Europol ¦ European Union Terrorism Situation and Trend Report 2026

Europol ¦ European Union Terrorism Situation and Trend Report 2026

A more fragmented threat landscape with strong digital and geopolitical drivers

Europol’s European Union Terrorism Situation and Trend Report 2026 shows a paradox that matters for financial crime professionals: the number of reported terrorist attacks in the EU fell in 2025, but the threat did not ease. Member States reported 45 attacks, down from 58 in 2024, yet arrests rose to 486, the highest level in the three-year comparison covered by the report. The picture is not one of decline, but of pressure shifting across ideologies, methods and online spaces.

For financial crime teams, that matters because terrorism risk is increasingly tied to the same features that drive other illicit activity: fragmented networks, cross-border movement, online coordination, small-value funding flows and the abuse of legal and semi-legal channels. The report makes clear that counter-terrorism cannot be separated from financial intelligence, sanctions screening, cyber monitoring and broader anti-crime controls.

Jihadism remained the main driver

Jihadist terrorism accounted for 24 of the 45 reported attacks and 347 of the 486 arrests. It remained the deadliest category, causing five fatalities and 81 injuries. Europol notes that most completed jihadist attacks were carried out by lone actors using simple means, especially knives, which makes detection difficult and reduces the early warning signs that investigators and compliance teams often rely on.

What stands out is the low operational threshold. Many perpetrators did not appear to be tightly directed by a formal organisation, but were influenced by propaganda, online communities and loose personal networks. This is important for financial crime monitoring because smaller and less structured threats can still leave financial traces: a small donation, a transfer through intermediaries, a cryptocurrency payment, travel support, or purchases of materials and tools.

Bastian Schwind-Wagner
Bastian Schwind-Wagner

"Europol’s 2026 terrorism report shows a threat landscape that is still high-risk, but more fragmented and harder to classify. Jihadism remained the main driver of attacks and arrests in 2025, while right-wing, left-wing, separatist and mixed-ideology threats continued to evolve across online and offline spaces.

For financial crime professionals, the key message is that terrorism financing now often looks small, indirect and digitally enabled. Monitoring must focus not only on large transfers, but also on crowdfunding, crypto-asset use, informal payment channels, charity abuse and links to wider criminal networks."

The online environment has become a core enabler

A central message in the report is that the digital domain is where recruitment, propaganda, technical support, attack preparation and coordination happen across ideologies. Europol highlights how social media, messaging apps, audio platforms, gaming spaces and decentralised services are all used to spread content and sustain networks.

The report also describes a clear pattern of escalation. Users often begin with borderline content, disinformation or hate speech on mainstream platforms, then move toward more closed and secure environments where explicit extremist material is shared. That progression can coincide with a move from open online behavior to operational activity, including fundraising, payments and logistical support.

Artificial intelligence is part of this ecosystem. Europol says AI tools are being abused to create propaganda, including deepfakes, memes and edited audio or video. Chatbots and bots are also being used to assist recruitment, produce content and support preliminary research for attacks. From a financial crime perspective, this suggests that extremist activity is becoming cheaper to run, faster to scale and harder to detect through content moderation alone.

Ideological boundaries are blurring

One of the report’s most important findings is that the threat landscape is becoming harder to classify. Established ideologies such as jihadism, right-wing extremism, left-wing anarchism and ethno-nationalist separatism remain present, but Europol sees more hybrid, unstable and overlapping belief systems.

This matters because the financial footprint of extremist activity may no longer align neatly with a single ideology. The report refers to destabilising anti-institutional groups, nihilistic violent extremism and The Com network, a decentralised online ecosystem that mixes extreme violence, criminality and status-seeking behavior. Some actors appear to want chaos for its own sake. Others are open to exploitation by more strategic actors. For banks, payment firms, crypto exchanges and investigators, that raises the risk of misclassification and missed linkage across cases.

The money trail is often modest, but not absent

The report makes clear that many terrorist attacks, especially lone-actor attacks, require little money. That can create a false sense of low financial risk. In reality, simple attacks can still rely on small but meaningful financial support, and broader extremist ecosystems need funds for propaganda, travel, training, weapons, event costs and basic logistics.

Europol notes the use of bank transfers, hawala , money couriers, crowdfunding, donations, merchandise sales, theft, fraud, crypto-assets and even game-based value transfers. It also points to cooperation between some terrorist actors and organised crime networks, particularly around weapons trafficking, drug trafficking and money laundering. That overlap is highly relevant for financial crime teams because it blurs the line between terrorism financing and other illicit finance typologies.

In 2025, 347 people were arrested for jihadist offences alone, but the report also records arrests linked to right-wing, left-wing, ethno-nationalist and unspecified terrorism. Across all categories, the underlying financial behavior can look very ordinary at first glance: personal savings, small donations, peer-to-peer transfers, or activity routed through front entities and informal channels.

Geopolitics continued to shape the threat

The report repeatedly shows that external conflicts continue to feed internal EU risk. The war in Gaza, the aftermath of the Hamas attack of 7 October 2023, tensions involving Iran and its proxy network, ongoing jihadist activity in Syria and Africa, and Russia’s war against Ukraine all influenced narratives inside the EU.

These conflicts are not only ideological triggers. They also generate practical financial and compliance risk. They can motivate cross-border movement, fundraising, the use of charities or NGOs as fronts, sanctions evasion, and opportunistic abuse of humanitarian or political narratives. Europol notes that anti-Semitic narratives remain a common thread across different extremist milieus, which has translated into threats and attacks against Jewish targets in the EU.

For financial institutions, this means screening and transaction monitoring must be alert not only to explicit terrorist labels but also to adjacent narratives, proxy support structures and politically charged laundering patterns.

Right-wing extremism remained active and increasingly mixed

Right-wing terrorism and violent extremism accounted for five attacks and 43 arrests in 2025. Europol notes that lone actors and small cells were still the norm, but their ideological environment is less coherent than before. Traditional neo-Nazi and white supremacist narratives remain, yet they are increasingly mixed with accelerationism , nihilism , misogyny , conspiracy thinking and even elements borrowed from jihadist symbolism.

That blending creates a problem for detection. A subject may present as a hate extremist one day, a violent gamer the next, and a seeker of notoriety thereafter. Europol also highlights the role of encrypted messaging, gaming platforms and visual symbols such as runes and meme codes, all of which can help communities maintain identity while avoiding moderation.

Financially, these groups often rely on self-funding, event fees, merchandise and donations, though cryptocurrencies and illicit income are also used. The report’s examples of arrests involving weapons, training, propaganda and recruitment underline how financial, digital and operational risk can converge quickly.

Left-wing and anarchist actors remained locally active

Left-wing and anarchist terrorism accounted for 12 attacks and 13 arrests. Most attacks in this category were directed at property rather than people, often using arson or improvised incendiary devices. Europol notes that the Gaza conflict played a mobilising role here as well, with anti-Israel, anti-Zionist and anti-Semitic claims appearing in a significant share of responsibility statements.

The important point is that this milieu also uses familiar funding methods: personal income, donations, crowdfunding, membership fees, merchandise and event fundraising. Some groups appear to have links to wider activist ecosystems, while some activities may stay just below terrorism thresholds, making them more likely to be handled as public order or criminal damage cases rather than under counter-terrorism law.

Ethno-nationalist and separatist risk did not disappear

No verified ethno-nationalist or separatist attacks were reported in the EU in 2025, but Europol still recorded 34 arrests. The PKK remained the most significant actor, with dissident republican and Corsican or Basque separatist structures also present.

This category is especially relevant to financial crime because of its structured and transnational funding model. Europol describes annual campaigns, donations, coerced contributions, membership fees, event-based collections, charities, media entities, cash couriers and both legal and illegal channels. It also notes links to fraud, money laundering, extortion and drug trafficking. That is a classic financial crime intersection: even where attacks are absent, the support infrastructure can remain active and deeply embedded in illicit finance.

What this means for financial crime controls

The main lesson from the report is that terrorism finance risk is becoming more diffuse, more digital and more intertwined with other crime types. The threat is not limited to high-value transfers or overtly suspicious counterparties. It can appear as small online donations, crypto movements, travel-related payments, charity abuse, marketplace activity, or indirect support through intermediaries.

The report also shows that younger subjects are increasingly involved, often with only superficial ideological understanding and strong online exposure. That makes behavioural monitoring, adverse media analysis, open-source intelligence (OSINT) and typology-based transaction review more important than ever. It also means controls need to account for hybrid threat actors, propaganda-linked payments and the use of legitimate platforms for illicit purposes.

A more complex threat, not a smaller one

Europol’s 2026 report suggests that terrorism in the EU is becoming more fragmented, more networked and more difficult to categorise. The rise of online radicalisation, the abuse of AI, the overlap with organised crime, and the influence of geopolitical conflicts all point to a more fluid environment.

For financial crime teams, the response has to be equally fluid. That means stronger monitoring of small but meaningful transfers, tighter controls around charities and informal payment channels, better attention to sanctions and proxy links, and closer integration between terrorism financing, fraud, AML and cyber intelligence. The risk is not only in the obvious transaction. It is increasingly in the connections around it.

The information in this article is of a general nature and is provided for informational purposes only. If you need legal advice for your individual situation, you should seek the advice of a qualified lawyer.
Did you find any mistakes? Would you like to provide feedback? If so, please contact us!
Dive deeper
  • Europol ¦ Europol, European Union Terrorism Situation and Trend Report, Publications Office of the European Union, Luxembourg, 2026. ¦ Link
  • Wikipedia® ¦ The Com ¦ Link
Bastian Schwind-Wagner
Bastian Schwind-Wagner Bastian is a recognized expert in anti-money laundering (AML), countering the financing of terrorism (CFT), compliance, data protection, risk management, and whistleblowing. He has worked for fund management companies for more than 24 years, where he has held senior positions in these areas.