On Tuesday 28 April, Europol published its annual threat assessment report on Internet Organised Crime Threat Assessment (IOCTA). Its findings are indisputable: cybercrime is no longer just a technical risk, but a structural threat to the economic stability and security of the entire Union.
The report begins by highlighting the industrialisation of criminal methods. “Cybercriminals are rapidly exploiting advanced technologies (...) to enhance the speed, efficiency, and scope of their illicit activities”, warns Catherine De Bolle, Executive Director of Europol. This phenomenon is underpinned by a thriving underground ecosystem based on ‘crime-as-a-service’, where hybrid actors and criminals collaborate to compromise strategic targets, exchanging intrusion tools and stolen databases.
Ransomware - a malicious software that blocks a victim’s data and devices, demanding a cryptocurrency ransom to restore access - remains a dominant threat, with more than 120 active brands observed by Europol in 2025. The report states that criminals are now using multi-layered extortion tactics: “The extortion model continues shifting from encrypting data to pressuring victims to pay for their data to not be released”.
Generative AI also plays a pivotal role in enabling fraudsters to “personalise social engineering techniques, making them more convincing and dangerous”. In particular, it enables EU citizens to be targeted on a large scale, breaking down linguistic and geographical barriers. Europol is also concerned about the emergence of agentic AI, capable of automating entire criminal processes without human intervention.
Finally, Europol is sounding the alarm on child sexual abuse material (CSAM). While the report highlights a worrying rise in the production of AI-generated paedophile content, the number of reports relating to financial extortion has also risen, by around 70% between the first half of 2024 and 2025.
The agency is therefore calling for greater international cooperation and urgent adaptation of legal frameworks, especially following the expiry of the ePrivacy Directive derogation regime (see EUROPE 13838/10), since “the widespread use of end-to-end encryption platforms creates significant investigative blind spots”, hampering the identification of suspects and victims.
Read the full Europol report: https://aeur.eu/f/lq7 (Original version in French by Justine Manaud)