Foreign Information Manipulation and Interference (FIMI)
What is the Foreign Information Manipulation and Interference (FIMI)?
The term Foreign Information Manipulation and Interference (FIMI) was first formally developed and conceptualized by the European External Action Service (EEAS).
The EEAS began addressing FIMI in 2015, in response to EU Member States' concerns over disinformation campaigns. Since then, the EEAS has significantly enhanced its capabilities to identify, analyse, and respond to FIMI threats.
The Foreign Information Manipulation and Interference (FIMI) is a multidimensional threat that lies at the intersection of national security, information integrity, democratic governance, and hybrid warfare. As defined by the EEAS and further elaborated in European Commission strategic communications, FIMI refers to intentional and coordinated activities carried out by state or state-linked actors, aimed at manipulating the information environment in a deceptive, misleading, or coercive manner with the objective of undermining public trust, weakening democratic processes, and advancing geopolitical goals. The recognition of FIMI as a structured, strategic phenomenon represents an important evolution in the policy, legal, and operational response to foreign-led disinformation, influence campaigns, and hybrid threats.
The defining characteristic of FIMI is the use of manipulative techniques rather than mere expression of opinion or dissemination of propaganda. These techniques include, but are not limited to, the distortion or fabrication of information, the artificial amplification of narratives via inauthentic accounts or bots, the impersonation of trusted entities, and the orchestration of cross-platform campaigns that exploit the vulnerabilities of open information ecosystems.
Unlike classical propaganda, FIMI is designed not only to persuade but also to confuse, divide, and destabilize, exploiting cultural tensions, or eroding the credibility of democratic institutions and independent media.
FIMI operations are particularly insidious because they exploit the openness of liberal democratic societies, where freedom of speech, press, and political expression are constitutionally protected, and turn these values into vectors for manipulation. Adversarial actors understand that by flooding the information space with misleading content, conspiracy theories, or selective truths, they can overwhelm fact-based discourse, induce apathy or polarization, and ultimately reduce societal cohesion. The goal is not necessarily to convince, but to exhaust; not to present an alternative truth, but to undermine the very concept of objective truth itself.
From a legal perspective, the complexity of responding to FIMI arises from its transnational nature and its ability to operate below the threshold of overt aggression or illegality. Many FIMI operations are difficult to attribute, and they often use proxies or unwitting intermediaries to disseminate harmful content. This blurs the line between state action and plausible deniability.
Legal systems designed to uphold freedom of expression are often ill-equipped to regulate content that is misleading, harmful, or manipulative, but not overtly illegal. The ambiguity surrounding intent, sponsorship, and jurisdiction complicates enforcement and accountability.
The European Union’s strategic documents, including the “Joint Framework on countering hybrid threats” and the “Action Plan against Disinformation,” have laid the groundwork for a comprehensive response to FIMI. The introduction of the Code of Practice on Disinformation, and more recently, the Digital Services Act (DSA), reflect an emerging normative consensus that platform accountability, algorithmic transparency, and systemic risk assessment are essential tools in the fight against FIMI. Under the DSA, very large online platforms (VLOPs) are now required to identify and mitigate systemic risks, including those arising from foreign information manipulation. This marks a significant step toward embedding resilience against FIMI within the internal compliance structures of digital service providers.
Additionally, the European External Action Service has developed the FIMI framework, a typology for classifying and analyzing manipulative information activities. This framework focuses on behavior rather than content, recognizing that the same message may be benign or malicious depending on its context, origin, and method of dissemination. By focusing on behavior and state-linked sponsorship, the FIMI framework allows national authorities, civil society, and compliance professionals to move beyond subjective content moderation and instead focus on detecting operational patterns and strategic intent.
From a governance and risk management standpoint, FIMI necessitates the development of early warning mechanisms, situational awareness capacities, and institutional coordination. National cybersecurity strategies must now incorporate cognitive security, the protection of public perception and democratic discourse, alongside traditional concerns such as critical infrastructure, network integrity, and data protection. This shift is evident in the increasing inclusion of media literacy campaigns, counter-disinformation task forces, and public-private partnerships within national security architectures.
It is also essential to recognize that FIMI is not only a European concern, but a global one. NATO’s Strategic Communications Centre of Excellence (StratCom COE) plays a pivotal role in analyzing FIMI operations and advising member states. The G7 has explicitly recognized Foreign Information Manipulation and Interference (FIMI) as a shared and growing threat to democratic societies. In recent years, G7 leaders and foreign ministers have emphasized the need to counter FIMI collectively. The G7 Rapid Response Mechanism (RRM), established in 2018, plays a central role in coordinating responses to state-sponsored disinformation and FIMI campaigns. G7 summits have consistently called for enhanced information-sharing, attribution, and joint countermeasures against malicious influence operations.
In risk and compliance management, entities must evolve their internal controls and awareness frameworks to include indicators of FIMI exposure. This includes monitoring abnormal traffic patterns, impersonation risks, narrative convergence across multiple information platforms, and suspicious foreign sponsorships or coordinated messaging. When layered with existing due diligence, counterintelligence, and crisis management structures, these capabilities can contribute to institutional resilience against FIMI-related risks.
Foreign Information Manipulation and Interference (FIMI) represents a strategic, covert, and increasingly pervasive threat to democratic societies, rule-of-law institutions, and the integrity of public discourse. The challenge of addressing FIMI requires a cross-disciplinary approach, combining legal safeguards, operational vigilance, technological accountability, and public education. The emergence of FIMI demands not only technical awareness but also strategic foresight. It is no longer sufficient to monitor regulatory compliance in isolation; the modern threat landscape compels organizations to consider the information space as a new frontier of geopolitical conflict and institutional vulnerability. The resilience of democracy in the 21st century will depend on our ability to identify, understand, and counteract the manipulative tactics embedded within FIMI operations, before they achieve their intended effect.
Understanding the Foreign Information Manipulation and Interference (FIMI)
According to the 2nd EEAS Report on Foreign Information Manipulation and Interference Threats (January 2024):
Tactics, Techniques, and Procedures TTP(s) are patterns of behaviour used by threat actors to manipulate the information environment with the intention to deceive.
“Tactics” are the operational goals that threat actors are trying to accomplish.
“Techniques” are actions through which they try to accomplish them.
“Procedures” are the specific combination of techniques across multiple tactics (or stages of an attack) that indicate intent and may be unique for different threat actors.
The Structured Threat Information Expression (STIX™) language is a data format used to encode and exchange cyber threat intelligence (CTI). It can also be used to share information on FIMI incidents, by breaking them down into their different constitutive elements.
The Response Framework to FIMI Threats is a systematic way of organising and conceptualising the analysis and response processes to FIMI. It merges two workflows:
- an analytical one providing information on the threat,
- a response one facilitating the decision-making process on countermeasures.
The Response Framework relies on the assessment of potential risks and vulnerabilities extracted from the aggregated knowledge of past investigations. Each organisation should adapt its strategy and organise preventive and reactive activities before, while and after an incident occurs.
The Threat Analysis Cycle provides a core analytical workflow that delivers on the both short- and long-term objective of systematically analysing and disrupting FIMI and disinformation by providing insights for quick and timely responses. The functioning of the Threat Analysis Cycle has been outlined in the 1st EEAS report on FIMI threats.
The Response Cycle provides one core response workflow defining evidence-based countermeasures to FIMI and disinformation. This Cycle is composed of a series of steps outlining the process to make informed decisions based also on the information obtained through the Threat Analysis Cycle.
Kill Chain describes an end-to-end process, or the entire chain of events, that is required to perform a successful attack. Once an attack is understood and deconstructed into discrete phases, it allows defenders to map potential countermeasures against each one of these phases.
The Risk Assessment Matrix measures the level of risk of an incident based on different indicators such as spread, severity, TTPs or potential consequences. The threat level scored by the matrix indicates the level of adequate action needed. Each organisation can design its own matrix based on internal capabilities and needs.
FIMI Toolbox is the Toolbox to counter Foreign Information Manipulation and Interference. The Strategic Compass, adopted in March 2022 by the EU, sets out a plan of action for strengthening the EU’s security and defence policy by 2030. One of the aspects covered in terms of security policy is the development of a Toolbox to counter Foreign Information Manipulation and Interference. The toolbox is a catalogue of instruments, many of which are in constant implementation, to tackle and respond to FIMI operations.
FIMI-ISAC Information Sharing and Analysis Centres (ISAC) are platforms that facilitate sharing of information between different actors about root causes, incidents and threats, as well as sharing experience, knowledge and analysis. Specifically, the FIMI-ISAC promotes the use of standardised frameworks, taxonomies, and data standards, enabling members to build upon shared threat models and information to better address emerging threats.
In recent years, the European Union has established many instruments that enable Institutions and Member States to address FIMI, while fully respecting fundamental rights and freedoms. The FIMI Toolbox outlines different areas and instruments that together constitute a robust and comprehensive framework for tackling FIMI.
The toolbox includes short-, medium- and long-term measures – from prevention to reaction – and it is a dynamic system in order to account for the constant evolution of the threat. Existing instruments can be complemented, where appropriate, by new instruments.
The Figure above should not be regarded as an exhaustive list of instruments, but aims to give an overview over the diversity of them across the four different areas. The FIMI Toolbox should also be seen as complementary to other Toolboxes, in particular the EU’s Hybrid Toolbox.
Cooperation across the domains is crucial to use them to their full potential. Moreover, in order to tackle FIMI, it is essential to cooperate with other players in the defender community – following the “whole-of-society” approach.
The instruments can be grouped into four dimensions:
1. Situational Awareness: A thorough understanding of the threat is a key prerequisite, to inform which responses and which responder are most appropriate.
2. Resilience Building: Examples include strategic communications, the cooperation in the EU’s Rapid Alert System or efforts to inform and raise awareness, which are ongoing on a permanent basis.
3. Disruption and Regulation: Efforts to further trust, transparency and safety in the information environment, such as the Digital Services Act, are permanent instruments that shape the environment in which responses to FIMI are taken.
4. Measures related to EU external action, including P Common Foreign and Security Policy (CFSP) and diplomatic responses: This dimension opens up instruments in the area of foreign and security policy, such as international cooperation, the G7 Rapid Response Mechanism or the sanctions on Kremlin-controlled outlets like RT and Sputnik.
Threat actors, from the 1st EEAS Report on Foreign Information Manipulation and Interference Threats (February 2023)
What does a threat actor want to achieve with their FIMI activity? To identify potential patterns, we assigned presumed objectives to FIMI incidents. By attaching a presumed objective to each of the 100 incidents we are able to assess if and how threat actors tailor their manipulation techniques according to what motivates their activity. The presumed objective may be identified based on the analysis of the observables and the TTPs, as well as the promoted content.
For this, the 5D (Dismiss, Distort, Distract, Dismay, Divide) classification was used.
■ Dismiss: to push back against criticism, deny allegations and denigrate the source;
■ Distort: to change the framing and twist and change the narrative;
■ Distract: to turn attention to a different actor or narrative or to shift the blame;
■ Dismay: to threaten and scare off opponents;
■ Divide: to create conflict and widen divisions within or between communities and groups.
When it comes to the most frequently used Tactics, Techniques, and Procedures (TTPs), threat actors pay special attention to the production and fabrication of content. The development of image-based and video based content were the two most recurrent techniques employed. Moreover, the use of formal diplomatic channels to distribute content was the most used technique to deliver content to online audiences. In order to maximize the exposure of the operations, the amplification of the content happened through cross-posting across groups and platforms to propagate the content to new communities within the target audiences or to new target audiences.
The Foreign Information Manipulation and Interference in the USA
According to the US Department of State, foreign information manipulation and interference is a national security threat to the United States as well as to its allies and partners. In January 2024, the U.S. Department of State announced an important new tool for addressing this problem: The Framework to Counter Foreign State Information Manipulation. This Framework seeks to develop a common understanding of this threat and establish a common set of action areas from which the United States, with its allies and partners, can develop coordinated responses to foreign information manipulation and protect free and open societies.
Authoritarian governments use information manipulation to shred the fabric of free and democratic societies. They manipulate social discourse, skew national and international debates on subjects of critical importance, and undermine democratic institutions. This transnational threat requires a coordinated international response.
The Framework serves as a tool for diplomatic engagement on the threat of foreign information manipulation. It will deepen cooperation between like-minded partners, establish a common operating picture, and support the development of resilient, fact-based information ecosystems. The Framework is based on five Key Action Areas:
(1) national strategies and policies;
(2) governance structures and institutions;
(3) human and technical capacity;
(4) civil society, independent media, and academia; and
(5) multilateral engagement.
1. National Strategies and Policies:
- Effectively addressing foreign state information manipulation requires countries to go beyond “monitor-and-report” approaches, to include developing and implementing strategies to counter this threat.
- These policies should ensure safeguards for freedom of expression, protection for marginalized groups, transparency in media ownership, and a commitment to protect elections from foreign malign influence.
2. Governance Structures and Institutions:
- Marshaling and administering a national-level approach to countering foreign state information manipulation requires designated governance structures and institutions within governments.
- The ability to organize dedicated government institutions to lead and coordinate national efforts, international engagement, and fact-based digital communication on foreign information manipulation is key to this effort.
3. Human and Technical Capacity:
- Effectively countering foreign state information manipulation requires technical means and human capacity to maintain threat awareness.
- Building effective capacity includes investing in digital security tools that can detect foreign state information manipulation and ensuring interoperability between government partners working to counter this threat.
4. Civil Society, Independent Media, and Academia:
- Civil society, independent media, and academia can play essential roles in informing and supporting government-led initiatives to counter foreign state information manipulation.
- Countering foreign state information manipulation is best done when governments protect and support the role of independent media, promote independent fact checking and media and digital literacy, and welcome public advocacy on the issue.
5. Multilateral Engagement:
- Multilateral organizations that leverage international cooperation to counter and build resilience against foreign state information manipulation are indispensable to alleviating information and capability shortfalls across partner nations.
The Way Forward:
A broad coalition of like-minded partners is key to successfully countering foreign information manipulation, as each country brings different strengths, capacities, and resources to offer.
The United States calls on partner countries committed to promoting open and fact-based information environments, free from foreign information manipulation, to endorse the Key Action Areas included in the Framework and to begin working towards a coordinated approach to this transnational threat.
By committing to these five Key Action Areas, the United States with its partners and allies can begin working bilaterally and multilaterally to build societal resiliency to foreign disinformation.
No borders
Foreign information manipulation and interference knows no borders and is not just a threat for one country, but for the international community and the international, rules-based order.
As shown during the COVID-19 pandemic, foreign actors have tried to exploit citizens’ fears around the world to confuse the public and discredit efforts in democratic countries to curb the spread of the virus and attempted to portray authoritarian regimes as better equipped to deal with such a crisis, thus trying to undermine democracy as such. The political and security challenge of FIMI needs to be addressed both at the regional, national, and international level.
A whole-of-society approach is important to leverage the different capabilities and competences that lay with governments, civil society and private industry. International partners may have valuable experience in regional areas where the EU wants to increase its work on tackling FIMI; an awareness of ongoing initiatives by international partners in regions where the EU engages in is also of utmost importance to avoid duplication and – where possible – streamline efforts and cooperate. Therefore, only if the EU brings together all these stakeholders in a meaningful way can it tackle the threat in a comprehensive and effective manner.
Defending our societies against FIMI means safeguarding the common public space in which ideas can be freely debated and formed.
Cyber Risk GmbH, some of our clients
