Between 13–14 February 2026 the Munich Security Conference converted rhetoric about a “Zeitenwende” into concrete policy direction: European leaders pressed for a stronger, more autonomous defence posture while tech and cyber policy shifted from protection to potential action. Three developments in the last 12–36 hours — Chancellor Friedrich Merz’s call for a self‑standing European pillar inside NATO, the EU tech chief’s public endorsement of offensive cyber capacity, and Germany’s reported draft reforms to widen cyber‑operation authorities — together mark a tactical pivot with direct consequences for Germany, the EU industrial base and NATO’s eastern deterrence.
Politics: Merz frames strategic autonomy without breaking NATO
On 13 February 2026 Chancellor Friedrich Merz used his Munich opening speech to argue that Europe must “cast off” excessive dependence on the United States while keeping NATO central, saying in Munich that “even the United States will not be powerful enough to go it alone.” His remarks, and reported follow‑on talks with President Macron on deeper European defence arrangements, signal Berlin’s intent to lead a stronger European pillar — not to split the Alliance but to make Europe a more operationally capable partner. See Merz’s speech and reporting from the Munich Security Conference at The Guardian. NATO officials and the Secretary‑General’s presence in Munich underline that this push is being argued inside alliance fora, not outside them; NATO’s public programme and engagement at the conference are available via NATO.
Cyber: defence to deterrence — offensive options enter mainstream debate
On the sidelines of Munich the European Commission’s tech and security vice‑president Henna Virkkunen publicly stated that defence alone in cyberspace is insufficient and Europe “also has to have offensive capacity,” a shift Europe’s capitals have long debated. Reporting by POLITICO captured this statement and framed it as part of a broader move among several member states to accept proactive cyber options; read POLITICO’s coverage at POLITICO. Parallel to those statements, reporting indicates Berlin is drafting legislative reforms to expand the legal mandate for German agencies to conduct active cyber operations and “active cyber defence” abroad; that reporting and its early detail are summarised by the Digital Watch Observatory at dig.watch. Together these items show an operational and legal normalisation of offensive cyber tools — a change that will alter NATO burden‑sharing, escalation management and oversight requirements across Europe.
Tech sovereignty and resilience: quantum and industrial policy meet security
The push for offensive cyber capacity sits alongside investment in technological sovereignty. The EU’s Euro‑HPC programme inaugurated the Euro‑Q‑Exa quantum system in Munich on 12 February 2026, a concrete signal that Europe is accelerating sovereign computing and cryptographic resilience programmes; full details are at the EuroHPC press page here. For Germany, the combination of hardened cyber doctrine, domestic legal reform and major compute investments means defence planning will increasingly intersect with industrial policy: protecting critical infrastructure now requires not only operational cyber units but guaranteed supply chains, secure hardware and national capabilities to resist chip, cloud and quantum dependencies.
Strategic implications for Germany, Europe and NATO
First, for Germany: Berlin now faces a dual test — to translate conference rhetoric into durable institutions that link the Bundeswehr’s eastern‑flank commitments with civilian resilience at home. Legal reform to enable active cyber measures will require parliamentary scrutiny and new oversight mechanisms; Germany must reconcile offensive options with constitutional constraints and allied signalling. Second, for Europe: the emerging consensus at Munich pushes the EU from doctrine toward capability: offensive cyber tools, quantum infrastructure and industrial de‑risking will accelerate procurement, common certification and collective crisis playbooks. Third, for NATO: stronger European capabilities are intended to strengthen the Alliance, but they also raise doctrine and command questions — how offensive cyber actions will be coordinated, attributed and de‑conflicted with allied operations on the eastern flank. NATO’s presence in Munich and the public interventions by European leaders show this will be argued within Alliance structures, not outside them (NATO; The Guardian).
What has changed in the last 12–36 hours is not a single decision but a coherent policy direction: German and EU elites are moving offensive cyber capacity, industrial sovereignty and total‑defence thinking from contested options to mainstream strategy. The tactical priorities from here are legal clarity, parliamentary oversight, interoperable command arrangements with NATO partners, and resilient industrial supply chains — all urgent if Europe intends to convert Munich’s political momentum into credible, controllable capability.