Internal Security, External Security: The End of an Artificial Divide

By Lieutenant General (Ret.) Jean-Philippe LECOUFFE, Deputy Executive Director of EUROPOL, in charge of Operations

Threats are converging. Our responses must converge too.

In my role at Europol, I see every day just how porous the traditional boundaries between internal and external security have become. The phenomenon is not new, but in these times of international tension, its acceleration and amplification are clearly perceptible.

Yet our institutions remain organised around a clear distinction: internal security entrusted to law enforcement and judicial services; external security to intelligence services and the armed forces. This separation is increasingly less relevant, and exchanges between these organisations must be intensified further.

The 2026 edition of Eurosatory has taken this evolution into account. Long focused on military matters, the exhibition now gives prominent space to cybersecurity, artificial intelligence, the fight against terrorist and criminal threats, the protection of critical infrastructure, and the resilience of our societies. This is not a circumstantial shift. It reflects a profound transformation of our security environment.

Europol's SOCTA 2025¹ demonstrates this clearly. Organised crime has become ever more digital, more agile and reactive, and more destabilising. Criminal networks exploit every technological advance, and they do so faster than the administrations fighting them. Artificial intelligence, cryptocurrencies, digital platforms, encryption services, and crime-as-a-service all contribute to making threats more complex and faster-moving.

Today, nearly 70% of the most threatening criminal networks in the European Union use corruption. More than 80% have infiltrated, or are seeking to infiltrate, the legal economy in order to conceal their activities or launder their criminal profits. Organised crime is no longer merely a threat to public safety; it is becoming a factor of economic, social and institutional destabilisation, sometimes succeeding in controlling parcels of territory.

Cyberattacks also perfectly illustrate this convergence of threats. Whether they target a hospital, an energy grid, or a local or national administration, the result is the same: essential services are disrupted, the economy is weakened, and citizens' trust is eroded. A criminal group driven by profit, a state actor, or a proxy acting on behalf of a state: the methods are often alike and the consequences identical.

Terrorism follows the same logic. Terrorist groups use social media, encrypted messaging, cryptocurrencies and digital tools — the very same ones found in investigations into organised crime. The ecosystems intersect. The techniques converge. The boundaries fade.

International conflicts likewise have direct effects on our internal security. The war in Ukraine has reminded everyone that threats linked to arms trafficking, cyberattacks, disinformation campaigns, and interference attempts do not stop at the borders of conflict zones. They concern Europe as a whole.

This observation lies at the heart of the European Union's security strategy, "ProtectEU," adopted in April 2025. This strategy stresses the need to approach EU security in a comprehensive manner. Organised crime, terrorism, cyber threats, hybrid attacks, sabotage of critical infrastructure and foreign interference are all part of one and the same strategic challenge: protecting our fellow citizens and our democratic societies in an environment that has become more global, more complex and more unstable.

Within this new European security architecture, Europol holds a particular position. The agency is today the principal European hub for criminal intelligence. Each year, it coordinates and supports several thousand investigations and operations conducted by the law enforcement services of the Member States. Without coercive powers, its role is not to replace national authorities — the sole sovereign actors empowered to act — but Europol adds value by connecting information and investigators, as well as by providing expertise and operational capabilities to amplify and accelerate the results of investigations. Whether the matter is terrorism, cybercrime, migrant smuggling, drug trafficking, or economic and financial crime, the same reality prevails: no single service, no single state, and no single institution can any longer act alone against globalised threats and criminal networks. This is undoubtedly the main lesson of recent years.

The point is not to merge internal and external security. The missions and the organisations remain distinct. Responsibilities remain separate. But it is increasingly essential to build more bridges between the actors of security, defence, intelligence, the digital sphere, and the private sector, in order to better protect our fellow citizens and our societies, which are under attack.

The threats of this century operate as networks, on a global scale. Our response must adapt and operate in the same way. The exchange of information and cooperation between those in charge of internal security and those in charge of external security is no longer an option. It has become a condition of our collective security.

¹The "Serious Organised Crime Threat Assessment" is a criminal threat assessment for Europe, published every four years by Europol following extensive work with the Member States, which serves as the basis for shaping European strategies.