This summary encapsulates the evolution from viewing “fake news” as a simple information problem to recognizing it as a systemic security threat, known as Foreign Information Manipulation and Interference (FIMI).
The core of the issue is that we have moved past an era where disinformation was just about “false content.” Today’s landscape is defined by coordinated, persistent, and strategic operations that exploit the digital architecture of our society. These campaigns use generative AI, algorithmic amplification, and opaque intermediaries to manipulate public trust and destabilize democratic discourse. Because these operations often use technically legal content—such as decontextualized truths or emotional rage-bait—the traditional legal focus on banning “falsehoods” is no longer sufficient. Instead, policy must shift toward monitoring behavior, coordination, and the systemic risks that platforms pose to our democratic institutions.
The European Union has emerged as a leader in this transition, moving away from a reliance on companies to “self-regulate” and toward a model of formal, binding governance. Instruments like the Digital Services Act (DSA) represent a fundamental change in the rules of the game. Rather than forcing governments to act as the “arbiters of truth”—which would risk violating freedom of expression and democratic pluralism—the DSA requires platforms to focus on risk assessment, transparency in algorithmic design, and accountability for how their systems prioritize and distribute information. This approach is superior because it focuses on the architecture of the information ecosystem rather than the content of individual posts.
However, the current European framework still faces significant hurdles. A major weakness is the lack of a legally binding definition of what constitutes FIMI, which leaves platforms with too much power to interpret these policies as they see fit. Furthermore, the capacity to identify who is behind a campaign—attribution—remains a major technical and forensic challenge. Despite having strong laws, the EU struggles with institutional fragmentation and a continued over-reliance on the technical cooperation of private platforms. If we rely solely on private corporations to police our public square, we risk delegating democratic sovereignty to organizations that are not accountable to citizens and whose primary motives are often profit-driven rather than security-focused.
To move forward, the authors argue for a more mature, “multilevel” architecture that combines security, law, and social intelligence. This means creating a dedicated, centralized European coordination unit to handle hybrid threats, allowing for faster response times and better information sharing across borders. It also means investing heavily in attribution capabilities and digital forensics. Governments must treat the fight against manipulation with the same strategic priority as they do cybersecurity; this requires not just better policies, but also increased funding for research, detection, and counter-narrative strategies that do not involve government censorship or propaganda.
Ultimately, the goal is not to “securitize” the entire digital public sphere, which would inevitably suppress free speech. Instead, we must build a resilient legal and technological framework that can handle modern geopolitical competition. This requires moving beyond reactive, ad-hoc responses toward a proactive strategy that includes independent oversight of algorithms, stricter transparency on political advertising and funding, and a deep commitment to digital public literacy. By reinforcing the structural conditions of a healthy democracy—such as media pluralism and editorial independence—states can better protect themselves without resorting to the authoritarian impulses of state-controlled “truth.”
The path forward requires a balancing act: we must protect the integrity of our information environment against hostile foreign interference while upholding the constitutional rights that make our societies worth defending. The transition from the “disinformation era” to the “FIMI era” is essentially the maturation of how we govern the modern digital space. By embracing a strategy that prioritizes behavioral transparency and systemic oversight, Europe can establish a global model that preserves both democratic security and the rule of law in an age of constant connectivity and strategic digital competition.

