On April 17, two radiological incidents unfolded within hours of each other at opposite ends of the European continent.
At the Medyka border crossing in southeastern Poland, border guard officers stopped a Ukrainian woman during a routine screening. One of the hundred-dollar banknotes she was carrying registered radiation levels 1,905 times higher than the permissible threshold. It was the second such case in five months.
The same afternoon in London, the Metropolitan Police sealed off Kensington Gardens after a pro-Iranian Islamist group, Harakat Ashab al-Yamin al-Islamia, posted a video showing two men in hazmat suits launching drones toward the Israeli embassy. In the recording, the group claimed the drones were carrying radioactive material. A CBRN (chemical, biological, radiological, and nuclear) unit was deployed, and the park remained closed for two days.
Neither incident caused casualties. But both pointed to the same structural vulnerability.
Europe’s security relies on US infrastructure
Few Europeans know that the radiation portal monitors protecting the European Union’s external land borders were not purchased by European institutions. They were procured and maintained by the US Department of Energy’s National Nuclear Security Administration under the Second Line of Defense program—an initiative launched in the late 1990s and now known as the Nuclear Smuggling Detection and Deterrence program. The Medyka infrastructure that detected the contaminated banknote is part of this US-funded architecture. And US investment does not end at border security.
After the 9/11 terrorist attacks, the United States built a domestic urban detection layer with no European equivalent. The Securing the Cities program, created by the Department of Homeland Security in 2006, has equipped state and local first responders with 48,000 radiation detectors across fourteen high-risk urban areas, including New York, Los Angeles, Chicago, Houston, and Washington, DC. Since then, the program has continued to expand. As a result, major US urban centers are now covered by a programmatic radiological/nuclear detection capability that no European city possesses.
The US National Security Strategy asks Europe to take primary responsibility for its defense, while emphasizing the nuclear umbrella as the primary US contribution to NATO deterrence. Though the United States continues to provide infrastructure assistance, it does not regard itself as ultimately responsible for protecting European cities from CBRN threats. Both the European Union and NATO recognize this as a national responsibility for societal resilience. Preventing radiological material from moving through European commercial supply chains, civilian logistics networks, and ordinary travelers’ bags with relative freedom thus falls squarely within the EU’s remit.
Chornobyl-era systems, post-Chornobyl threats
Europe’s radiological detection architecture was designed for a fundamentally different threat geometry. Systems such as the European Community Urgent Radiological Information Exchange and the European Radiological Data Exchange Platform emerged in response to the Chornobyl nuclear meltdown. They were designed primarily to detect and track large-scale atmospheric contamination spreading over tens or even hundreds of miles—and they remain valuable for that purpose.
At the same time, they are nearly useless against the threat that the Medyka and Kensington Gardens incidents represent: sub-threshold, sub-state, logistics-enabled radiological, chemical, or biological toxin dispersal—a less harmful contaminated banknote, a drone over a park, a package in a delivery network, a dispersed source on a metro platform. Europe has experienced this pattern before: the assassination of Alexander Litvinenko in London, the Novichok attacks on Sergei and Yulia Skripal in Salisbury, and the poisoning of Alexei Navalny on a flight over Siberia. Each of these cases involved state-linked actors operating in civilian environments and using biological, chemical, or radiological agents that bypassed routine detection systems.
Iran today holds large stockpiles of enriched uranium from its nuclear program and spent nuclear fuel from its Bushehr nuclear power plant. Following the 2025 strikes, neither the International Atomic Energy Agency nor anyone else can account for the 440 kilograms of highly enriched uranium documented before the attacks. While the material cannot be immediately weaponized, it remains highly relevant to radiological proliferation risks, including the potential for terrorist acquisition or dirty-bomb construction. The same Iranian organization that was behind the Kensington Gardens incident has shown both intent and operational creativity in exploiting civilian infrastructure. Similarly, the October 2024 plot to put incendiary devices on cargo planes headed to North America demonstrated the same logic applied by a state actor.
Preparedness on paper, patchwork in practice
The EU is not without institutional awareness. Its Preparedness Union Strategy, the ProtectEU Internal Security Strategy, and the EU CBRN Action Plan all acknowledge the bloc’s limited CBRN detection and response capabilities. Moreover, the Directorate-General for Health Emergency Preparedness and Response (DG HERA), the Directorate-General for European Civil Protection and Humanitarian Aid Operations (DG ECHO), and the Directorate-General for Migration and Home Affairs have shown an appetite for a more coordinated, programmatic response at the EU level.
The first elements of a new preparedness framework are already in place. For instance, the rescEU strategic reserve—coordinated by DG ECHO and DG HERA across several member states and worth more than €500 million—provides medical countermeasures and protective equipment for CBRN incidents. This is an important step.
Still, it is a measure that’s inherently reactive, designed to mitigate consequences rather than guarantee detection, and covering only a select portion of potential exposure scenarios.
What matters more than responding to consequences is detecting them before they scale. Instead of just acknowledging the security gap, the European Commission must build the detection architecture required to close it.
The moment to rewire Europe’s security architecture is now
As the Multiannual Financial Framework negotiations for the EU’s next long-term budget (2028-2034) enter their critical scoping phase, the decisions made in the next twelve to eighteen months will determine whether European CBRN detection infrastructure receives a dedicated funding line—or whether Europe continues to rely on US-funded border monitors and Cold War atmospheric sensors even as threats increasingly move through parcel lockers, drones, and urban transit networks.
The fact that two separate radiological incidents on European soil occurred on the same day in April should put to rest any lingering doubts about whether the threat is merely theoretical.
Europe already has the institutions, the political mandate, and the commercial infrastructure to build a credible early-warning architecture without waiting for US leadership or a mass-casualty event to provide political cover. It also has the opportunity to go beyond existing US models.
The Securing the Cities program was launched in 2006, long before smart-city frameworks, the internet of things, and the digitally integrated logistics systems now embedded in urban infrastructure. A European equivalent could integrate urban logistics, public transport, and municipal data streams into a distributed nuclear and radiological detection network—an architecture more akin in scale and ambition to the EU’s satellite navigation system Galileo or its Copernicus Programme than to traditional security programs.