Securing the Narrative: Digital Securitisation and the Politics of Visibility in Ukraine's Information War

Part I: From Disinformation to Security Threat: Digital Securitisation in the EU and the US After Russia’s Full-Scale Invasion of Ukraine

1. Introduction

The Russian full-scale invasion of Ukraine, which began in February 2022, is now widely perceived as a watershed moment for European security. Since the invasion began, information infrastructure, platforms and data flows have increasingly been regarded as strategic terrain—assets to be defended, controlled and, on occasion, weaponised. In the days following the invasion, the European Union took the decision to suspend the broadcasting activities of RT and Sputnik, explicitly defining the Kremlin's “disinformation and manipulation of information” as an operational tool of war and a “direct threat” to public order and security in the Union.^[1] This decision was not merely symbolic, it represented a more extensive shift in which digital governance tools, often associated with media regulation or privacy, were reinterpreted through the lens of security and emergency.^[2]

The purpose of this study is to examine how Russia’s full-scale invasion of Ukraine functioned as a catalyst for the securitisation of digital space in transatlantic democracies, and what the implications for democratic oversight and civil liberties are. In the discipline of international relations theory, securitisation is defined as the political process that transforms an issue, regardless of its nature, into an existential threat to the state. This rhetorical strategy is then followed by the implementation of extraordinary measures that would be difficult to justify in a non-emergency situation.^[3] Given these assumptions, the present article posits that the Russian invasion of 2022 precipitated an acceleration in the securitisation of the digital domain among western democracies. This has been possible due to the alignment of three elements: firstly, a clearly identified aggressor, namely Russia; secondly; a rapidly expanding repertoire of hybrid tools, including cyber operations, information manipulation and digital infrastructure leverage; finally, greater public and institutional willingness to accept extraordinary measures in the name of democratic defence.^[4]

The present study observes qualitative mapping of securitisation moves in order to analyse how decision-makers interpreted the post-2022 digital threat environment. It builds on extant research concerning the securitisation of foreign disinformation in the Russia-Ukraine war, demonstrating how democratic governments can adopt “partial securitisation” with rhetoric and ad hoc measures.^[5] Finally, the paper examines the trajectories of the EU and the US after February 2022, highlighting both the convergences in securitisation logics and the divergences in the institutional safeguards. The conclusion of the article summaries the implications for democratic oversight and proposed policy principles to strengthen resilience without normalising the exception.

2. Theoretical Background

2.1 Defining “digital domain” and “digital securitisation”

In this study, digital space is conceptualised as the socio-technical environment in which political communication, information flows and governance are mediated by networks, cloud services and critical information systems. It includes platform ecosystems, such as social media, search engines and messaging applications, along with their content governance. Lastly, it also covers data and surveillance architecture, which includes the collection, storage, analysis and exchange of personal and behavioural data by public and private actors. This definition purposefully conceptualises the digital dimension as both a technical domain and a governance domain, wherein authority is conducted through code, regulation and institutional coordination.^[6]

With regard to the conceptualisation of digital securitisation, however, the article draws on the theory of securitisation first formulated by the Copenhagen School.^[7] This theoretical framework treats security not as an objective condition, but rather as a political process. Within this paradigm, an issue is framed as an existential threat, thereby allowing for extraordinary measures that can circumvent ordinary constraints. It is important to note that, according to this approach, digital securitisation refers to the process by which elements of the digital space, such as disinformation, cyber vulnerabilities or data access, are reframed as urgent security concerts that justify exceptional policy responses.^[8]

In terms of operations, digital securitisation is observable through three indicators. Firstly, the framing of threats, that is to say, the speech act that identifies digital risks as existential threats. Secondly, exceptional measures, such as accelerated, restrictive, or emergency policies affecting information flows, platforms or surveillance. Thirdly, the reconfiguration of authority, implemented through changes in institutional competences, including the intensification of public-private enforcements and the reduction of transparency.^[9]

2.2 Russia as a threat source and model of authoritarian digital governance

In the context of this study, the relevance of Russia is twofold. Firstly, it is essential to acknowledge the role of Russian cyber operations as a source of threat. The context of war has brought these operations to the fore as central components of hybrid warfare, rather than as peripheral information policy.^[10] Secondly, the Russian Federation is regarded as an exemplar of authoritarian and coercive governance in the digital domain. Analyses of Russian digital authoritarianism highlight a set of tools that combine large-scale surveillance capabilities, limited independent oversight and legal mechanisms that restrict expression and mobilise private intermediaries to enforce state priorities, including service providers and platforms.^[11] This is important in the context of a study on Russian cyber influence, as Russia’s internal model demonstrates the potential for digital infrastructures and intermediaries to be transformed into instruments of strategic control. This operational logic subsequently prompts Western democracies to adopt a securitisation approach in regard to elements of their own information environment.

Comparative work on digital authoritarianism further places Russia within a wider range of control practices, from surveillance to information manipulation, while also highlighting variation in the implementation and justification of such practices across different political regimes and state contexts.^[12] These premises are relevant to the analysis of transatlantic democracies, as they demonstrate that policy responses may be influenced not only by the action of the Russian state, but also by the manner in which such actions are rendered politically legible and publicly acceptable as necessary measures.^[13] In this sense, Russia’s war posture can contribute to the spread of digital authoritarianism and securitisation practices through a combination of demonstrative effects, threat emulation and the internationalisation of justificatory frames.^[14]

2.3 Transatlantic democracies before and after 2022

Prior to 2022, transatlantic democracies had already developed governance repertoires that addressed cybersecurity and foreign interference. However, academic work on the securitisation of foreign disinformation suggest that, even in democratic contexts, such issues can be progressively inserted into the security register through threat rhetoric and ad hoc measures, sometimes producing a “partial securitisation” that blurs the boundaries between public communication, platform governance and security policy.^[15] Concurrently, deliberations concerning surveillance prerogatives illustrate how security frameworks can legitimize augmented data accumulation or diminished constraints, frequently substantiated by allusion to adversarial competencies and strategic competition.^[16]

The full-scale invasion of 2022 acted as a catalyst, compressing decision-making times, refining attribution and increasing tolerance for restrictive tools in the name of democratic defence.^[17] In the European Union, for instance, the decision to suspend broadcasting activities with Russia Today and Sputnik was explicitly justified as a response to Russian “disinformation and manipulation of information” that poses a threat to public order and security.^[18] This episode provides a concrete point of departure for examining how war can accelerate digital securitisation in democratic contexts, while raising questions about proportionality and long-term normalisation of exceptional measures.^[19]

3. Analysis

3.1. The European Union’s Collective Securitisation of the Information Domain

3.1.1. The RT and Sputnik Case

On the 2nd of March, 2022, the Council of the European Union adopted restrictive measures that led to the urgent suspension of the broadcasting activities of RT (Russia Today), a television network, and Sputnik, a state-controlled media outlet.^[20] The Council linked its decision directly to Russia’s ‘unprovoked and unjustified military aggression against Ukraine’, and presented these channels as ‘essential and instrumental’ in supporting the invasion and destabilising neighbouring states, arguing that the Kremlin was implementing a ‘systematic’ campaign of disinformation.^[21] The press release elucidates the securitising claim by stating that ‘The Kremlin’s systematic manipulation of information and disinformation are applied as an operational tool in its assault on Ukraine. It is also a significant and direct threat to the public order and security of the Union.’^[22]

In relation to the theoretical underpinnings of securitisation, the Council’s methodology establishes a nexus between the referent objects (comprising EU public order and security) and an external threat actor—namely, the Russian state and its affiliated media networks.^[23] This connection serves to legitimize the implementation of extraordinary measures, which in turn result in the suspension of conventional standards within the domain of the information environment.

Furthermore, the EU’s decision to impose a ban on RT and Sputnik sheds light on its hard-line securitisation pathway. Contrary to the conventional approach, that relies primarily on domestic executive powers, the EU employed a multifaceted strategy that entailed the implementation of restrictive measures and a sophisticated sanctions structure, resulting in the enforcement of information controls on a large scale.^[24]

This securitising move revealed an implementation pathway where the Union translated its threat framing into EU-wide restrictive measures with immediate cross-border effect. “Suspension or restriction” entailed an absolute prohibition not only on broadcasting, but also on operators’ ability to “enable, facilitate, or otherwise contribute to broadcast any content,” placing enforcement pressure on intermediaries and distribution chokepoints.^[25]

The measure was rapidly litigated. RT France challenged the Council’s competence and alleged violations of the Charter of Fundamental Rights of the European Union (including freedom of expression, the freedom to conduct a business, and rights of defence). The General Court of the European Union rejected the appeal and applied a structured Charter test (legality; essence of the right; legitimate aim; proportionality), emphasising public order/security objectives and the “narrow scope” of the intervention (including that certain journalistic activities were not fully prohibited).^[26]

In its public reasoning, the Court treated the measure as a security-related restriction adopted in response to Russia's aggression, while insisting that interference with rights must remain legally justified and proportionate. The narrow framing of the legal issue is of particular pertinence in this case, as it functions as a means for the Court to safeguard the fundamental rights in question. The Court's position in this regard is that the imposed restrictions were directed towards the transmission and distribution of content by the recognised media outlets, as opposed to the practice of journalism itself.^[27] This interpretation is consistent with the architecture of the restrictive measure itself, which prohibits operators from broadcasting content by the listed entities on multiple distribution channels.^[28] In assessing proportionality, the Court balanced the severity of the interference with the stated objective of protecting public order and security in an exceptional context of war. This approach translated the logic of security into a rights-based justificatory framework.^[29]

3.1.2 EU’s Collective Securitisation

The RT/Sputnik ban can be interpreted as an “ideal case-study” of EU collective securitisation of disinformation, since it translated a wartime threat narrative into EU’s restrictive measures, and immediately generated contestation over legal basis and proportionality.^[30] The democratic tension is that securitisation may be pursued in the name of defending democracy, yet political legitimacy depends on whether exceptional restrictions remain bounded by transparent justification.^[31] The case illustrates this duality concretely: on the one hand, operators were prohibited not only from broadcasting but also from enabling or facilitating distribution across channels; on the other hand, judicial review (RT France) upheld the measure through a structured Charter assessment, framing it as proportionate and “narrow in scope” because it targeted distribution rather than journalism as such. The case demonstrates a distinctly “democratic” securitisation pathway that is rapid, supranational, law-based, and subject to judicial review. However, the case also discloses the risk that exceptional restrictions on information access become normalised, generating recurring disputes over proportionality, safeguards and transparency.^[32]

3.2. The United States’ Frame of Russia as a threat actor and policy responses

The EU case demonstrates a securitising logic centred on defending democratic stability and public order against Russian information manipulation. This section analyses the US case, as it shares this core threat framing of Russia as a hostile actor exploiting digital space, but employs different instruments and constraints. This is attributable to the existence of stronger constitutional barriers to direct speech restrictions, as well as a more pronounced role for oversight contestation.^[33]

The US case can be framed as a two-track securitisation: foreign disinformation/influence as a security threat to democratic stability, and cyber and surveillance as the infrastructural backbone through which security agencies claim capacity to detect and mitigate hostile activity.^[34]

3.2.1. Agencies and Intermediaries: the Doppelgänger Case

A notable parallel can be drawn between the post-2022 United States and the EU's RT/Sputnik move in terms of the disruption, in September 2024, of Russia's "Doppelgänger" foreign malign influence operation.^[35] Instead of restricting access to a single media outlet, the US Department of Justice announced the seizure of 32 internet domains used to impersonate trusted news brands and spread pro-Russian content.^[36] This course of action was presented as a law enforcement response based on criminal statutes, including money laundering and trademark offences. The intervention is centred on the distribution infrastructure and intermediaries involved, including misleading branding and online dissemination, rather than imposing a direct broadcasting ban.^[37]

The logic employed in this action mirrors the EU's approach to framing threats. It is evident that both episodes perceive the information environment to be a domain of conflict, wherein Russian state-affiliated actors leverage digital platforms to subvert democratic stability.^[38] Nevertheless, the distinction resides in the selection of the tool. In the case of Washington, the response is channelled through enforcement and disruption measures, supplemented by sanctions. These instruments regard foreign information manipulation as a matter of national security, addressed through inter-agency coordination.^[39]

In this case, the democratic friction point lies less in the fact that a disruption occurs and more in the way in which securitisation measures are limited and legitimised in a rights-constrained system. This constraint is evident in the selection of the instrument itself: the response is directed through law enforcement disruption of specific distribution networks and infrastructure, as opposed to general restrictions on media outlets. This shows how America's securitisation process uses intermediate leverage and infrastructural control, while legitimacy depends on legal authorisation, transparency about objectives, and challenges if measures go beyond specific networks.

3.2.2. Opposition and Accountability in the Doppelgänger case

In contrast to the EU's RT/Sputnik case, where the emphasis is on proportionality review before the General Court, the US accountability landscape is characterised by its greater complexity and systemic nature. This phenomenon is indicative of constitutional barriers to direct speech restrictions and ongoing debates surrounding surveillance and state-platform relations. In practice, the phenomenon of opposition manifests through a variety of channels, including legislative oversight, judicial scrutiny, and civil society mobilisation. The extent to which securitising measures can be implemented without jeopardising democratic legitimacy is influenced by each of these factors.^[40]

The Doppelgänger disruption illustrates this constraint indirectly. Because the intervention is channelled through law-enforcement action against a specific network’s distribution infrastructure, it appears more compatible with a rights-constrained system than a blanket outlet restriction; yet its legitimacy still depends on whether objectives are narrowly defined, authorisations remain transparent, and measures do not expand into broad, discretionary control over information flows.^[41]

This is where accountability tensions become analytically central rather than incidental. As Ünver’s account of US surveillance politics shows, national-security arguments can make expanded digital-security capacities politically attractive, while opposition focuses on scope limits, oversight, and safeguards to prevent abuse and normalise public consent.^[42] Scholarships on digital authoritarianism warns that democracies may adopt tougher digital governance tools under competitive threat perceptions, making it crucial to distinguish security-driven capacity-building from the erosion of democratic checks.^[43] With regard to securitisation, the case of the United States lends support to the thesis on post-2022 acceleration. Concurrently, it elucidates its democratic cornerstone: securitisation progresses more plausibly where exceptional measures remain contestable. It is only when a new normality has become customary that it can be considered to be verified.^[44]

4. Discussion of Findings and Policy Recommendations

4.1 Discussion of Findings

The analysis of the RT/Sputnik and Doppelganger cases, which can be traced back to digital securitisation in the EU and the US respectively, demonstrates an indirect spread of Russian digital authoritarianism practices. This indicates that the transatlantic democracies under scrutiny have not adopted a process of emulating Russian strategies; rather, the influence of the latter has exerted indirect repercussions through the mimicry of the threat, i.e. adversarial tactics that compel democracies to re-evaluate the concept of digital governance as a security practice. Furthermore, there is emulation of crisis policies, i.e. emergency conditions that compress deliberation and broaden the range of politically feasible restrictions.^[45] The tendency for practices to disseminate is attributable to the capacity of the relevant actors to derive substantial insights from disruptive occurrences, notwithstanding their repudiation of the prevailing normative principles initially instituted by the regime in question.^[46]

A further complicating factor is present in circumstances where digital control is not static. In such cases, repressive capacity may be shaped by infrastructural dependencies and disruptive pressures. Consequently, the conditions of war do not inherently result in enhanced linear control.^[47] This is a salient consideration within the paradigm of democratic policy design. In the event that democracies are characterised by control-based solutions, there is a risk of the normalisation of extraordinary restrictions without the achievement of enduring resilience against adaptive adversaries.

4.2. Policy Recommendations

The prevailing lesson to be drawn from the examination of both EU and US cases is that the legitimacy of emergency measures is contingent upon their contestability and limitation. In practical terms, transatlantic democracies should incorporate sunset clauses and renewal thresholds, minimum transparency standards (i.e. the threats invoked, the measures employed and the rights affected) and an independent review capacity capable of operating at the pace of the crisis. The implementation of such measures serves to mitigate the potential for securitisation to evolve into a long-term exception, thereby averting the democratic concerns that have been accentuated in the context of the EU-level debate surrounding collective securitisation.^[48]

The tendency of the United States to disrupt distribution infrastructure, and the European Union's experience with rapid restrictions, both point to a practical principle: whenever possible, it is desirable to focus on the architecture of manipulation (domains, coordinated inauthentic behaviour, monetisation channels, bot infrastructure) rather than on general access restrictions that directly reduce information pluralism. This assumption is consistent with the findings of studies on securitisation, which consider government practices and emergency actions to be central to risk management. The issue at hand pertains not solely to the actions of states, but also to the modes and forms of authority that regulate their actions. The enhancement of institutional resilience and response capacity serves to diminish the perception of the necessity for democracies to resort to drastic restrictive measures as a primary recourse.^[49] Consequently, a transatlantic approach should prioritise joint attribution and coordinated public disclosure, in conjunction with precisely targeted disruption measures and evidence-based, time-limited compliance requirements for platforms.^[50]

5. Conclusion

In conclusion, this article has examined the impact of Russia's full-scale invasion of Ukraine on the securitisation of digital spaces across transatlantic democracies, with a view to its implications for democratic oversight and civil liberties. The events that transpired in February 2022 functioned as a catalyst, resulting in a more precise attribution of threats to Russia, the elevation of the information environment to a strategic security domain, and the expansion of politically feasible "exceptional" responses in the digital realm. Case studies of the EU and the US demonstrate that securitisation manifests in a distinct manner in democratic contexts.

The EU's approach, as exemplified by measures undertaken by RT/Sputnik, represents a collective securitisation pathway that is legally anchored and subject to judicial contestation. However, this pathway faces ongoing challenges regarding proportionality and freedom of information. Conversely, the US's Doppelgänger response is characterised by its indirect nature, being influenced by constitutional constraints, and is oriented towards the targeted disruption of distribution infrastructure and interagency enforcement, as opposed to the imposition of outlet bans.

The findings suggest that the diffusion of securitisation measures is not a direct adoption of Russia's authoritarian model, but rather a crisis-driven emulation and threat mimicry that can normalise emergency logics even within rights-constrained systems.

The policy implications of this approach are evident: transatlantic democracies can safeguard the information domain without compromising democratic legitimacy, provided that securitising measures are constrained, transparent, and subject to review, and resilience-building initiatives effectively mitigate the reliance on exceptional responses.