Submarine cables: the Achilles heel of European digital sovereignty

For critical infrastructure, submarine cables are a paradox. They are its technological backbone and at the same time its most exposed point. And for Slovakia, a landlocked state with no maritime ports of its own, they represent a strategic risk that remains insufficiently present in the national discussion.

Anatomy of vulnerability

A fibre-optic cable with the diameter of a garden hose carries capacity in the order of tens of terabits per second. It is protected by several layers of steel and polyethylene, but in the open sea at depths greater than 2,000 metres, to save costs, it is laid bare on the seabed without sediment cover. In the shallower waters of continental shelves, where the highest number of damages occurs, the cable is typically buried 1 to 3 metres below the seafloor.

Globally, there are approximately 150 to 200 submarine cable disruptions every year. Roughly two thirds are caused by fishing trawls and the anchors of commercial vessels, another quarter by natural events such as underwater landslides, earthquakes, and storms. The remainder, consistently around 5 to 10 %, comprises incidents that cannot be unambiguously classified. It is precisely this category that has, in recent years, become a geopolitical category.

Timeline of Baltic incidents

Europe's northern seas have turned into a laboratory of hybrid activity. In October 2023, the BalticConnector gas pipeline between Finland and Estonia was severed in the Baltic Sea, together with several telecommunications cables. The investigation showed that the cause was the heavy anchor of the Chinese vessel Newnew Polar Bear, which dragged it along the seabed for more than 180 kilometres. The ship left the Baltic before it could be detained, and meaningful assistance from China in the subsequent investigation was effectively unavailable.

In November 2024, the C-Lion1 telecommunications cable between Finland and Germany and the BCS East-West cable between Lithuania and Sweden were severed. At the time of the incident, the Chinese vessel Yi Peng 3 was passing over the damaged sections, dragging its anchor along the seabed for more than 100 miles. In December 2024, the Estlink-2 power interconnector between Finland and Estonia and four telecommunications cables were severed. The vessel responsible was the tanker Eagle S, part of the so-called Russian shadow fleet, transporting sanctioned oil. Finnish authorities detained the ship — a regional precedent.

In the Red Sea, the severing of three cables in February 2024 was caused by the anchor of the Rubymar after it was struck by a Houthi missile. In the Taiwan Strait, more than 30 cables leading to the Matsu Islands were severed between 2023 and 2024, which Taiwan classifies as deliberate "grey-zone" activity by Chinese coastal vessels.

The political and regulatory response of the EU

In response to the Baltic events, the European Commission published the EU Cable Security Action Plan in February 2025. The action plan rests on four pillars: prevention (mapping of dependencies, redundancy of routes), detection (continuous monitoring of subsea activity, combining AIS, sonar, and satellite data), response (rapid repair capacities, coordination among Member States), and deterrence (incident attribution, sanctions regimes, legal instruments against shadow-fleet vessels). The plan rests on the CER Directive (2022/2557) and the NIS2 Directive (2022/2555), which classify submarine cables as part of digital and energy critical infrastructure.

In May 2024, NATO established a Maritime Centre for the Security of Critical Undersea Infrastructure within its Maritime Command in Northwood. In January 2025, the Alliance launched Operation Baltic Sentry, a long-term monitoring effort along Baltic shipping lanes combining frigates, helicopters, and underwater drones. This represents a fundamental shift in the perception of subsea infrastructure as a military and political priority.

The Slovak dimension

Slovakia is not a coastal state, and the topic of submarine cables is therefore often perceived as distant. This impression is misleading. All of Slovakia's international internet traffic passes through landing stations in Hamburg, Frankfurt, Marseille, and to a lesser extent in Polish and Croatian ports. The resilience of the Slovak digital ecosystem is therefore directly dependent on the physical security of cables along coastlines that lie hundreds of kilometres from Slovak borders.

Slovak banks use the international payment systems SWIFT and TARGET2, Slovak businesses access cloud services in data centres in Ireland, the Netherlands, and Germany, and Slovak public administration uses federated European services. Each of these dependencies passes, at some point, through a submarine cable.

In the terminology of Act No. 367/2024 on Critical Infrastructure, this is an external cascading dependency, categorically different from domestic critical assets. The Slovak operator cannot directly influence it, but must identify, assess, and mitigate it. This is the purpose of the dependency-mapping requirement that the Act imposes as one of the key obligations of critical entities.

Structural risks rarely highlighted

Three vulnerabilities remain insufficiently named in the current European discussion.

First, repair capacity. Globally, there are only approximately 60 specialised vessels for submarine cable repairs. Most are in the hands of private operators, and their deployment can take weeks. In a scenario of coordinated damage to multiple cables, this capacity would be quickly exhausted.

Second, manufacturing concentration. The submarine cable manufacturing market is dominated by four players: French Alcatel Submarine Networks, American SubCom, Japanese NEC, and Chinese HMN Technologies (formerly Huawei Marine). The European industrial shift toward diversification is progressing slowly.

Third, real-time identification of suspicious vessels. The shadow fleet operates with disabled or manipulated AIS transponders, avoids standard shipping routes, and often changes flag of registration. Recognising an "anchor-dragging" vessel before it severs a cable is a technically and legally demanding task.

Strategic outlook

Submarine cables bring together three trends that will define the security of critical infrastructure over the next decade. The first is the hybrid activity of state actors operating in the zone below the threshold of armed conflict. The second is the geographic interdependence of critical infrastructure, where national sovereignty is exercised through assets physically located outside the territory of the state. The third is the crisis of attribution, where the technical capacity to provide proof lags behind the speed of events and the political need to respond.

For AKI SR, the topic of submarine cables is a textbook case of why Act No. 367/2024 does not stop at domestic assets and requires cross-border mapping of dependencies. For operators in the digital infrastructure, financial, energy, and public administration sectors, it means the need to include the risk of disruption to international connectivity among the scenarios for testing operational continuity.

"Submarine cables are a geographic reminder that digital sovereignty has a physical dimension. Slovakia cannot pretend that the problem begins and ends at our borders. The security of network nodes in Hamburg and Marseille is today part of the security of the Slovak payment system and Slovak public administration. This opens up a new category of strategic cooperation within the EU and NATO that our discussion on critical infrastructure is only beginning to fully reflect," concludes Ing. Tibor Straka, President of AKI SR.

It has long held true in the history of critical infrastructure that the most vulnerable systems are the ones we depend on the most and see the least. Submarine cables are, in this sense, perfect critical infrastructure. And precisely for that reason, they deserve to stand at the centre, not at the margin, of the security debate.