There is now a clear campaign underway by Russia’s drones and its shadow fleet to bring disruption and sometimes chaos to Europe’s airspace and sea lanes. How can European NATO respond?
The evidence of Russian involvement is clear. And while in itself this is not new, the scale of the Kremlin’s operations has been accelerating since the drone attack on Poland on September 9-10.
Most visibly, drones have closed operations at two of the continent’s biggest airports at Copenhagen and Munich, but there have been many other incursions, including formations of unmanned aerial vehicles over military bases. Danish and German leaders have made clear they believe Russia is behind the string of at least 42 incidents up to October 6.
As Germany’s Chancellor Friedrich Merz said on September 29: “Let me put it in a sentence that may be a little shocking at first glance . . . we are not at war, but we are no longer at peace [with Russia] either.”
What to do? Firstly, the response must be lawful, fast, and visible.
Poland invoked consultations under NATO’s Article 4 in September, and NATO deployed Airborne Warning and Control System (AWACS) aircraft to reinforce surveillance along the eastern flank. These actions are necessary to monitor and reassure, but they remain reactive. More surveillance reveals more violations without deterring them. The rising tempo is straining Europe’s response capacity, leaving allies stuck in a cycle of observation.
It needs to impose costs.
First, deal with hostile drones in ways that do not put civil aviation at risk. EUROCONTROL and the European Union Aviation Safety Agency (EASA) caution that jammers can interfere with satellite navigation signals, which makes them unsafe to use near airports.
A safer approach is layered detection combined with non-jamming defeat methods that produce evidence usable in court. Governments should allow police or gendarmerie helicopter teams to operate with military sensor support, permit radio-frequency takeover tools that meet aviation standards, use net capture or frangible-round interceptors where rules allow, and keep a full chain of custody so incidents can be publicly attributed.
Second, lawfully detain shadow fleet vessels for long enough to impose real costs. Within territorial seas and ports, coastal authorities and Port State Control (PSC) officers can demand documents, check crews and safety standards, and hold non-compliant ships under the Paris Memorandum of Understanding and International Maritime Organization procedures.
Denmark and Sweden already use Vessel Traffic Services in the Danish Straits, a natural choke point. Authorities can direct high-risk tankers to anchor, inspect their registry and protection and indemnity (P&I) insurance, and hold them until deficiencies are corrected or courts rule. This effect can be multiplied by joint inspection teams supported by prosecutors on call.
Get the Latest
Sign up to receive regular emails and stay informed about CEPA’s work.
Third, respond to cyber operations with lawful reciprocity. International law allows unfriendly but legal acts, called retorsions, and proportionate countermeasures when facing a wrongful act. In practice, this can mean disabling hostile command-and-control servers, seizing illegal jammers and drone controllers, excluding offending entities from European hosting, and shutting down unlawful transmissions. Each action should be reviewed to ensure it remains legal, proportionate, and safe for civil aviation.
Fourth, use sanctions and maritime services to create leverage at sea. The European Union’s (EU’s) latest package lowered the oil price cap to $47.60 per barrel with the aim of keeping it 15% below the Urals benchmark. Member states should enforce this in ports and coastal waters by requiring verifiable P&I insurance and registry, denying services to evasive carriers, and targeting high-risk ships through the European Maritime Safety Agency’s (EMSA) THETIS database.
THETIS is the central inspection and detention system used by European port authorities to record results, flag high-risk ships, and track enforcement. A dedicated shadow-fleet cell inside THETIS, fed by Automatic Identification System (AIS) anomalies and opaque ownership flags, would increase detentions and force costly rerouting and delays.
Fifth, speed up and simplify public reporting. NATO members should release verified radar tracks, inspection records, or satellite images within hours to show what happened, deter repeats, and maintain public confidence. The European Aviation Safety Agency (EASA), EUROCONTROL, and the International Civil Aviation Organization (ICAO) provide reporting standards that allow quick, defensible releases without revealing sensitive information.
NATO’s Combined Air Operations Centers (CAOCs) at Uedem and Torrejón could manage a standing 24-hour release protocol so each violation produces a documented response and, if necessary, a controlled intercept.
The logical question is why these steps are not already standard. The answer lies in legal limits, aviation safety rules, and strict evidentiary requirements that make governments cautious.
Drone countermeasures must be cleared for use near airports, maritime detentions must follow international law, and every action must produce evidence strong enough for use in court. For these proposals to become routine practice, they need firm legal mandates, agreed operating procedures, and resources to document and review each action quickly.
Will Russia retaliate? Very possibly, but the risk can be mitigated by acting strictly within the law and emphasizing safety: no broad jamming near airports, no interdictions that violate the law of the sea, and no covert launches from allied territory.
By keeping actions legal and transparent, NATO members deny Russia an escalation narrative while still imposing real costs on its shadow campaigns.
Europe faces a contest of nerves and law. Once backed by legal authority and standardized procedures, the five measures are immediate, defensible, and reversible if Russia ends its campaign. Used together, they can raise costs today and build lasting deterrence tomorrow.
George Janjalia is the Operations Director for a security risk management company in Ukraine, with a focus on fortifying business continuity and organizing security programs tailored for high-risk areas. Previously, he was a special forces and military intelligence officer in the Georgian military.
Europe’s Edge is CEPA’s online journal covering critical topics on the foreign policy docket across Europe and North America. All opinions expressed on Europe’s Edge are those of the author alone and may not represent those of the institutions they represent or the Center for European Policy Analysis. CEPA maintains a strict intellectual independence policy across all its projects and publications.
Europe’s Edge
CEPA’s online journal covering critical topics on the foreign policy docket across Europe and North America.