation and Interference (FIMI) reached a new level of operational complexity and global reach, with attacks increasing in frequency, intensity and coordination.

The weaponisation of the information space has become a persistent feature of today’s international conflicts, reflecting increasing confrontation among major geopolitical powers. At the same time, the broader security context has deteriorated. Armed conflicts close to the borders of the European Union (EU) have not only persisted but escalated. Incidents involving drones and other incursions into EU territory have contributed to a climate of intimidation and uncertainty. FIMI does not operate in isolation; it forms part of a broader hybrid arsenal combining digital interference with physical signalling and coercive actions. It is, therefore, not merely a communication challenge but part of a broader strategy with tangible political and security consequences.

The EU faces FIMI attacks from more fronts, including in the technological domain. On the one hand, challenges related to the governance of global digital platforms and their role in shaping information flows continue to create structural vulnerabilities. On the other hand, Artificial Intelligence (AI) is increasingly supercharging FIMI operations, making them cheaper and easier to scale. In 2025, one in four detected incidents by the EEAS involved the use of AI tools to produce or distribute content.

In this context of escalation, the EU must also scale up its response work. Since 2015, the EEAS has played a pivotal role in countering FIMI. Building on successive EEAS Reports on FIMI Threats, the EEAS has developed a standardised analytical methodology to understand the threat, established a comprehensive FIMI Toolbox to respond to FIMI activities, and defined systems to link and attribute FIMI activities to threat actors.

On the basis of this experience, and in complementarity with the Democracy Shield, the next step for the EEAS is to act as the operational “sword”, translating analysis and coordination into responses with more tangible impact.

The EEAS operational strategy sits on three mutually reinforcing pillars:

• Faster responses, enabled by improved data and operational coordination.
• Scaled-up cooperation with partners, strengthening joint capabilities to act across regions and domains.
• Greater impact, by shifting from reaction to anticipation and disrupting the infrastructures and incentives that sustain FIMI.

Under this third pillar (impact), this report presents the FIMI Deterrence Playbook as a framework to generate tangible operational impact by making FIMI activity more costly and less sustainable for perpetrators. This approach translates deterrence theory into operational practice for countering-FIMI and provides a structured pathway from analysis to impact. By linking FIMI operations to their financial, technical and organisational enablers, the Playbook demonstrates how existing instruments in the FIMI Toolbox can be used as a deterrence measure to constrain the long-term viability of information operations. It provides practical guidance on how sanctions, law enforcement, platform regulation and building resilience can be activated in a cumulative and targeted way to maximise impact.

This report is structured in three parts:

• FIMI trends and findings in 2025: The first chapter presents key data from the year, analysing the activities of 10,500 channels involved in 540 incidents. It provides a focused assessment of Russia’s and China’s activities and examines key developments, including the growing use of AI and patterns observed during electoral processes.
• FIMI Deterrence Playbook: The second chapter outlines how deterrence can be operationalised across different critical levels of the FIMI ecosystem. It identifies the structural vulnerabilities and enabling mechanisms that sustain FIMI operations and explains how these pressure points can be leveraged to increase costs, constrain capabilities and reduce the long-term viability of such activities, thereby generating greater operational impact.
• The Galaxy of FIMI Operations in 2025: The final chapter maps the interconnected layers of digital infrastructure that threat actors exploit to conduct FIMI operations. Through selected case studies — including on Ukraine and Armenia, as well as on the use of AI by Chinese networks — it illustrates how different operational components interact within a broader FIMI architecture.

This report constitutes the most comprehensive mapping of FIMI activities in 2025. It consolidates analytical findings, identifies systemic trends and provides an integrated assessment of the evolving threat landscape.

Beyond analysis, its added value lies in demonstrating how existing instruments can be better coordinated, sequenced and operationalised to maximise impact. The FIMI Deterrence Playbook provides a structured framework for increasing costs, constraining capabilities and reducing the long-term sustainability of FIMI activities.

An innovative element of this approach is the integration of additional operational avenues, including stronger links with law enforcement. This expands the scope of action beyond defensive reaction and situates counter-FIMI efforts within a broader security framework.

Finally, the report delivers an operational call to action. Its full implementation requires sustained engagement and coordination with Member States and allies, whose instruments and authorities are essential to ensuring credible deterrence and tangible impact.

By EUvsDisinfo