Global election integrity, hybrid threats, and national case studies

The global landscape of election integrity faces an increasingly complex and multifaceted threat environment characterized by the convergence of AI-driven disinformation, crypto-enabled dark finance, spyware operations, and foreign influence campaigns. This hybrid warfare paradigm targets democratic processes worldwide, with distinct national and regional manifestations that test the resilience of electoral systems and compel coordinated policy and operational responses.

---

Growing Hybrid Threats to Election Integrity: A Global Overview

Technological advances have dramatically transformed the tools and tactics adversaries use to interfere in elections:

• AI-Generated Disinformation and Deepfakes: Synthetic media and AI-driven content manipulation have become normalized tools for influencing voter perceptions. These capabilities enable rapid, scalable dissemination of false narratives, complicating detection and countermeasures. For example, AI-enhanced CERTs (Cyber Emergency Response Teams) are now essential to detect and neutralize such threats in real time.

• Cryptocurrency and Illicit Finance: The Financial Action Task Force (FATF) has reported that at least five major cryptocurrency exchanges continue to facilitate Russian sanctions evasion, perpetuating illicit financial flows that sustain hybrid operations. The recent exposure of nearly $1.7 billion in Iran-linked cryptocurrency transactions aimed at covert political influence exemplifies the scale and opacity of these dark finance networks.

• Spyware and Covert Surveillance: Regional incidents, such as the February 2026 conviction of four individuals in Greece for involvement in a major spyware and wiretapping scandal, highlight the persistent threat of surveillance tools undermining voter privacy and democratic integrity.

• Foreign Influence and Disinformation Campaigns: Illiberal regimes weaponize digital platforms and traditional media to amplify divisive narratives. Hungary’s intensified anti-Ukraine and anti-Brussels disinformation campaigns, which spill over into neighboring Bulgaria, demonstrate how regional actors exploit linguistic, cultural, and political ties to destabilize democratic processes.

---

EU and UK Policy Responses: Conceptualizing Election Security as Hybrid, Cognitive Warfare

The European Union and the United Kingdom have formalized election interference as a cognitive and grey-zone warfare challenge, integrating it into broader national security frameworks:

• At the February 2026 Foreign Affairs Council, EU High Representative Kaja Kallas declared, “Wars are fought with lies and algorithms,” emphasizing the necessity of addressing disinformation alongside kinetic threats.

• The EU’s Digital Services Act (DSA) enforces rigorous platform accountability, exemplified by the Berlin Regional Court’s landmark order compelling Elon Musk’s platform X to disclose granular data related to Hungary’s 2024 parliamentary elections. This judicial action underscores a shift from voluntary platform self-regulation toward binding transparency mandates aimed at dismantling foreign interference vectors.

• The UK has intensified sanctions against hybrid threat actors, including the February 2026 sanctions on two Georgian pro-government TV channels accused of disseminating Russian disinformation. UK Defence Minister Heligan identified Russian grey-zone tactics as the country’s “most immediate security threat,” reflecting a strategic prioritization of hybrid threat mitigation.

• However, the United States’ constitutional protections, notably the First Amendment, constrain federal regulatory reach over platform content, fostering a transatlantic regulatory divergence. Compounding this, U.S. Secretary of State Marco Rubio’s February 18, 2026, internal guidance instructing envoys to “slam brakes” on foreign data localization mandates signals diplomatic friction over digital sovereignty approaches, complicating unified responses.

---

Bulgaria: A Concrete Case Study in Hybrid Threat Mitigation and Electoral Resilience

Bulgaria’s caretaker government, led by Prime Minister Andrey Gyurov, exemplifies a proactive national response within this challenging environment. With elections scheduled in 2026, Bulgaria has enacted a comprehensive suite of technological, legal, and institutional reforms that align with and reinforce broader Euro-Atlantic strategies:

• AI-Enhanced CERTs: Bulgaria’s Cyber Emergency Response Teams now utilize advanced AI analytics to detect and combat deepfakes, synthetic media, and coordinated disinformation campaigns in real time. This capability is critical to countering automated, large-scale malign influence operations.

• Ban on Cryptocurrency Electoral Donations: In response to the risks posed by illicit crypto financing, Bulgaria has implemented a sweeping ban on electoral donations from non-transparent or foreign-controlled crypto sources. This measure fortifies electoral finance transparency in line with FATF standards and EU AML directives.

• Real-Time AI and Blockchain-Based Disclosure Portal: The government has launched an innovative digital platform mandating instantaneous reporting of all political financing. AI algorithms monitor disclosures for anomalies, while blockchain technology ensures transparency and traceability, particularly in complex financial flows involving cryptocurrencies.

• Voter Registration Cybersecurity: Enhanced cybersecurity protocols and decentralization of voter data systems protect against tampering and preserve the integrity and confidentiality of voter rolls, reinforcing public trust.

• Euro-Atlantic Intelligence and Legal Cooperation: Bulgaria actively participates in real-time intelligence sharing with EU, NATO, and allied partners to identify and disrupt transnational disinformation and illicit finance networks. By supporting EU sanctions against individuals linked to Russian aggression and engaging in FATF plenaries, Bulgaria contributes to a coordinated international effort to uphold democratic norms.

• Regional Context and Pressures: Bulgaria’s reforms occur amid significant regional challenges, including Hungary’s anti-Ukraine disinformation campaigns, which seek to influence public opinion beyond its borders, and the recent Greek spyware convictions illustrating regional vulnerabilities. Bulgaria’s alignment with EU sanctions and judicial mechanisms further embeds it in a resilient democratic defense ecosystem.

---

Mapping National Measures onto Broader Transatlantic Strategies

Bulgaria’s approach reflects and reinforces several broader transatlantic imperatives:

• Holistic Hybrid Threat Integration: Recognizing election interference as a multidimensional challenge encompassing digital, financial, and kinetic elements, Bulgaria’s combined technological and legal reforms mirror EU and UK frameworks emphasizing cognitive warfare responses.

• Bridging Regulatory and Operational Gaps: Bulgaria’s stringent crypto donation ban and AI-powered transparency mechanisms confront vulnerabilities that arise from fragmented international regulatory regimes, including the U.S.–EU divide over platform governance and data localization.

• Coordinated Sanctions and Financial Controls: By aligning with EU sanctions and FATF recommendations, Bulgaria contributes to a collective effort to choke off illicit funding sources that underpin hybrid campaigns, complementing wider transatlantic sanctions enforcement.

• Intelligence Sharing and Legal Cooperation: Bulgaria’s active participation in Euro-Atlantic intelligence exchanges and judicial cooperation exemplifies how national efforts can integrate into broader networks that enable rapid threat detection and response.

• Promoting Democratic Resilience in a Contested Region: Bulgaria’s model sets critical standards for neighboring states grappling with similar hybrid threats, offering practical lessons on deploying cutting-edge technology, enacting robust legal frameworks, and fostering international partnerships.

---

Implications and Strategic Outlook

The evolving hybrid threat environment demands sustained vigilance and innovation:

• Adversaries’ increasing sophistication, particularly in AI-enabled disinformation and complex financial crime, requires ongoing investment in advanced detection and enforcement tools.

• Maintaining public trust through transparent, accountable governance and civic engagement is essential to countering the corrosive effects of foreign interference.

• Bridging the transatlantic regulatory divide—especially reconciling the EU’s assertive platform accountability with U.S. constitutional protections and diplomatic concerns—remains urgent to present a coherent front against hybrid threats.

• Expanding international cooperation to include emerging democracies and conflict-affected regions is critical to building a resilient global democratic architecture.

---

Conclusion

In an era where elections are increasingly contested battlefields of hybrid warfare, the integration of AI-driven countermeasures, stringent crypto finance regulations, enhanced cybersecurity, and robust international collaboration is essential to safeguarding democratic integrity. Bulgaria’s caretaker government’s proactive reforms offer a concrete, replicable case study of how national measures can be effectively mapped onto broader EU, UK, and transatlantic strategies to confront the growing threat environment.

Meanwhile, the regional context—marked by Hungary’s disinformation campaigns, Greek spyware convictions, and coordinated Western sanctions—illustrates the complex interplay between national vulnerabilities and global geopolitical dynamics. Only through relentless innovation, principled leadership, and unified cross-sectoral efforts can democracies withstand the mounting pressures of 21st-century hybrid threats and preserve the legitimacy of their electoral processes.