Hostile foreign powers no longer need hackers or armies to target the European Union — they can now do it with investment portfolios, shareholder votes and sustainability checklists.
According to a new report by Belgium’s Egmont Institute, a Brussels-based security think-tank, environmental, social and governance (ESG) investment standards and other legal financial tools were being increasingly used to exert covert influence over European companies — potentially weakening their competitiveness and security.
“We need to make sure the EU’s digital infrastructure and industry are secure — not just connected and green,” said Executive Vice-President for Tech Sovereignty, Security and Democracy, Henna Virkkunen recently.
Virkkunen has called for more funding and better co-ordination on cybersecurity, particularly to protect sectors including healthcare, energy and manufacturing. Her priorities included stricter cybersecurity requirements for digital products and more support for EU companies developing secure technologies at home.
Although her work focused on digital threats, the Egmont Institute warned of a parallel and often overlooked danger: Foreign financial influence that operated fully within the law.
The study argued that certain legal financial instruments — including ESG-related measures, minority shareholdings, and investment vehicles — may be used as tools of strategic influence, allowing foreign actors to shape decisions within European companies.
Many of the tactics described in the study — such as using shareholder influence, legal financial tools, or ESG demands to sway company behaviour — resembled strategies previously attributed to countries including Russia and China. Both have been known to seek leverage over critical European sectors through methods that appeared legal but served broader geopolitical goals.
These tactics were described as “subtle” but potentially damaging. According to the report, foreign investors could pressure companies to disclose sensitive commercial information under the guise of sustainability or transparency.
Others may use complex financing schemes such as convertible loans to gain eventual control over start-ups and small tech firms in key sectors. Even activist shareholders, the report noted, could legally push for changes in company behaviour that aligned more with foreign political interests than with market or public goals.
The report also raised concerns about the growing use of identity fraud tools — including deepfakes and synthetic identities — that could obscure who actually controlled any given investment.
This, it said, could defeat existing due diligence and risk assessment processes, making it harder for regulators or firms themselves to spot when a transaction was part of a broader strategy to weaken EU strategic autonomy.
Importantly, the Egmont Institute emphasised that many existing safeguards — such as foreign direct investment (FDI) screening, anti-money laundering (AML) systems and due diligence frameworks — were not designed to identify these kinds of tactics.
The report argued for new tools that went beyond detecting illegality and focused instead on intent and strategic impact.
It also called for more collaboration between financial regulators, intelligence agencies and private firms to respond early and prevent foreign actors from gaining influence over companies tied to national security or critical supply chains.
Rather than proposing specific laws, the study encouraged a shift in thinking: Seeing legal financial influence as a potential national security issue, not just an economic one.