The Eastern Mediterranean and Middle East has very frequently been the theatre of conflict and hence, also, of display and revealing of relevant systems and technologies. The recent crisis of March 2026, however, offers more than a regional security signal. It entailed a hit on the soil of the EU Member State of Cyprus, therefore posing for Europe a strategic warning. Not so much because exact replication of actors or tactics are expected toward other Member States, but rather because what has fundamentally changed is the drone warfare and drone attack logic, which may now be transposed and transferred to within EU borders, thus blurring the civil – military boundary of security.

The critical tech-&-tactical observations to be made here are not simply about the wider use of Unmanned Aerial Systems (UAS), but about the fact that aerial threats increasingly come from UAS that are low-cost, scalable, and adaptive. More worryingly: the characteristics observed in areas of military conflict, such as saturation, autonomy, low observability, and economic asymmetry, are those that make drones attractive also for non-state actors, hybrid operations, and terrorist use in civilian contexts and environments.

The recent crisis further underlines the weaponization of UAS and demonstrates how battlefield innovation can turn into civilian vulnerabilities. Drone swarms, wave-based attacks, autonomous navigation, and the use of off-the-shelf components are operational realities, and in fact very ‘transferable’ to attacks on civilian targets, such as a critical infrastructure node, or a mass event, etc. For European societies, this translates into a growing vulnerability of: mass gatherings (sports events, concerts), critical infrastructures, and even dense urban environments.

In the recent military conflict, one of the most instructive operational lessons, addressing the so-called “asymmetry problem” (i.e. of defending against low-cost threats with high-cost responses), came from the Hellenic Navy’s Frigate HS Psara (F454). What made HS Psara’s response notable was “how” the ship countered the drone threats, which was a combination of: prioritising soft-kill mechanisms (e.g. the “Kentavros/Centaur” Electronic Counter-Measures system) over expensive interceptors and preserving high-value assets for high-value threats, with across-the-board merging of passive detection, layered response, and adaptive decision-making.

Our scope here is of course not of analyzing modern asymmetric naval defensive warfare. It is, however, to investigate whether this paradigm may be transposed to civilian security. The lessons-learnt from the operational and tactical deployments, in the recent March 2026 crisis, clearly show that Drone threats are no longer external, isolated, or exceptional, but they are widely systemic, highly adaptive, and increasingly embedded in the broader security landscape. Civilian environments impose additional constraints of: legal and regulatory frameworks, requirements for proportionality and safety, and of course the sheer fact of proximity to populations. For example: in a crowded stadium, a shopping mall, or a city square, the goal is not simply to “neutralise a drone threat”, but to manage the entire ‘threat-lifecycle’ from early indicators to response, without creating cascading or additional risks to citizens.

Therefore, the European response cannot rely on single tools or isolated measures, but it should combine technology, operational doctrine, regulatory coherence, training and coordination. Within this context, the principles underlying the military-defensive approach remain highly relevant then also for civilian security: Intelligence-led anticipation, Early detection without escalation, Layered and proportionate response, as well as Cost-effective and scalable solutions.

This is precisely where the PRESERVE project contributes, by approaching Drone threats as processes that unfold across multiple digital, physical, and operational domains. The PRESERVE system proposes the integrated logic of combining its SECURE, ODIN, and C2 (Command & Control) products as follows:

• SECURE (Swarm-based Counter-UAS Arsenal)
  Enabling multi-layer detection and response, tailored for complex and scalable threats, including swarms, in operational environments.
• ODIN (Online Drone Intelligence Engine)
  Extending situational awareness into the digital domain, identifying early indicators of threat preparation across online ecosystems.
• C2 Platform
  Integrating data, analysis, and operational decision-making into a unified command environment, supporting timely and proportionate responses.

The relevance of this approach becomes particularly clear in civilian contexts, such as a sports stadium with tens of thousands of spectators, a concert venue or open-air festival, a shopping mall or a dense urban neighbourhood. Within the context of such environments, it becomes very critical for security to understand intent, predict behaviour, and rapidly coordinate response across multiple actors. Consequently, these require interoperability between agencies, integration of intelligence and operations, and above all, shared situational awareness.

Article by Pierantonios Papazoglou , Senior Research Associate in Civil Protection & Safety of Responders at European University Cyprus, and head of Research & Strategy at CERIDES – Center of Excellence in Risk and Decision Sciences

In other words, what is required is an anticipatory and intelligence-driven protection; a “whole-of-system” approach, consistent with modern European resilience thinking. The PRESERVE project contributes to this effort by translating operational lessons into deployable capabilities, tailored not only for high-intensity counter-UAS scenarios, but also for the protection of everyday public life.

When we think about counter-drone technology, we usually picture sensors, jammers, and interceptor drones. Physical countermeasures in physical spaces. But the current landscape of possible threats has a digital dimension that is far less visible and far more legally complex. 

One of the core components of the PRESERVE project is an Online Drone Intelligence Engine designed to crawl the Surface, Deep, and Dark Web for content relevant to drone-related threats. Think: intelligence on weaponised consumer drones, radicalisation content, marketplaces for drone components, and forums where non-state actors share technical knowledge about drone modification,drone swarm operations, etc. 

The security rationale is compelling and so are the legal questions it raises. Questions that the EU regulatory landscape is only beginning to answer coherently. 

1. The compliance puzzle 

Let’s take one of the PRESERVE researched components: a web crawler operating across surface and dark Web environments for law enforcement purposes. This component sits at the intersection of at least three major EU regulatory frameworks simultaneously: the General Data Protection Regulation (GDPR), the Law Enforcement Directive (LED), and the AI Act. Each of those applies differently, and their interaction creates compliance challenges that are genuinely novel. The most basic question is: which rules apply? GDPR administrates personal data processing for general purposes. The LED governs processing of personal data by competent authorities for the prevention, investigation, detection, or prosecution of criminal offences or the execution of criminal penalties. The AI Act lays down rules for the development, the placing on the market, the putting into service and the use of artificial intelligence systems (AI systems). In a R&D project developing tools intended for police use, where the technology is being built and tested by research partners technical teams together with law enforcement, the boundary between these two regimes is not as clear as it might seem. This matters because the obligations differ significantly, in scope, in safeguards, and in the rights afforded to subjects. This creates a design-level problem that current guidance does not address adequately: how do you build a system that must accommodate both LED obligations when deployed by law enforcement and GDPR obligations when researched and tested by developers?  
From a privacy-by-design and ethics-by-design perspectives, the challenge does not end at the research-to deployment boundary. Components developed within R&I projects may also be commercialised for applications beyond law enforcement, for instance private security operators protecting critical infrastructure, airports or large-scale events. In such scenarios, the same underlying technology would operateunder GDPR rather than LED obligations, potentially serving different clients with different legal bases for processing the same categories of data. 

The AI Act adds a further layer of complexity, because it classifies AI systems used in justice and law enforcement, including for profiling, as high-risk under Annex III. The high-risk obligations, such as conformity assessments, risk management systems, transparency, and human oversight, apply regardless of whether the deployer is a police authority or a private operator.  

Designing a system that coherently integrates both data protection regimes while satisfying a common set of AI Act obligations is a challenge for which the regulatory landscape offers limited practical guidance. 

2. Components cannot be treated as standalone 

This system-level challenge is not easy to address within the typical rhythms of R&I project execution. Development sprints organised around individual components, ahead of integration milestones, naturally encourage partners to focus on their own deliverables and favour the temptation to treat their components as standalone. This matters because regulatory requirements are not framed around individual modules but around the system and its intended use case. Technical teams may struggle to see how those requirements apply to their work. 

For example, a web crawler is “just” a data collection infrastructure, a pipeline component that gathers raw material for downstream analysis. The compliance implications, the argument goes, sit with the AI models that process the data, not with the tool that collects it. In complex systems like PRESERVE, this is a misreading of how EU law operates. Under the AI Act, components that contribute to high-risk AI systems inherit requirements through the value chain. A crawler feeding intelligence into a platform that supports police decision-making is not a standalone tool. It is part of an integrated system, and the accuracy of its outputs, what it collects, how it filters, what it misses, has direct consequences on the reliability of everything downstream. False positives mean law enforcement analysts waste time on irrelevant material, or worse, pursue leads based on misidentified content. False negatives mean genuine threats go undetected. Neither outcome is neutral from a compliance perspective. 

3. The coordination challenge 

When supporting compliance in multi-partners EU security research consortia, the challenge is rarely that individual partners lack legal knowledge or do not understand compliance. It is that compliance for integrated systems requires coherent, cross-cutting oversight that transcends organisational silos. The partner developing the crawler may understand GDPR obligations for their component in isolation. The partner building the AI models may understand AI Act requirements for their algorithms. But nobody automatically holds a project-wide view of how data flows from collection through processing to decision support — and how regulatory obligations cascade through that entire chain. This is where independent ethics and compliance monitoring prove essential: not as a bureaucratic checkpoint, but as the connective tissue ensuring that the system as a whole meets the requirements that no single partner could anticipate and address alone. 

4. What this means for EU policy 

First, the regulatory interaction problem is being addressed — but only partially. Joint EDPB-Commission guidelines on the GDPR-AI Act interplay are expected early 2026, and guidance on high-risk use cases and Fundamental Rights Impact Assessments should follow later that year. This is welcome. But the Law Enforcement Directive dimension remains largely absent from the guidance pipeline. The specific scenario that projects like these face — online intelligence tools developed under GDPR research conditions, destined for operational deployment under LED obligations, with AI Act value chain requirements applying throughout — sits at a three-way regulatory intersection that nobody is explicitly addressing. The GDPR-AI Act interaction is being mapped. The LED-AI Act interaction, where it concerns online intelligence for law enforcement, is not. 

Second, the AI Act’s value chain provisions — the principle that components contributing to high-risk systems inherit compliance obligations — need practical implementation guidance for research and development contexts. The principle is sound. The operationalisation remains uncertain. 

5. Regulation as enabler, not obstacle 

None of this is an argument against developing these capabilities. The drone threat is real, evolving, and increasingly digital. Online intelligence is an essential component of any comprehensive counter-UAS strategy. The argument is that embedding compliance from the start — treating regulatory requirements as design parameters rather than afterthoughts — produces tools that are legally sound but also operationally more robust. A crawler that properly categorises data subjects generates cleaner intelligence. Bias mitigation requirements push toward more reliable detection. Regulation, approached this way, is not a barrier to innovation in security technology. It is what makes deployment possible. 

Article by Dr. Lorena Volpini, Senior Researcher & Social Science Lead at CyberEthics Lab. (CEL)

PRESERVE Consortium in Malaga 

The PRESERVE consortium held its 3rd workshop and General Assembly in Málaga on September 24-25th. Organized by CIFAL Málaga , the meeting took place at the historic Hospital Noble, a national landmark in the city center. The venue is located near the Parque de Málaga, the main port and beaches, with a view of the Gibralfaro Castle. Given the recent cold spell across much of Europe, the participants particularly enjoyed the warm and sunny weather. 

After a warm welcome from the hosting organization, the coordinator, Eduardo Villamor Medina , reminded us that this General Assembly also marked the project’s first anniversary. Happy birthday to PRESERVE! In this blog post, we highlight some of the main accomplishments from this first year. 

The innovative paradigm of the PRESERVE project is to consider drone threatsas planned actions that can be detected, intercepted, and neutralised through a combination of online intelligence gathering, multi-sensor fusion, behaviour analysis, and adaptive mitigation. The project addresses a particularly relevant challenge in light of recent incursions by drones at several European commercial and military airports, which have caused flight disruptions. 

The PRESERVE platform incorporates multi-drone detection via the fusion of radar, RF, optical and acoustic sensors to track and analyze the individual drones and the swarm behaviour for possible threatening activities as well as continuous online intelligence monitoring  of the surface web and dark web, monitoring sources such as social media platforms, online marketplaces, incident reports, planned events, and even weather predictions. The collected data is then analysed using state-of-the-art AI-based multilingual language, speech, and image processing components to effectively monitor text, audio, video, and image data. All of the gathered information is then processed by the Risk assessment module which aims to determine the risk of a terrorist attack aiding operators to take decisions on follow-up actions taking into account the context of the incident as well as local and national regulations. 

The use of AI-based algorithms makes it crucial to ensure fairness, prevent bias, and protect sensitive data. PRESERVE gives high priority to privacy and ethical considerations, integrating them from the earliest stages of proto-type and demonstrator design. This “ethics by design” approach ensures proactive compliance with evolving EU and national regulatory requirements, maintaining a balance between security and privacy. 

Overall, the project is progressing according to plan, having successfully completed all 7 deliverables and 3 milestones scheduled for the first year. Project oversight includes continuous risk monitoring, periodic updates of the data catalog, and regular technical meetings involving the Users and Ethics temas. 

One of the main activities of this first project phase was the definition of User Requirements and their mapping to the technical specifications of the PRESERVE prototype. This was accomplished in an iterative fashion during 2 user workshops (+ 13 technical meetings). With these steps now complete, the project has entered its prototyping phase, which will continue over the next six months and culminate at the next consortium meeting in spring 2026. 

The Málaga meeting was packed with updates from all partners and engaging discussions with end-users. On the second day, a visual analytics working session was held, where the functionalities of the dashboard were presented to representatives of the Spanish National Police and the Moldovan Ministry ofInternal Affairs. Their feedback was invaluable for shaping the next iteration of the system. The project has also actively pursued collaborations with other EU projects and with international standards and regulatory organizations, including HRSN, Europol, JRC, ISF COURAGEOUS-2, as well as related project clusters such as AI4SafeEurope and Secure Worship & Public Spaces. Looking ahead, the next steps will focus on further development of the prototype and on testing different sensors in realistic environments using representative drones, in close collaboration with the users. Engagement with Stakeholders and the External Advisory Board will also play a central role in guiding the project’s next phases. 

If you are interested in joining our stakeholder group, please sign up at https://preserve-he.eu/stakeholders-groups/ 

Article by Lori Lamel & Jodie Gauvain Lechapelain , Senior Researcher & Director General (respectively) at Vocapia Research 

As the complexity and autonomy of drone swarm attacks continue to evolve, European security stakeholders face mounting pressure to implement fast, reliable, and lawful countermeasures. These attacks often combine digital planning with real-time execution, exploiting low-cost drone technology and open-source software to operate under the radar—both figuratively and literally. Against this backdrop, PRESERVE proposes a paradigm shift: treating the drone threat not as a momentary breach but as a multi-phase process that can be intercepted and neutralised at several stages. 

The PRESERVE platform, is built around this integrated philosophy. It combines early-stage online intelligence gathering, multi-sensor fusion, behaviour analysis, and adaptive mitigation to offer a complete response chain—capable of detecting, predicting, and neutralising hostile drone activity before it reaches its target. Led technically by ICCS, the system is engineered to operate seamlessly across software and hardware components, unifying digital threat signals and physical sensor data into one coherent threat picture. 

The platform’s detection layer uses a fusion of radar, RF, optical and acoustic sensors to track multiple UAVs in parallel, while filtering out false positives. This sensor fusion is complemented by real-time behavioural analysis, where drone trajectories are monitored for suspicious patterns, such as sudden altitude drops, abnormal speeds, or coordinated formations. These observations feed into a decision engine that assesses threat level and recommends context-aware responses, taking into account the drone’s path, payload, and proximity to critical zones. 

Beyond real-time operations, PRESERVE integrates a digital ecosystem monitoring module designed to detect pre-attack indicators. Using automated scanning of open sources and advanced natural language processing, the system identifies planning activities, procurement attempts, or location references that may indicate an emerging drone threat. These early signals provide critical context to support pre-emptive threat classification and faster response. 

When a threat is confirmed, the platform enables a range of proportionate mitigation responses—from soft disruption (e.g., jamming) to hard neutralisation (e.g., drone interception tools)—depending on legal constraints and operational risk. All actions are coordinated through a scalable command-and-control system, allowing deployment across urban or rural zones, and even enabling multi-site coordination in cross-border environments. 

All of PRESERVE’s hardware and software solutions and platforms will be tested in two Pilot Use-Cases (PUCs), led by LEA partners within the project. The operational scenarios will validate the tools and demonstrate why PRESERVE is an innovative way to counter UAS systems. 

PRESERVE doesn’t just aim to respond to drone attacks—it is designed to anticipate them. By merging intelligence, detection, prediction, and mitigation into one flexible, legally aligned framework, the platform represents a next-generation solution to one of Europe’s most urgent security challenges. 

Article by Nikolaos Peppes , Senior R&D Engineer at Institute of Communication and Computer Systems (ICCS) 

Recent high-profile incidents involving coordinated drone strikes targeting public spaces, infrastructure and other sensitive sites have captured international attention and marked a turning point in the operational use of unmanned aerial systems (UAS). Such tactics are no longer a proof-of-concept but a strategic attack vector that pose growing challenges to law enforcement, critical infrastructure operators and military forces. While the actors, regions, and motivations may differ, many of these incidents share consistent tactical characteristics rooted in saturation, autonomy, and the flexible use of drone technology. 

In most cases, attackers deploy multiple drones simultaneously or in rapid succession to overwhelm detection and neutralisation systems. This saturation tactic is designed to exploit gaps in coverage and response time, making it difficult for conventional countermeasures to isolate and neutralize all incoming UASs effectively. These operations frequently rely on the use of pre-programmed autonomous flight paths, allowing drones to navigate without real-time remote control. This autonomy reduces vulnerability to signal jamming or interference. 

Commonly, the drones are assembled from commercial off-the-shelf components, widely accessible and easily modified for various tactical needs. Payloads are often adapted to local contexts and may include explosives, flammable materials, or electronic warfare tools. Importantly, many attacks include redundant or wave-based strike patterns, where if the first group of drone is intercepted, a second group follows shortly after, either along the same route or using alternate trajectories. 

The overall tactical approach is clear: maximize effect through scale and autonomy, while minimizing cost, traceability, and risk to the attacker. These operations are difficult to detect in advance, particularly when the drones display no active RF emissions, carry low radar signal design, and operate at low altitudes. In some reported cases, planners leveraged commercial-grade components and open-source navigation software, further lowering the technological barrier. 

Looking Ahead: Coordinated multilayered C-UAS for a Coordinated Threat 

To counter this challenge, Europe must develop detection and mitigation solutions aligned with these realities. The PRESERVE project, a Horizon Europe initiative (with Grant Agreement No. 101168392) addresses this by developing a tailored platform integrating online pre-attack intelligence, multimodal sensor fusion, real-time threat assessment, predictive modelling and adaptive response mechanisms to protect against hostile drone swarm attacks. Particularly, it covers: 

• Multi-sensor capabilities and data fusion for detection and situational awareness, including the capacity to monitor multiple objects in parallel under diverse conditions. 

• Online scanning of digital ecosystems to detect pre-attack indicators, giving the ability to anticipate and assess threats. 

• Behaviour analysis and trajectory prediction to support threat assessment and recommendations for appropriate mitigation responses 

• Neutralisation capabilities, combining different response layers that are proportionate, context-aware and aligned with European legal and ethical standards. 

• Scalable and networked system, enabling deployment across diverse environments—urban and rural, national and cross-border—with coordination between sites and jurisdictions. 

By targeting every layer of the attack chain—from digital planning to physical engagement—PRESERVE represents a forward-thinking, that will be validated operationally. 

Article by Eduardo Villamor Medina Senior Project Manager at ETRA. 

🚀 Another step achieved for the PRESERVE Project .  
 
📢 PRESERVE is now included in the European Commission JRC Data Catalogue on EU Drone Projects ! The catalogue, publicly available below, comprises over 600 projects from various EU funding schemes such as Horizon 2020 and Horizon Europe, Internal Security Fund or the European Defence Fund.  
 
📈 Being part of the JRC catalogue is a great opportunity for the PRESERVE Consortium to foster scientific collaboration and exploitation of the project’s results. Disseminating our results with the scientific community is a key pillar of PRESERVE.  
 
🚀 After EUROPOL, collaborating with the JRC is another important step to ensure evidence-based cooperation with end-users, researchers, and policymakers. 
 
Link: https://lnkd.in/dNQWatVn 

📢 Important step for the project. 
 
It was selected by Europol among other EU funded projects, with the support of DGHome, to develop further collaboration with LEAs.  
 
🎯 EUROPOL, through its InnovationLab, will follow the selected projects and support their activities and more specifically pilots, outreach to Law Enforcement Agencies across Europe, disseminating and exploiting their results.  
 
🚀 PRESERVE Project is honoured to be part of this adventure and is looking forward to collaborating with EUROPOL to ensure the EU and its citizens security.