7 min read — Netherlands | Security | Defence | Military
Rearming Europe: Following the Netherlands’ Example?
Gijs Tuinman, State Secretary for Defence of the Netherlands, recently challenged Dutch industry to develop a domestically-produced equivalent of the American Tomahawk missile. In doing so, Tuinaman had inadvertently challenged the rest of Europe to similarly follow Dutch ambitions of limiting its dependence on foreign technology for military procurement.
In his speech at the NEDS defence exhibition in Rotterdam, Tuinman stressed that “drones alone are insufficient” and cannot provide the same reach or deterrence effect as deep precision strike (DPS) missiles. Researcher Lotje Boswinkel came to the same conclusion about the drone versus long-range missile systems debate, arguing, “Yet, on the Ukrainian battlefield, long-range systems demonstrated their worth, disrupting logistics and command nodes or reducing Moscow’s oil refining capacity.”
The pursuit of Dutch long-range strike capabilities mirrors efforts across the continent as European countries and the EU step up initiatives to protect themselves from Russia. The Swedish Armed Forces published a report in November arguing for long-range capabilities saying, “The ability to conduct strikes at significant distances enhances deterrence and aims to degrade adversaries’ critical infrastructure and military assets.” Such developments demonstrate that European nations of all sizes recognise the need to be equipped with missiles capable of deterring future Russian aggression, with the Netherlands is leading by example that such missiles can and should be produced on European soil.
Domestic DPS Solutions over American Ones
To fill the Dutch military’s desire for a ground-launched, long-range cruise missile, Tuinman asked domestic manufacturers to design a simplified Tomahawk alternative that could be produced quickly and in mass quantities. He said a national solution was needed to ensure continuous updates and reduce reliance on foreign suppliers, especially given increased European and international demand for such munitions, preventing “smaller countries from acquiring new missiles quickly when situations evolve.”
Without explicitly saying so, Tuinman highlights problems with Europe relying on foreign long-range missiles, most notably the Tomahawk which has “long been the benchmark for long-range precision strike.” One issue is the cost. Tomahawks are expensive with an average export cost of $2.5-4 million per missile, which excludes the required, but costly maintenance and software updates, a ticket price which could create some hesitation. This restricts use to strategic targets, and given that four out of sixteen fired recently in Nigeria did not detonate, their efficacy is also questionable.
Even if cost and efficiency were not an issue, the main problem is that the U.S. needs Tomahawk missiles with Trump arguing, “We want Tomahawks, also. We don’t want to be giving away things that we need to protect our country.” Production by missile manufacturer Raytheon is limited, pushing foreign orders after American, making delivery times longer than announced with lower quantities than expected. This will be exacerbated as a recent report from The New York Times reveals that the Tomahawk’s accuracy depends on samarium, a rare-earth metal processed primarily in China and, following trade disputes with Washington, Chinese authorities put restrictions on its sale to American companies. Raytheon found an alternative supply in France, but the stock is limited.
Another concern not openly evoked is America’s new stand-off position towards Europe and what that means for weapons it controls. When Trump floated the idea of providing Ukraine with Tomahawks, he said their use would remain under US operational control, as with ATACMS supplied to Ukraine. This has kept Ukraine’s hands tied as top EU diplomat Kaja Kallas observes, “They use weapons that are not produced in Ukraine [and] sometimes there are limitations on how they can use those weapons … your military needs to really have free hands in this regard.”
These might have all factored into Tuinman’s challenge and may have also contributed to Dutch officials’ decision to cancel an order for Tomahawks to equip current Walrus-class and future Orka-class submarines manufactured by France’s Naval Group. In 2023, the Dutch government announced it intended to purchase Tomahawks for maritime DPS capabilities. Whilst the order for its frigates stands, in May 2025, Dutch officials said “prohibitive cost and time overheads” needed to restart production of the submarine-compatible Tomahawk variant meant they would seek an alternative. In June, Tuinman said its Navy would pursue the submarine-launched version of the Joint Strike Missile (JSM-SL) under development by Norway’s Kongsberg and expected to be operational by 2032.
The choice was surprising as observers agree the most logical alternative is MBDA’s Naval Cruise Missile (NCM) since they are readily available, battle-proven and already equip Suffren-class submarines from which the Netherlands’ future Orkas are derived, but with conventional propulsion. Naval Group made the same proposal to Poland as it seeks DPS capabilities for its Orka programme, but Poland has apparently selected Saab’s offer. However, when visiting Naval Group’s Toulon site, Polish delegates signed a letter of intent with French officials to work together to develop ground-launched, long-range cruise missiles.
Might Working with European Partners be Better Than Purely Domestic Efforts?
The Netherlands has shown it understands the need for European-made deep strike capabilities for reasons of availability and sovereignty and others are following. Poland, who has historically relied on American JASSM-ERs, recently started developing a 500km-range cruise missile. Defence journalist Dylan Malyasov says, “Poland’s decision to develop a homegrown system underscores its intent to strengthen national defense industry capacity and reduce reliance on foreign suppliers,” but the country might select joint production for farther-reaching solutions.
This approach has been pushed by European Commission President von der Leyen who has urged countries to identify ‘flagship capabilities at European level’ and work together on producing weapons ‘beyond the capacity of individual Member States’. For her, the priority is, “We must buy more European. Because that means strengthening the European defense technological and industrial base (EDTIB).”
Tuinman said he wants a domestically-produced solution, but Clingendael, the Netherlands Institute of International Relations, observed that, “The European defence industry is currently not operating at full capacity, primarily due to the absence of long-term contracts” and urged the Dutch government to “Contribute to European collaborative programmes and invest in key priority areas” including “deep-strike missiles.”
Given these observations, Dutch officials should consider collaborating with European allies instead of trying to ‘go it alone’ investing in a costly missile programme. In 2024, France, Germany, Italy, and Poland launched the European Long-Range Strike Approach (ELSA) to develop ground-launched cruise missile capabilities (1000km) by 2030 and “ensure better burden-sharing within the alliance.” The initiative has since been joined by Sweden and the UK, with Greece and the Netherlands expressing interest.
This could be a smart move because by joining ELSA, the Netherlands would help achieve economies of scale, interoperability and sustainably support the EDTIB by pooling orders and giving momentum to projects being developed. ELSA participants have not announced its first project, but various options are underway, including MBDA’s Land Cruise Missile (LCM), the ground-launched version of its NCM, which should be tested by 2028.
Andrius Kubilius, EU Commissioner for Defence and Space, said, “I know some of you may be thinking: Why work together in Europe? When most of the money is national? Why not just go national? I think that would be a big mistake for our defence… We need more unity now, not less.” This is increasingly vital as tensions with Washington mount over Trump’s posturing regarding Greenland. Europe, now more than ever, needs to join forces and ensure its own security.
This architecture was designed to mitigate potential limitations observed in the decentralised enforcement of other regulations. Under the General Data Protection Regulation (GDPR), providers engage in forum shopping among national regulators by leveraging fiscal arguments. In Ireland, the pressure to levy heavy GDPR fines has directly clashed with the need to remain a tax-friendly haven for the providers it is supposed to police. A glaring conflict of interest.
To achieve uniform enforcement, the AI Act centralised the supervision of General-purpose AI (GPAI) under the AI Office. This GPAI centralisation, consisting of models trained with large amounts of data using self-supervision, and capable of performing a wide range of tasks, was a first step. But, in truth, the AI office’s judicial weaknesses risk replicating the same harmonisation issues. Beyond its GPAI mandate, the AI office remains an advisory body for MSAs, lacking the authority to revise or harmonise decisions made by national regulators. Embedded in a broader struggle over single-market integration, this shift reflects the friction within the Commission’s ambition to centralise digital regulatory oversight.
To this limitation, a barrier specific to open-source AI could arise. Since open-source AI is not the core focus of the regulation, regulators may not have the capacity for independent assessments specific to the technology. This could lead to a lack of genuine oversight, particularly acute among MSAs who will have asymmetrical enforcement capacity.
Open-Washing and the limits of self-assessments
Layered on top of that institutional limitation, a substantial part of the AI Act’s regulatory framework for open-source AI consists of pre-commercialisation requirements imposed by providers themselves. These ex-ante obligations vary widely depending on the type of model. From commercial GPAIs to open-source AI systems, all are subject to specific pre-market mandates.
From a regulatory point of view, under this regime, it is the providers’ self-assessment that drives compliance, placement and access to exemptions. When pre-requirements are not required to be externalised, declarations need not be scrutinised under independent assessment. The provider declares open-source status, asserts a sub-threshold compute figure, and so on. This design makes the regime’s integrity rest primarily on the provider’s good faith and on the commercial and reputational incentives to comply.
Even if this model is gaining traction in Brussels, scrutinising its success under GDPR shows that compliance is far from perfect. The track record under GDPR offers little comfort: eight years on, nearly three-quarters of EU data protection professionals believed their companies would be found in violation if investigated. The AI Act is poised to inherit these exact weaknesses. But for open-source AI, the issue deepens, as regulators are even less likely to identify violations. Neither the AI Office nor MSAs have the tools for independent verification. Even if providers have compliant documentation, regulators lack the means to verify whether the statements are true. The future of open-source AI compliance risks becoming one where self-assessments pile up on regulators’ desks, certainly read, but most likely unverified, unaudited, and unchallenged.
The concern is not merely theoretical. In today’s “pre-enforcement era”, partial compliance is already the norm among open-source AI providers. A review of the baseline differentiation requirements that define open-source AI reveals concerning results. Among Chinese open-source AI models and GPAIs, 97% use permissive licences, but only 12% disclose their basic training data. Despite this clear gap with the legal definition, 88% of these Chinese models are accessible within EU jurisdiction. The regulation has not yet been enforced, and the violations are already visible.
This is not merely a Chinese-specific phenomenon. Across the Atlantic and within the EU, major GPAI providers are engaging in “open-washing”. These providers pass “open-weight” for “open-source” while hiding their training data, most famously with Meta’s communication around Llama.Within this blurry legal line, providers may be increasingly tempted to claim the open-source AI label solely to exploit its exemption regime, thereby escaping the otherwise more stringent requirements of closed-source models.
For blatant violations, such as “open-washing”, the first fines may be issued quickly. However, ex post verification of requirements based on technological architecture may be constrained by regulators’ limited resources. The enforcement curve, in other words, will be steepest precisely where the violations are hardest to see.
The failure of Extraterritoriality for non-EU Open-source providers
Given the nature of the AI economy, whether EU law can reach beyond its borders is ultimately the most important question. The extraterritorial power of open-source AI provisions can only be assessed against the existing track record of EU regulations with a similar enforcement structure. The EU’s flagship data protection policy, the GDPR, shares a striking resemblance with the AI Act. Largely seen as the EU’s strongest extraterritorial regulatory instrument, it has multiple mechanisms that the AI Act lacks (e.g., Adequacy Decisions). Therefore, where the GDPR’s extraterritorial enforcement fails, the AI Act’s enforcement will likely yield the same results.
The “Brussels Effect”, the idea that the weight of EU market access compels globalised compliance of its rules, has driven European regulatory ambition around AI. Previously, this “market power Europe” logic has operated through a simple commercial calculation: global firms weigh the cost of compliance against the economic gains of EU market access. Whether that means access to EU data flows under GDPR or access to EU consumers in the case of closed-source AI, where market access is commercially valuable, compliance follows. For closed-source AI, market power holds. The effect operates through the conditionality of commercial relationships.
However, for open-source AI, this commercial relationship is absent. The provider does not lose revenue if EU consumers do not use its model, as it is freely available online. Additionally, open-source AI providers do not control access to their models. Once they are publicly available, the provider cannot formally remove them from the internet or restrict access to them. The Brussels Effect depends on leverage; open-source AI dissolves it.
Meta’s open-source AI GPAIs exemplifies this distinction. Since 2024, Llama 4 multimodal models have not been “banned” from the EU due to GDPR infringement. Following this ban, Meta’s response was not compliance but withdrawal. Declining to officially release certain models in the EU rather than bear the cost of meeting its obligations. This illustrates the edges of the EU’s market leverage. As a provider with an EU establishment, region-locking was the rational economic choice. Compliance, in this instance, was simply not worth the trouble. The EU gained neither compliance nor a globally exported standard, but only restricted access, which is, in any case, trivially easy to circumvent. Simply visit Ollama, and the strength of the EU’s prohibition becomes immediately apparent. In this scenario, the regulatory authority failed to produce either compliance or control, leaving EU citizens exposed to a model that is illegal under the GDPR.
For providers with no European foothold, the picture is bleaker still. First, when a provider lacks a physical or legal presence in the EU, the Union lacks a jurisdictional anchor. There are no assets to seize, no contracts to condition, and no local operations to pressure. Second, when the provider derives no revenue from the European market and favours a business model of free publication over restricted commercialisation, the economic incentive for compliance is absent. Third, when an open-source AI is published online, the provider loses control over its distribution, making region locking ineffective. In these three instances, the EU regulatory authority is clearly ineffective. These providers are not hypothetical: Chinese GPAIs such as DeepSeek, Qwen, and Kimi match this profile precisely and operate entirely beyond the reach of the EU.
The failure of EU extraterritorial legal reach over such providers has already occurred under GDPR and may very well repeat itself for open-source AI. Infamously, despite fines totalling approximately €100 million imposed by five EU regulators, Clearview AI has refused to pay and delete EU data. The company has ignored regulatory enforcement because the EU has no leverage over its operations.
The AI Act is a bold attempt to fence in the future, but for open-source AI, the fences are mostly cosmetic. Caught between “open-washing” by tech giants and the total lack of leverage over offshore providers, the enforcement of the AI Act’s open-source provisions risks being partial and easy to bypass. In some cases, through a single click.
Disclaimer: While Euro Prospects encourages open and free discourse, the opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or views of Euro Prospects or its editorial board.
Write and publish your own article on Euro Prospects
Subscribe to our newsletter – stay informed when we publish articles on pressing European affairs.
