March 2025
The electoral year of 2025 in Europe opens up the issue that has already transformed into the regional stress-test: how secure are the elections in the digital age? In the conditions of fragmented societies, algorithmically-led elections, and global competition for influence, the electoral process is becoming a point of intersection of classical politics and the cyber domain. In the Balkans, where the lines between the state, party, and the platform are often dimmed, democracy is being coded under new protocols – the ones shaped by the “encryption of power“ and the fight for “digital sovereignty”.
Formally speaking, all countries of the region have a legal framework that protects the elections. In practice, the security of the system depends on the ability of the institutions to recognize an invisible attack. When hybrid threats emerge, the signal is masked as noise – as a virtual publication, “leakage” of data, false proclamation, several hundred bots creating a digital echo. The aim is not only to steal votes, but also to corrode the trust.
Old-fashioned forms of meddling, such as financing parties or controlling the media, are now giving the spotlight to precise digital interventions. During 2024, we have registered many incidents of intrusion into electoral networks in Southeastern Europe. The majority of attacks occurred from outside the region. The methodology is known: a combination of phishing campaigns, compromised servers, and vote-counting software manipulation. This new layer of threat consists of the use of artificial intelligence – the creation of fake video footage (deepfake) and documents with credible metadata. The code is clean, the message is convincing, but the goal remains the same – systemic destabilization.
Countries in political transition are the most vulnerable to such an attack. North Macedonia, Montenegro, and Bosnia and Herzegovina show a clear pattern: when the infrastructure is partially digitalized and partially dependent on foreign providers, the space between these two layers becomes a vulnerability. In these “dark zones of the network“, a foreign influence is easily installed.
Regional pressures come from multiple directions. Western countries are pushing the standards of transparency and digital reform through technical aid programs. Russia, China, and Turkey use different protocols. The Russian model relies on a two-layered strategy – destabilization through the spread of disinformation and the creation of local networks that reproduce messages from central nodes. The goal is not to conquer territory, but to preformat the political reality. The Chinese approach is quiet, but deeper: investments into telecommunication, data-centers, and “smart” cities carry along technical channels for access. The Turks are implementing a hybrid version – a combination of cultural and media flows that exert their influence through soft power, often beyond traditional political institutions.
This is how the “hybrid triad“ of threats emerges: disinformation, technological dependence, and media engineering – three algorythms who are together disturbing the fundamental system of trust. The issue lies in the fact that the majority of Balkan states are still treating cybersecurity as an IT issue, and not as a security paradigm. The national electoral commissions often do not have any operational teams that could realistically respond to coordinated digital attacks. The incidents are discovered only when they have already become a part of public discourse, and at that point, the political damage is already done.
The lack of cooperation between state and private actors is additionally weakening the system’s resilience. Even though there are networks such as regional CERT teams or cooperation with ENISA, they are directed towards the technical level of protection, and not the strategic level. And without synchronization of intelligence, media, and electoral structures, the defence remains fragmented – as a system without a common key.
The consequences are deep. Hybrid threats do not attack only the infrastructure, but the perception as well. If the citizens believe that the elections are compromised, the algorithm of trust ceases to function. The research conducted in the second half of 2024 shows that more than 60% of respondents in the region believe that the elections will be manipulated. This is the breaking point: when trust falls below the threshold, the democratic system loses the function of self-correction.
The solution demands the redefinition of the security of elections in three steps: technical resilience, media literacy, and regional coordination. The technical resilience implies control over the critical infrastructure, audit of algorithms, and domestic centers for anomaly detection. Media literacy implies strengthening the ability of citizens to differentiate a signal from the noise. And the regional coordination implies synchronization of intelligence, regulatory, and electoral bodies under a common framework – a sort of system of a common key.
Elections are no longer only a political process: they are a test of national security. In the Balkans, where the institutions are vulnerable and the public space is flooded with disinformation, each electoral cycle is a stress test of digital sovereignty. Democracy is no longer the question of ideals, but the resilience of the system. If the encryption of power is not protected, the code of trust can easily be broken.
Author: Aleksandar Stanković