Compossible – that which can live together

THE SHADOW FIMI OSINT REPORT:

ACTORS THE EU WILL NOT NAME

A FIMI-Methodology Assessment of US, Israeli and Aligned Network Interference in European Democracy

‘Tyranny is our foe, whatever trappings or disguise it wears, whatever language it speaks, be it external or internal, we must forever be on our guard, ever mobilised, ever vigilant...’1

(Winston Churchill)
  1. The House of Cards Has an Address
  2. The Full OSINT FIMI Shadow Report
  3. Open Letter to Kaja Kallas: The EU’S FIMI Blind Spot Is An Existential Threat
  4. Footnotes

The House of Cards Has an Address

Today the EU’s External Action Service published its 4th annual report on Foreign Information Manipulation and Interference. It is, as in previous years, an impressive technical document. It maps 540 incidents across 10,500 channels. It documents how AI has supercharged Russian and Chinese disinformation. It introduces a new Deterrence Playbook. Kaja Kallas is right that today’s wars are fought with lies and algorithms.

Predictably Russia and China are named again. The United States is not. Israel is not. Elon Musk — whose platform accounts for 88% of all detected FIMI activity by the EEAS’s own figures, and who has directly intervened in elections in Germany, the UK, and Poland — is not subject to the required FIMI analysis and political action. This is not an analytical gap. It is a political choice.

Today, simultaneously with the 4th Report’s publication, I am publishing The Shadow FIMI OSINT Report: Actors the EU Will Not Name — a citizen’s open-source intelligence assessment that applies the EU’s own DISARM Framework, STIX 2.1 standards, and Unified Kill Chain methodology to the actors the official report will not touch.

The findings are unambiguous:

  • The CPAC Poland operation — a sitting US cabinet secretary conditioning military protection on electoral outcome, five days before a presidential run-off — meets all four FIMI criteria. It appears nowhere in the FIMI Explorer database.
  • The BLOOM investigation maps precisely onto DISARM T0104: Corrupt Legislature. US fossil fuel lobbies and Heritage Foundation networks dismantled the EU’s Corporate Sustainability Due Diligence Directive through coordinated manipulation of MEPs. This is FIMI measured not in elections won or lost, but in legislation destroyed.
  • The Pegasus intelligence loop — Israeli spyware harvesting EU officials’ communications to enable precision targeting of subsequent influence operations — is a Tier 1 hybrid threat by the EU’s own ENISA framework. It has never received a FIMI attribution.
  • Elon Musk and Peter Thiel are not private citizens who happen to have political opinions. They are private emanations of the American state — entities receiving $38 billion+ in government contracts while exercising state-scale power without state-level accountability. An actor-agnostic FIMI framework that cannot reach outsourced sovereignty cannot reach the dominant interference vector of 2026.

The 4th Report introduces a Deterrence Playbook designed to dismantle interference by targeting its financial and organisational enablers. Applied consistently, that Playbook reaches every operation documented in our report. It is not applied consistently.

An actor-agnostic deterrence framework that applies to Russian contractors but not to their American counterparts is not a deterrence framework. It is diplomatic preference dressed as methodology.

The Hungarian election is in 20 days. The Agency for Social Design — an EU, US, and UK-sanctioned Russian disinformation firm — is currently running Viktor Orbán’s campaign. The Commission has frozen its enforcement files, fearing Orbán will use action as a “Brussels interference” narrative.

We published this report today because the timing matters. Churchill’s words were spoken to celebrate an alliance. We invoke them now as a warning about what happens when that alliance is weaponised against the democracy it was built to defend.

The Full OSINT FIMI Shadow Report

Download the full Shadow FIMI OSINT Report here:

4th Shadow FIMI ReportDownload

This is an independent citizen OSINT assessment published on the Compossible blog using open sources and AI technologies. All sources are open, all methodology is documented, all findings are falsifiable.

The following is taken from the Shadow Report:

Open Letter to Kaja Kallas: The EU’S FIMI Blind Spot Is An Existential Threat

To the Citizens of Europe, the European Commission, and High Representative Kaja Kallas

17 March 2026

Today, the European External Action Service publishes its 4th FIMI Report.

Predictably it names Russia and it names China. By political choice rather than analytical necessity, it remains silent on the documented hybrid threats originating from our supposed allies and the tech-oligarchs who control our digital infrastructure.

High Representative Kallas correctly stated that these wars are fought with ‘lies and algorithms’ and that FIMI is ‘a weapon aimed at the heart of our democracies.’

I agree. But those weapons are also aimed as us by our erstwhile allies. By refusing to apply its own actor-agnostic FIMI methodology to the United States and Israel, the EU is not maintaining neutrality. It is making a choice — and that choice is enabling the erosion of the democracy it claims to defend.

The 4th EEAS Report introduces a FIMI Deterrence Playbook designed to dismantle interference operations by targeting their financial, technical and organisational enablers. Applied consistently, this Playbook would reach every operation documented in this report. The Social Design Agency — sanctioned and named in the Playbook — is running Viktor Orbán’s election campaign today. The Danube Institute — unlisted — is the fiscal switchboard for the same interference architecture. The Playbook’s logic is sound. Its application is selective. An actor-agnostic deterrence framework that applies to Russian contractors but not to their American counterparts is not a deterrence framework. It is a diplomatic preference dressed as methodology.

The Evidence the EU Will Not Name

This shadow report documents a coordinated axis of interference that the official FIMI Explorer database systematically ignores:

In Poland: In May 2025, sitting US Cabinet Secretary Kristi Noem stood at CPAC Poland and explicitly urged Polish voters to elect ‘a leader who will work with President Donald J. Trump,’ threatening that US military presence and defence equipment depended on the outcome. Simultaneously, Trump hosted candidate Nawrocki at the White House during the active campaign. This was not diplomatic engagement. It was electoral coercion — conducted openly, on video, in front of international media. It is not in the FIMI database.

In the European Parliament: The BLOOM investigation documented how US fossil fuel lobbies met an EPP rapporteur more than ten times in a year, using coordinated manipulative behaviour to dismantle the EU’s Corporate Sustainability Due Diligence Directive — legislation democratically agreed through normal EU process. BLOOM has submitted formal complaints to the Parliament’s own conduct committee. The FIMI framework has not attributed the operation.

In the digital infrastructure: Elon Musk — a serving quasi-US government official — has declared ‘Only AfD can save Germany,’ called for the imprisonment of the UK Prime Minister, and amplified Polish far-right content during the presidential campaign, using a platform whose algorithm his own teams reconfigured to boost his posts. He then threatened to withdraw Starlink from Europe in response to EU enforcement of the Digital Services Act. A private actor using military-critical infrastructure as a coercive lever against democratic oversight is not in the FIMI database.

In Hungary: A Kremlin-run firm under EU, US, and UK sanctions is running Viktor Orbán’s re-election campaign, under the personal oversight of Putin’s First Deputy Chief of Staff, with the Russian embassy in Budapest reportedly functioning as a part-time campaign headquarters. The EU has frozen its Hungary files to avoid ‘appearing to interfere.’ The election is in 20 days.

In the European Parliament’s own oversight: An EPP MEP actively attempted to remove the Israeli Prime Minister’s name from the Parliament’s own Pegasus inquiry report — documented interference in democratic accountability by a serving elected member. It is not in the FIMI database.

The Hungarian Crisis: Complicity by Omission

The most urgent dimension is Hungary. A Kremlin-run, EU-sanctioned firm is operating Orbán’s campaign under Kremlin supervision. The EU Commission has chosen to freeze its response. By staying silent to avoid appearing political, the EU is functionally enabling a foreign power sanctioned by its own institutions to determine the outcome of a member state election.

This is not neutrality. It is complicity by omission.

The Brexit parallel is direct. The UK’s Intelligence and Security Committee possessed evidence of foreign interference before the 2016 referendum. It was suppressed. The committee later concluded the government had ‘actively avoided’ the issue. By the time the Russia Report was published in 2019, Brexit was irreversible. The EU now has the same evidence, the same framework, and the same choice.

What We Demand

We ask for European leaders to have the courage to use powers that already exists:

  • One: Direct the EEAS to enter the documented CPAC Poland operation, Musk’s electoral interventions, the Pegasus EU officials hack, and the Agency for Social Design’s Hungary campaign into the FIMI Explorer database — today. Explain publicly, in writing, if you choose not to.
  • Two: Unfreeze the Hungary files. A sanctioned Kremlin firm is helping to run a member state election. Orban has close political and personal ties with Trump and Netanyahu and those around them. The time for diplomatic caution has passed.
  • Three: Authorise a Special Parliamentary Committee on Foreign Electoral Interference covering all actors. Let those who vote against it explain publicly why documented interference operations should be excluded from EU oversight because of the nationality of the actor.
  • Four: Introduce the three structural reforms that make symmetric application permanent:
    • an Independent FIMI Ombudsman outside the diplomatic chain;
    • Digital Sovereignty Stress Tests for Starlink and Palantir dependencies; and
    • mandatory financial transparency for foreign-funded political infrastructure including the Danube Institute, CPAC Europe, and ADF International’s Brussels office.

Kallas said: ‘Winning a fight requires a shield and a sword.’

We need a shield that covers our whole body (all major threats) as well as the sword.

In memory of democratic courage and in the hope of its return.

The Shadow FIMI Secretariat

17 March 2026

If we are together nothing is impossible. If we are divided all will fail2

(Winston Churchill)

Footnotes

  1. Winston Churchill, ‘The Gift of a Common Tongue’, September 6, 1943. Harvard. The two passages are drawn from the same speech; the ellipsis indicates non-adjacent text. ↩︎
  2. Ibid. ↩︎

Discover more from Compossible – that which can live together

Subscribe to get the latest posts sent to your email.

By

Peter Howitt

·

, , , , , , , ,

Latest articles

Leave a comment