Interview with EU Commission’s Executive Vice President Henna Virkkunen

The EU tech and security sovereignty, the transatlantic relations, the SAFE tool, the drone-wall, the new Digital Omnibus package and the role of Greece

Henna Virkkunen, the European Commission’s Executive Vice-President for Tech Sovereignty, Security and Democracy, answered John Papageorgiou’s questions just a few hours after completing her visit to Athens. “The message to Greek authorities, businesses, and academia is clear: the European Union is open for business, innovation, and technological leadership. We must act now, together, to achieve a more secure and technologically sovereign Europe,” she told Athens Digest.

This may be the first time since the founding of the EU that technology, security, and democracy are so closely linked, given the unprecedented risks we face. Let me start with security. A main goal is greater EU autonomy, particularly in sensitive areas that include critical materials and services. Given the immediacy of the threats, what can the EU — together with like-minded countries — realistically achieve in the coming months, and what in the mid-term?

The European Union is engaged in a comprehensive and accelerated strategy to bolster its strategic autonomy in security, driven by the current unprecedented geopolitical risks that have underscored the vulnerability of our supply chains and technological dependencies. We recognize that virtually any dependency can be leveraged as a point of pressure.
In the immediate term, the focus is on strengthening cybersecurity resilience and coordination. Key legislative and operational measures include:

• Cybersecurity Legislative Framework: The NIS2 Directive serves as the cornerstone for harmonized, EU-wide cybersecurity coordination across essential and important critical sectors, with Member States having a deadline of October 18, 2024, for full transposition.
• Incident Management: The Cyber Solidarity Act and Blueprint, which entered into force in February 2025, are designed to significantly improve preparedness, detection, and coordinated response to large-scale cybersecurity incidents. This aligns with developing a clear EU framework for cyber crisis management.
• Product Security: The Cyber Resilience Act (CRA), which entered into force in December 2024, mandates that hardware and software products are secure by design. The immediate focus is on industry adaptation and preparation for full enforcement by late 2027.

Our mid-term strategy centers on building indigenous capacity in critical materials and technologies, with a clear focus on semiconductors, AI, and quantum. This involves substantial strategic investments:

• The AI Continent Action Plan and the Quantum Strategy set ambitious targets to position Europe at the forefront of these emerging critical technologies.
• We are actively scaling up our technological infrastructure, demonstrated by investments in:
  • 13 AI factories and semiconductor pilot lines to accelerate innovation and production.
  • An aim to establish 4 to 5 large-scale gigafactories—a project that has received interest significantly exceeding our initial expectations—to solidify our position in strategic manufacturing.
• We are laying the groundwork for future structural changes. For instance, the consultation for the Cloud and AI Development Act is now complete. The aim of this Act will be to further facilitate the development and deployment of trusted European cloud and edge computing capabilities, and to foster an ecosystem that supports European AI innovation and infrastructure growth, thereby reducing dependency on non-EU providers.

How much more difficult do current transatlantic relations make your work compared to the recent past? NATO remains a key security pillar, but how have trust levels shifted due to the politics and rhetoric of Donald Trump, and in what ways? How does this affect overall decision-making in your broader portfolio?

The EU is committed to strengthening its own strategic position through a clear focus on reducing critical dependencies:

• We are continuously working to strengthen our indigenous defense capabilities and enhance our overall security posture.
• A central pillar of our strategy is developing technological sovereignty, ensuring the EU has control over key technologies and supply chains.
• This strategy is complemented by actively expanding cooperation with like-minded partners globally to diversify supply chains, share security burdens, and promote common standards and values.
• At the same time, we continue our good cooperation with the United States. They remain an important partner and an ally for Europe despite some disagreenments.

Defense spending has so far been mainly a national matter. But circumstances have changed, and the EU is being called upon to address shared and difficult challenges. One helpful instrument is the SAFE initiative. Do you consider the €150 billion allocated sufficient? Do you think that a stronger approach — similar to the RRF — could be necessary? And in this context, as President von der Leyen underlined in her State of the Union speech, do you believe there is sufficient unity within the EU on defense? Defense may not be included in the EU treaties and is largely a national competence, but today’s urgent challenges seem to require a common approach.

Europe currently faces an unprecedented security threat, necessitating a rapid and substantial build-up of our collective defense resources and capabilities.
In response to the shifting security environment, Member States have demonstrated a clear and sustained commitment to increasing their preparedness:

• In 2024, the total defense expenditure by the 27 Member States reached €343 billion.
• This expenditure saw a record-breaking increase for the tenth consecutive year, surging by 19% compared to 2023, which itself followed a 10% increase over 2022. This trajectory underscores the urgency of scaling up European defense.

To facilitate this critical acceleration and strengthen the European Defense Technological and Industrial Base, the EU has introduced the SAFE instrument:

• SAFE is a dedicated financial tool designed to speed up the creation of a Single Market for Defence. It offers up to €150 billion in loans to help Member States quickly and substantially increase their investments in European defense capabilities. To date, 24 Member States have already expressed interest.
• A core requirement of the SAFE instrument is to boost intra-European defense spending and secure supply. It mandates that 65% of all acquisitions must be of European origin. This ensures security of supply and fosters the development of strategic capacities within the EU.
• SAFE will allow Member States to develop strategic capacities more efficiently and quickly. Further details on specific investments will emerge once we analyze the national plans submitted by Member States, with a deadline set for the end of November 2025.

One of the security topics under discussion is the creation of a so-called drone-wall. Clearly, this cannot be built overnight. But what can be achieved within the next year? What are the first objectives of the roadmap that the Commission is expected to present? Given the urgency for countries bordering Russia, do you envisage a design limited to those states, or one covering the EU’s external borders as a whole, including Greece and Cyprus?

The European Union recognizes a clear pattern of aggression, notably from Russia, which is actively testing Europe, probing our collective resolve, and systematically undermining security across the continent. It is essential, that all member states raise their preparedness.

Recent drone attacks serve as a stark and immediate example of this hybrid threat environment.
To counteract these threats and enhance our defensive capabilities, the EU is advancing a multi-faceted approach:

• As announced in the State of the Union (SOTEU) address, the EU is committed to establishing a “Drone Wall” and investing in an “Eastern flank watch.” Technical work to implement this physical and technological barrier is currently underway.
• We are prioritizing the rapid development of two critical capacities:
  1. Surveillance and Counter-Measures: Advanced aerial surveillance systems combined with robust drone and anti-drone capabilities.
  2. Rapid Reaction: Enhanced capacity to immediately and effectively react to drone attacks and intrusions.

To ensure Member States have the resources to build these capacities, the Commission is leveraging various established and new instruments, including Financial Support Mechanisms: Key tools like the SAFE instrument, EDIP (European Defence Industry Programme), the EDF (European Defence Fund), BraveTechEU, and the ISF (Internal Security Fund) are available to support Member States’ investments in these critical security and defense areas.

Further details on implementation and scaling will be provided shortly:
Following up on the Defence White Paper, the Commission is scheduled to present the Defence Readiness Roadmap in October, which will outline specific actions and milestones.
This work is being executed in close collaboration with Member States and NATO, with Commissioner Kubilius leading the high-level coordination efforts.

One of the EU’s most challenging tasks is simplifying internal procedures, and we expect initiatives also in the technology sector. Could you share some examples of what to expect in order to make the EU a more attractive place for investments? And how might simplifying procedures affect the principles of the AI Act? Is there a risk of undermining them?

The Commission’s central objective is to significantly enhance the attractiveness of the EU for investments by taking bold actions to streamline the regulatory environment and ensure legal clarity, particularly in the digital and technology sectors.
We are committed to making it simpler and more cost-effective to do business in the EU:
We have already successfully presented six Omnibus packages aimed at streamlining existing regulations. For instance, the second package rolled out in February focused specifically on simplifying rules for cross-border business operations and reducing bureaucratic barriers to investment.
Our upcoming work includes a Digital Omnibus package. The goal here is to create an innovation-friendly rulebook. This means making business easier without compromising our high standards of online safety and fairness. We are focused on achieving our regulatory objectives with less paperwork, fewer overlaps, and less complex rules for companies.

In the critical field of Artificial Intelligence, our priority is to provide legal certainty for businesses and markets:
We are committed to the smooth and effective implementation of the landmark AI Act. Our strategy centers on providing clarity and practical guidance.
To achieve this, we are developing essential outreach activities and resources, notably the forthcoming AI Act Service Desk. This Service Desk will function as a central information hub, providing simple, straightforward guidance on the application of the Act. AI services desks in the member states help especially small and medium size companies.
It will offer online interactive tools to help stakeholders easily determine their compliance obligations and will provide the capacity to receive targeted answers to specific legal questions, ensuring a clear path to compliance for innovators.

Finally, as you recently visited Greece: what benefits could the country draw from the security and tech policies you are designing, and how do you expect Greece to contribute to shaping and implementing these policies? Is there a message you would like to send to the Greek authorities?

Greece is positioned to benefit significantly from the EU’s concerted efforts to enhance its security and technological autonomy, acting as a crucial hub for expertise and innovation in the region.
Greece serves as a central pillar for European cybersecurity due to the presence of key EU institutions.
ENISA Hub: With the European Union Agency for Cybersecurity (ENISA) established in Greece acts as a unique hub for European cybersecurity expertise. This presence drives advancements in cybersecurity technologies and practices, benefiting both Greece and the wider EU community.

Greece is also playing an accelerating role in the EU’s flagship technology initiatives:

• AI Factory: The selection of Greece last December to host an EU AI Factory at the DAEDALUS supercomputer is a major endorsement. These AI Factories are designed to foster wider uptake of Artificial Intelligence by Greek companies, providing scalable, efficient, and cost-effective solutions tailored to their industrial needs.
• Quantum Ecosystem: Greece is an emerging and active player in the European Quantum ecosystem. The EU is counting on Greece to build strong synergies between national and EU initiatives, aligning perfectly with the spirit of the recently launched Quantum Europe Strategy.

The overarching movement toward greater European technological sovereignty ultimately benefits all Member States. The message to Greek authorities, businesses, and academia is clear: “The European Union is open for business, innovation, and technological leadership. We must act now, together, to achieve a more secure and technologically sovereign Europe.”