Defense: Seizing EU opportunity while mitigating risk

Why is this an important issue now?

Geopolitical volatility has put defense readiness—and defense spending—in the spotlight. In the U.S., the defense sector is benefiting from huge government investment under the current federal administration.

Europe is also seeing a major surge in spending. Germany, the United Kingdom, and France are expanding multi-year defense plans, while NATO member states have pledged to allocate 5% of GDP to defense.

As the security landscape across Europe evolves, and the EU seeks to safeguard its strategic autonomy, defense is becoming a cornerstone of its industrial revival and competitiveness policy.

As such, the EU defense sector is undergoing a structural shift: higher budgets, evolving procurement rules, and a push to broaden its industrial base to reduce external dependencies.

What are the main legal and regulatory considerations involved in defense investing?

Diligence playbooks if you are considering entering the sector

The defense market brings distinct legal, regulatory, and reputational exposures that require board-level oversight. Businesses considering entry must evaluate their strategic fit and risk-adjusted returns, given the sector’s unique profile which is shaped by government clients, strict compliance regimes, and complex contractual obligations.

• Government clients and prime contractors impose extensive compliance requirements, particularly around sanctions, anti-corruption, and reporting. Contracts often dedicate significant sections to these issues, and primes reserve the right to terminate agreements. Companies must therefore invest in robust, formalized compliance frameworks; generic or “light touch” approaches are insufficient.
• Defense contracts are typically inflexible, locking parties into specific supply chains and imposing strict obligations around security of uninterrupted supply. This extends throughout the supply chain; companies are responsible for their own compliance and that of their suppliers and subcontractors. Regular audits, frequent compliance checks, and the imposition of strict contractual obligations on third parties help mitigate these risks.
• Companies are advised to be audit-ready at all times by investing in comprehensive compliance training, supply chain oversight, and regular internal reviews. The consequences of compliance failures range from contract termination and financial penalties to reputational damage and exclusion from future opportunities. Boards must factor these risks into their evaluation of potential returns on participation.
• Businesses thinking of entering the sector must also assess the reputational implications, alignment with ESG frameworks, and the potential impact on existing business lines. Boards should require their management teams to develop and maintain clear ESG and reputational risk strategies, which should include transparent communication and stakeholder engagement. Focusing on dual-use and infrastructure opportunities can help mitigate reputational risks while supporting national priorities.
• Companies should regularly review and update their defense strategies to remain aligned with stakeholder expectations and market realities. With such a heavy focus on defense, boards should assess their existing portfolios to identify assets that could be repurposed to meet defense needs. This approach not only opens new revenue streams but also aligns with the EU’s drive to strengthen supply chain resilience and technological sovereignty.

How can active market players monitor ongoing risk in defense programs?

Succeeding in the EU defense sector requires continuous risk monitoring, compliance, and adaptation amid a rapidly evolving regulatory landscape.

• Effective risk monitoring starts with governance. Companies should allocate dedicated board members, establish specific committees, and put in place clear reporting lines focused on compliance and risk management to identify and address regulatory changes and emerging issues, as well as committing sufficient personnel and budget.
• Regular and thorough training for all staff, especially new hires, is essential to ensure everyone understands their obligations regarding sensitive information and broader compliance protocols. Post-incident training sessions reinforce the importance of vigilance and procedural discipline.
• Due to the sector’s particularities, boards must ensure that their organizations comply with internal regulations and the more stringent requirements of government clients and prime contractors. Even in Europe, where there is a strong push to create a regional defense industry, this may mean adapting to local practices and engaging with sector experts who understand a market’s unwritten rules and expectations.
• Companies must ensure that all staff and third parties are aware of and adhere to internal and contractual compliance obligations by using proactive communication, training, and expert guidance.

How should defense-related M&A transactions be structured?

Acquisitions of, or partnerships with, established defense players or innovative startups—particularly in high-demand areas such as cybersecurity—are a common route via which to enter the defense sector. However, the due diligence required for defense-related M&A transactions is far more rigorous and takes longer than in other industries. Deals need to pass regulatory screening, security clearances, and compliance with both national and EU-level requirements. These complex legal, ethical, and operational standards can present barriers to entry for many interested parties. Below are some key considerations to be taken into account:

• The EU is accelerating joint procurement to leverage economies of scale and build strategic autonomy. Under recently launched programs such as the European Defense Industry Program (EDIP) and Security Action for Europe (SAFE), public funding is subject to minimum EU content requirements: components sourced from outside the EU and associated EEA countries are limited to 35% of total production value. These rules are designed to reduce strategic external dependencies in the current geopolitical context. Because of the direct link between access to EU defense funding and FDI clearance¹, early engagement with screening authorities is essential to ensure alignment with company strategy and to avoid costly missteps.
• Public procurement processes are formal and resource-intensive, often requiring significant guarantees and protections that may present barriers for smaller businesses. Additionally, the defense sector is subject to highly sensitive crossovers, such as ESG scrutiny, sanctions regimes, and national security controls. Acquirers should take this into account, as any gaps or vulnerabilities may affect deal value, require remediation, or extend transaction timelines.
• Success in the EU defense sector is not just about products and compliance, it is also about relationships. Establishing connections with prime contractors, defense administrators, and local authorities is crucial to becoming a trusted supplier or partner. Companies are advised to send representatives to key markets, invest in local expertise, and actively participate in industry networks to build these relationships.
• Infrastructure—such as ports, airports, and critical logistics—can represent a way for non-traditional defense companies to participate in the sector. However, such transactions may trigger enhanced FDI scrutiny and critical infrastructure designations, which should be factored into deal structuring and timeline planning.

Three further issues for boards to consider

• A structural growth cycle: Europe’s defense sector is entering a multi-year expansion phase driven by deeply rooted geopolitical transformation, rather than short-term budgetary adjustments. Order backlogs at Europe’s largest defense companies have risen by approximately 15%, creating pressure to expand production capacity². This cycle is underpinned by political consensus across the EU institutions and member states that strategic autonomy requires sustained industrial investment—making a policy reversal unlikely regardless of any shift in transatlantic relations.
• The boundaries of “defense” are expanding: As the security situation in Europe continues to evolve, policymakers are broadening the definition of what constitutes a “defense” activity. Dual-use technologies, critical infrastructure, and enabling capabilities are increasingly being drawn into the defense perimeter. This trend is reflected in the proposed “EU Competitiveness Fund” under the next Multiannual Financial Framework (the EU’s budget for 2028–2034), which will merge defense and security considerations with connectivity, decarbonization and health priorities. For businesses, this represents both risk and opportunity: companies with relevant conversion potential should assess their strategic positioning, while incumbents may face new competition from agile technology entrants.
• The near-term regulatory pipeline will shape market access: While the strategic direction continues, several developments in 2026 will determine how opportunities materialize in practice. These include the operationalization of SAFE and EDIP funding programs, guidance on third-country participation and guarantee requirements, the Defense Procurement Directive review, and the entry into force of the new EU FDI Regulation. Businesses should monitor these developments closely, as they will determine eligibility thresholds and the practical mechanics of accessing EU defense industrial support. 

Footnotes

_{1. This point is based on the fact that both EDIP and SAFE regulations include provisions allowing for an exception to the 35% external content cap if the investment in the EU entity has been cleared in an FDI screening procedure (Art. 16 SAFE, Art. 9.6 EDIP).} 

_{2. McKinsey European Defense Report 2025. Available here: Five catalysts to transform Europe’s defense | McKinsey.}