Ten years after the Brexit referendum: A gap in Europe's defences

The world has changed dramatically since 2016, particularly when it comes to defence. But many of the security challenges that confronted Europe a decade ago remain very much live. At the time of the Brexit referendum, Europe was in the middle of a wave of lethal terrorist attacks. Governments were grappling with radicalisation and the spread of political disinformation online. Major cyber-attacks were spilling over into the wider economy. And Europe’s leaders were starting to realise how important it was to protect critical infrastructure and build resilience across our economies and, indeed, societies. We learned, sometimes the hard way, that such threats were most effectively tackled working together, especially with like-minded partners. 

Ten years later, the threat from terrorism and serious organised crime has not gone away across Europe. Events in the Middle East continue to fuel radicalisation. Attacks on Jewish communities have become more frequent. Beyond Ukraine’s borders, Russia is locked in a grey-zone struggle with the West, increasingly taking the form of direct action against European countries. Cyber risks are accelerating, not least thanks to artificial intelligence. And economic security – reducing dependencies and strengthening resilience – has moved from being a peripheral concern to the centre of the European political debate. 

These challenges are still best tackled together. Law enforcement and security agencies across Europe continue to work closely. But one factor has changed. Brexit has placed the UK outside the dense network of co-operation on security issues – and critical information-sharing arrangements – that EU member-states had built over many years and that underpin collective European security. 

The Trade and Co-operation Agreement, which governs the UK’s post-Brexit relationship with the EU, preserved some of those links, but with limits. The EU-UK summit in May 2025 reaffirmed the importance of co-operation in this area. It promised renewed efforts to accelerate exchanges of criminal-records data and information relating to terrorism, including through enhanced links with Europol, the EU’s police agency. 

“The UK and the EU face shared threats to our shared values.” 

Important gaps nonetheless remain. One that merits more political attention is the absence of a real-time alert system between British law-enforcement services and those of other European countries about persons of interest. This may sound technical, but it is a real security gap. It affects the ability of authorities to identify and stop serious criminals and pursue counter-extremism and counter-terrorism investigations across the continent. 

When it left the EU, the UK lost access to major common databases, including the Schengen Information System (SIS). The database holds tens of millions of active alerts from police, border guards and other security agencies across Europe, including arrest warrants, information on missing persons, stolen identification documents and firearms. It is the backbone of European law-enforcement co-operation, processing literally billions of enquiries each year.  

As a country outside the union, the UK cannot simply rejoin SIS. Instead, British authorities currently share alerts with their EU counterparts via the international Interpol system. This is not an adequate substitute. The number of EU alerts on persons of interest received by the UK since Brexit has fallen by 90 per cent compared with the number circulating through SIS. That adds up to around 400,000 missing alerts per year, including discreet checks used in counter-terrorism and counter-radicalisation investigations. Those ‘missing alerts’ are no longer automatically checked when someone is stopped by British police or crosses the UK border. The result is about one billion missed opportunities for checks each year. 

This is a significant gap that leaves the European continent less secure. It is serious enough to warrant looking again at the options for a shared real-time alert exchange capability. Rebuilding this capability need not require the UK to rejoin SIS. The EU already allows the security and migration databases to be interoperable on a ‘hit/no hit’ basis, allowing authorities to identify relevant information while preserving the integrity of the underlying systems. There are viable technical ways forward. 

What is missing is the political impetus. The past decade has been marked by a failure to distinguish between the legal consequences of Brexit and the wider strategic case for security co-operation. In the immediate aftermath of the referendum, I was involved as the commissioner responsible for the security union – and so must take part of the responsibility – in the European Commission’s proposal to exclude the UK from the Galileo satellite-navigation system. Whatever the legal arguments at the time, the justification that the UK was not a trusted security partner was misguided. Developments since then have only proved this. 

The UK and the EU face shared threats to our shared values. As they continue to reset their wider relationship, they should continue to build a more trusted partnership on security. Closing the gap in real-time alerts would be a practical test of whether the reset can deliver on its promise.

Sir Julian King is a specialist partner at Flint Global, a former European commissioner for the security union (2016–19), and a former British ambassador to France (2016). He is also chair of the CER’s advisory board. 

Download the full essay collection here.