On Wednesday 24 June, the European Commission unveiled a proposed regulation to reform the Europol agency, with a view to its next mandate scheduled for 1 January 2028. In a context where “criminal activities are now often designed, coordinated and scaled transnationally from the start”, it wants once and for all to eliminate the compartmentalisation of national tools in favour of a fully interconnected operating model.
The reform reorganises Europol around three key functions. The first is to turn it into a “global information hub”, centralising data flows in order to provide national authorities with a complete, real-time map of transnational crime.
The agency would also become a “technological innovation hub” by pooling the development of cutting-edge tools — notably based on artificial intelligence — for the complex analysis of unstructured data. The aim is to bridge the technical gap between the EU27, with criminal networks exploiting digital infrastructures “that no single Member State can effectively counter alone”, the Commission notes.
Integration at national level. In addition, the proposal turns Europol into an “integrated operational hub”. More than simply a platform for exchanging bilateral messages, the agency would be involved in the Member States from the very start of investigations.
This new feature is based on the creation of “Europol Support Offices” within the states that request them. Made up of experts from national police forces, these structures would operate under a dual chain of command, reporting both to Europol and to local authorities. Their mission would be to integrate the agency’s criminal analysis capabilities directly into the heart of investigations.
At the same time, the Commission is setting up “Operational Expertise Centres” specifically targeting so-called hybrid threats, such as ransomware cyberattacks, sabotage of critical infrastructure or the organised instrumentalisation of migratory flows.
The text stresses that “fragmentation remains one of the main weaknesses of the European security response” and that these centres would make it possible to concentrate expertise in priority areas requiring “sustained action at Union level”.
Legal safeguards. The extension of Europol’s data analysis capabilities is accompanied by strict alignment with the General Data Protection Regulation (GDPR). The text imposes rigorous legal safeguards, since the agency would be under a legal obligation to reassess the need to retain each item of personal data collected every three years, with the absolute maximum storage period set at five years.
Lastly, the Commission insists on respect for national sovereignty, with the draft regulation explicitly stipulating that Europol “should not exercise coercive powers” or carry out arrests or searches on the ground — those powers remaining the exclusive competence of Member States’ police forces.
Massive investment plan. To implement this reform, the Commission is considering a sharp increase in the budget devoted to it under the next Multiannual Financial Framework (MFF).
Thus, the deployment of digital infrastructure, the strengthening of the expertise centres and the recruitment of specialised staff would represent an extra cost to the EU budget of €1.053 billion in additional appropriations, the institution estimates. This record amount would bring the overall budget allocated to Europol to almost €3 billion for the period 2028-2034.
For their part, the Member States will have to invest a collective €590 million, among other things, to adapt their own national IT systems and guarantee technical interoperability with the agency.
The Commission justifies this spending by pointing to major economies of scale: according to it, such centralisation of resources should generate direct savings estimated at €42 million over the period 2028-2034, thanks to the elimination of duplicate national investments.
To see the Commission’s proposal: https://aeur.eu/f/mjg (Original version in French by Justine Manaud)