REFLECT
European Resilience Summit London
From fragmentation to strategic resilience
The European Resilience Summit in London did not deliver a single unifying narrative, nor did it attempt to. What it revealed instead was something more fundamental: Europe’s resilience challenge is not a collection of isolated issues, but a systemic condition that cuts across infrastructure, governance, and society.
TEXT: SANDER HULSMAN IMAGES: EUROPEAN RESILIENCE SUMMIT
Across keynotes, panels, breakouts, and Doc-Read sessions, a consistent pattern emerged. Europe is not constrained by a lack of capability, technological sophistication, or even awareness. The real constraint lies in the misalignment between how European systems are structured and how modern disruptions actually unfold. Resilience, in that sense, is no longer about protection or recovery. It is about maintaining coherence under pressure, across systems that were never designed to act as one.
Geopolitical framing
The geopolitical framing that set the tone for the summit made clear that the nature of disruption has fundamentally changed. The world is no longer shaped by clearly bounded conflicts or stable alliances, but by overlapping crises and strategic ambiguity. Disruptions do not occur in isolation; they move across cyber, physical, economic, and informational domains, often reinforcing one another.
In such an environment, Europe’s deep interconnectedness becomes a double-edged sword. The same dependencies that enable scale and efficiency also create pathways for systemic vulnerability. Resilience is therefore no longer tested by singular events, but by the interaction of multiple, simultaneous pressures.
Cyber as strategic layer
Within that context, cyber has evolved beyond its traditional role as a technical discipline. It now operates as a strategic layer that influences geopolitical outcomes, shapes narratives, and intersects directly with physical infrastructure. Despite this shift, many organisations continue to approach cyber risk in fragmented ways. Structures remain siloed, communication between technical and executive layers is often insufficient, and supply chain vulnerabilities persist. This creates a growing asymmetry in which threats operate systemically, while responses remain largely tactical. The implication is clear: cyber resilience breaks down not because of technological shortcomings, but because coordination fails across organisational and sectoral boundaries.
Failures emerge in the interactions between systems, where dependencies are not fully understood
Far beyond cybersecurity
This pattern of fragmentation extends far beyond cybersecurity. A recurring insight throughout the summit was the paradox that Europe is highly prepared at the local level, yet insufficiently resilient at the systemic level. Organisations, sectors, and national governments have invested heavily in preparedness. Plans are in place, procedures are defined, and responsibilities are often clearly assigned.
Yet when disruptions propagate across borders and infrastructures, these well-designed systems begin to falter. The issue is not a lack of competence, but a lack of alignment. Failures emerge in the interactions between systems, where dependencies are not fully understood, decision-making is not synchronised, and no single actor has the mandate to stabilise cascading effects. In this sense, resilience cannot be addressed at the level where it visibly breaks, because that level is merely where deeper structural misalignments surface.
Ensuring continuity essential systems
The debate around digital sovereignty reflects a similar evolution in thinking. What was once framed in political or ideological terms is increasingly understood as an operational necessity. The summit made clear that digital sovereignty is not about replacing one technology provider with another, nor about retreating into technological isolation. It is about ensuring that essential systems continue to function under adverse conditions.
Recent incidents have demonstrated how vulnerable centralised digital ecosystems can be, whether due to technical failure or geopolitical pressure. These events have shifted the conversation toward a more pragmatic focus on optionality, portability, and the ability to operate independently when required. The emerging language reflects this shift. Rather than sovereignty in the abstract, the emphasis is moving toward self-sufficiency under stress, a concept that captures the practical realities organisations must prepare for.
Concept of federation
If there was a unifying architectural principle underpinning the summit, it was the concept of federation. Europe’s inherent structure is distributed, composed of independent actors operating within different jurisdictions and sectors. Attempting to centralise this landscape is neither feasible nor desirable.
Federation offers an alternative by enabling these actors to remain autonomous while becoming interoperable through shared standards and interfaces. In such a model, coordination is not imposed through control, but achieved through design. Trust is no longer assumed as a given between actors; it is engineered into the infrastructure through transparent rules, verifiable identities, and standardised interactions. This represents not just a technical shift, but a governance transformation, one that aligns more closely with the realities of a fragmented yet interconnected Europe.
The idea of a Common Operating Picture continues to surface as a necessary capability
Absence of shared situational awareness
Yet even with the right architectural principles in place, a critical gap remains in how Europe perceives and interprets unfolding events. One of the most pressing challenges identified during the summit is the absence of shared situational awareness. The issue is not a lack of data. Signals exist across cybersecurity systems, infrastructure operators, government agencies, and private networks.
The problem lies in fragmentation and interpretation. Information is distributed, understood differently by different actors, and rarely synchronised in a way that enables coordinated action. The idea of a Common Operating Picture continues to surface as a necessary capability, but its implementation remains complex. Questions around data sharing, governance, thresholds, and trust are still unresolved. As long as these questions persist, Europe remains structurally blind at the seams, precisely where modern hybrid threats are designed to operate.
Human dimension of resilience
Amid these structural and technological discussions, the summit repeatedly returned to the human dimension of resilience. Ultimately, systems do not respond to crises; people do. Decision-making under pressure introduces variables that cannot be fully engineered away. Cognitive overload, misaligned incentives, limited understanding of systemic risk, and susceptibility to disinformation all influence how effectively organisations respond to disruption.
At the same time, human behaviour is not a fixed constraint. It can be shaped, measured, and strengthened. This has led to a growing recognition that resilience must incorporate behavioural factors as a core component, rather than treating them as secondary considerations. Training, governance, and organisational design all play a role in ensuring that human responses contribute to stability rather than amplify instability.
Disconnect between knowledge and action
Perhaps the most striking observation across the summit is that many of these challenges are already well understood. The gap lies not in awareness, but in execution. Despite widespread recognition of the importance of digital sovereignty, investment and implementation remain uneven. Governance frameworks for emerging technologies continue to lag behind their adoption. Resilience is still too often treated as a technical or operational concern, rather than as a strategic priority at the leadership level.
This disconnect between knowledge and action represents one of the most significant barriers to progress. Without alignment at the level of leadership, even the most sophisticated strategies remain theoretical.
Redefinition of resilience
What ultimately emerged from London is a redefinition of resilience itself. It is no longer sufficient to think in terms of prevention, recovery, or stability. In a world defined by continuous disruption, resilience is the ability to operate through instability, to adapt in real time, and to maintain coherence across systems that are under constant pressure. It is not about avoiding failure, but about ensuring that failure does not cascade into systemic breakdown.
Five strategic takeaways
- Resilience is a systems problem
Failures occur between systems, not within them. Solutions must operate at that level. - Dependencies are the new risk surface
What enables scale also creates vulnerability. Managing dependencies is central to resilience. - Federation is Europe’s natural model
Centralization is neither realistic nor desirable. Interoperability is the path forward. - Situational awareness is the foundation of action
Without shared understanding, coordination is impossible. - Leadership determines outcomes
Technology, frameworks, and strategies already exist. Execution depends on leadership alignment.
From discussion to implementation
The European Resilience Summit in London did not attempt to resolve Europe’s resilience challenges. Instead, it made them visible in a way that is both structured and actionable. It demonstrated that resilience is not confined to a single domain, but functions as an operating model for an interconnected system under pressure.
The implication is that the next phase cannot be about further analysis alone. The contours of the problem are now sufficiently clear. What remains is the transition from understanding to implementation.
Because resilience is ultimately not measured by how well systems are designed, but by whether they continue to function when the assumptions behind that design no longer hold. And that moment is no longer theoretical. 
European Resilience Summit London
From fragmentation to strategic resilience
The European Resilience Summit in London did not deliver a single unifying narrative, nor did it attempt to. What it revealed instead was something more fundamental: Europe’s resilience challenge is not a collection of isolated issues, but a systemic condition that cuts across infrastructure, governance, and society.
TEXT: SANDER HULSMAN IMAGES: EUROPEAN RESILIENCE SUMMIT
Across keynotes, panels, breakouts, and Doc-Read sessions, a consistent pattern emerged. Europe is not constrained by a lack of capability, technological sophistication, or even awareness. The real constraint lies in the misalignment between how European systems are structured and how modern disruptions actually unfold. Resilience, in that sense, is no longer about protection or recovery. It is about maintaining coherence under pressure, across systems that were never designed to act as one.
Geopolitical framing
The geopolitical framing that set the tone for the summit made clear that the nature of disruption has fundamentally changed. The world is no longer shaped by clearly bounded conflicts or stable alliances, but by overlapping crises and strategic ambiguity. Disruptions do not occur in isolation; they move across cyber, physical, economic, and informational domains, often reinforcing one another.
In such an environment, Europe’s deep interconnectedness becomes a double-edged sword. The same dependencies that enable scale and efficiency also create pathways for systemic vulnerability. Resilience is therefore no longer tested by singular events, but by the interaction of multiple, simultaneous pressures.
Cyber as strategic layer
Within that context, cyber has evolved beyond its traditional role as a technical discipline. It now operates as a strategic layer that influences geopolitical outcomes, shapes narratives, and intersects directly with physical infrastructure. Despite this shift, many organisations continue to approach cyber risk in fragmented ways. Structures remain siloed, communication between technical and executive layers is often insufficient, and supply chain vulnerabilities persist. This creates a growing asymmetry in which threats operate systemically, while responses remain largely tactical. The implication is clear: cyber resilience breaks down not because of technological shortcomings, but because coordination fails across organisational and sectoral boundaries.
Failures emerge in the interactions between systems, where dependencies are not fully understood
Far beyond cybersecurity
This pattern of fragmentation extends far beyond cybersecurity. A recurring insight throughout the summit was the paradox that Europe is highly prepared at the local level, yet insufficiently resilient at the systemic level. Organisations, sectors, and national governments have invested heavily in preparedness. Plans are in place, procedures are defined, and responsibilities are often clearly assigned.
Yet when disruptions propagate across borders and infrastructures, these well-designed systems begin to falter. The issue is not a lack of competence, but a lack of alignment. Failures emerge in the interactions between systems, where dependencies are not fully understood, decision-making is not synchronised, and no single actor has the mandate to stabilise cascading effects. In this sense, resilience cannot be addressed at the level where it visibly breaks, because that level is merely where deeper structural misalignments surface.
Ensuring continuity essential systems
The debate around digital sovereignty reflects a similar evolution in thinking. What was once framed in political or ideological terms is increasingly understood as an operational necessity. The summit made clear that digital sovereignty is not about replacing one technology provider with another, nor about retreating into technological isolation. It is about ensuring that essential systems continue to function under adverse conditions.
Recent incidents have demonstrated how vulnerable centralised digital ecosystems can be, whether due to technical failure or geopolitical pressure. These events have shifted the conversation toward a more pragmatic focus on optionality, portability, and the ability to operate independently when required. The emerging language reflects this shift. Rather than sovereignty in the abstract, the emphasis is moving toward self-sufficiency under stress, a concept that captures the practical realities organisations must prepare for.
Concept of federation
If there was a unifying architectural principle underpinning the summit, it was the concept of federation. Europe’s inherent structure is distributed, composed of independent actors operating within different jurisdictions and sectors. Attempting to centralise this landscape is neither feasible nor desirable.
Federation offers an alternative by enabling these actors to remain autonomous while becoming interoperable through shared standards and interfaces. In such a model, coordination is not imposed through control, but achieved through design. Trust is no longer assumed as a given between actors; it is engineered into the infrastructure through transparent rules, verifiable identities, and standardised interactions. This represents not just a technical shift, but a governance transformation, one that aligns more closely with the realities of a fragmented yet interconnected Europe.
The idea of a Common Operating Picture continues to surface as a necessary capability
Absence of shared situational awareness
Yet even with the right architectural principles in place, a critical gap remains in how Europe perceives and interprets unfolding events. One of the most pressing challenges identified during the summit is the absence of shared situational awareness. The issue is not a lack of data. Signals exist across cybersecurity systems, infrastructure operators, government agencies, and private networks.
The problem lies in fragmentation and interpretation. Information is distributed, understood differently by different actors, and rarely synchronised in a way that enables coordinated action. The idea of a Common Operating Picture continues to surface as a necessary capability, but its implementation remains complex. Questions around data sharing, governance, thresholds, and trust are still unresolved. As long as these questions persist, Europe remains structurally blind at the seams, precisely where modern hybrid threats are designed to operate.
Human dimension of resilience
Amid these structural and technological discussions, the summit repeatedly returned to the human dimension of resilience. Ultimately, systems do not respond to crises; people do. Decision-making under pressure introduces variables that cannot be fully engineered away. Cognitive overload, misaligned incentives, limited understanding of systemic risk, and susceptibility to disinformation all influence how effectively organisations respond to disruption.
At the same time, human behaviour is not a fixed constraint. It can be shaped, measured, and strengthened. This has led to a growing recognition that resilience must incorporate behavioural factors as a core component, rather than treating them as secondary considerations. Training, governance, and organisational design all play a role in ensuring that human responses contribute to stability rather than amplify instability.
Disconnect between knowledge and action
Perhaps the most striking observation across the summit is that many of these challenges are already well understood. The gap lies not in awareness, but in execution. Despite widespread recognition of the importance of digital sovereignty, investment and implementation remain uneven. Governance frameworks for emerging technologies continue to lag behind their adoption. Resilience is still too often treated as a technical or operational concern, rather than as a strategic priority at the leadership level.
This disconnect between knowledge and action represents one of the most significant barriers to progress. Without alignment at the level of leadership, even the most sophisticated strategies remain theoretical.
Redefinition of resilience
What ultimately emerged from London is a redefinition of resilience itself. It is no longer sufficient to think in terms of prevention, recovery, or stability. In a world defined by continuous disruption, resilience is the ability to operate through instability, to adapt in real time, and to maintain coherence across systems that are under constant pressure. It is not about avoiding failure, but about ensuring that failure does not cascade into systemic breakdown.
Five strategic takeaways
- Resilience is a systems problem
Failures occur between systems, not within them. Solutions must operate at that level. - Dependencies are the new risk surface
What enables scale also creates vulnerability. Managing dependencies is central to resilience. - Federation is Europe’s natural model
Centralization is neither realistic nor desirable. Interoperability is the path forward. - Situational awareness is the foundation of action
Without shared understanding, coordination is impossible. - Leadership determines outcomes
Technology, frameworks, and strategies already exist. Execution depends on leadership alignment.
From discussion to implementation
The European Resilience Summit in London did not attempt to resolve Europe’s resilience challenges. Instead, it made them visible in a way that is both structured and actionable. It demonstrated that resilience is not confined to a single domain, but functions as an operating model for an interconnected system under pressure.
The implication is that the next phase cannot be about further analysis alone. The contours of the problem are now sufficiently clear. What remains is the transition from understanding to implementation.
Because resilience is ultimately not measured by how well systems are designed, but by whether they continue to function when the assumptions behind that design no longer hold. And that moment is no longer theoretical.