Newsletter
What Our Experts Are Reading and Listening to in 2026
Published
December 09, 2025
Dear reader,
As the year draws to a close, it's clear that 2025 has been an intense and fast-moving one for digital and tech policy. Europe has begun engaging more seriously with questions of digital sovereignty — reflected, for example, in the Franco-German Digital Sovereignty Summit in November — while broader debates on governance, security, and technological competitiveness have gained momentum across the continent.
Our experts have followed these developments closely. Throughout the year, they have published a wide range of analyses and policy briefs on these and other key issues; you will find an overview of our most recent papers below.
One question we've been asked repeatedly this year is: What do our experts actually read and listen to in order to stay up to date? Which blogs, newsletters, and podcasts do they rely on in their daily work? You'll find their recommendations in this edition as well.
Happy reading, and warm wishes for the weeks ahead.
Luisa Seeling
Our Experts' Reading & Listening Picks
Blood in the Machine
Blood in the Machine is a Substack newsletter from tech journalist, columnist, and author Brian Merchant. The newsletter features a lot of original reporting and recaps of the latest news on big tech, automation, and AI, and includes a series called AI Killed My Job, in which Merchant interviews professionals from different fields who have lost their jobs due to AI. A necessary subscription for anyone eager to read excellent tech criticism or curious about neo-luddism!
Recommended by Catherine Schneider
Cyber & Cognitive Conflict Compass (4c)
The Cyber & Cognitive Conflict Compass (C4) Newsletter is my go-to for a well-curated weekly snapshot of cyber operations, policy developments, and relevant research. It offers a clear, thoughtful selection of what matters in cyber and information conflict and cyber diplomacy without being overwhelming. A good choice if you want to stay up-to-date in this space.
Recommended by Helene Pleil
Cambrian
Cambrian is a very new Substack, but the recent article "Compute Is Not the Answer to AI Sovereignty" was one of my favorite reads lately. It offers a clear, evidence-based perspective on the limits of relying solely on large-scale GPU deployments for national AI sovereignty. Much like our own analysis for the EU, it stresses the importance of considering the entire supply chain, ecosystem interdependencies, and the often underprioritized demand side in the UK’s AI ambitions. A timely reminder that full sovereignty in AI is unlikely — and that securing strategic positions to create mutual dependencies must be a key part of current European AI strategy efforts.
Recommended by Julia Hess
Seriously Risky Business
Seriously Risky Business is an Australia-based outlet that delivers some of the most clear-eyed national-security takes on cybersecurity you’ll find — refreshingly sober and deeply informed. The team serves up timely analysis with sharp guests across newsletters and, of course, their podcast. The latter is a must-listen for anyone working at the intersection of national security and cyber.
Recommended by Sven Herpig
Dwarkesh
Dwarkesh is hands down the most rigorous podcaster I know! One week he is asking "what might a fully automated firm look like?", the next he's dissecting why Japan lost WWII, then pivoting to why the biggest AI models can't solve simple puzzles or when AGI might arrive. He spends a week or more researching each topic before interviews, and he's unafraid to go niche, booking whoever can teach him the most rather than chasing the biggest name in the field (although you will find some legends on the podcast there as well like Richard Sutton).
Recommended by Lisa Soder
The Rest Is Classified
The Rest Is Classified offers a broad range of perspectives on the messy realities of government surveillance past and present. Each episode sheds light on either famous or more arcane intel operations and the underlying methods of data collection. Listeners may appreciate the granular storytelling and reflect on the implications for privacy, data protection, and digital rights. If you care about government access to data for national security purposes (and how this is or isn’t the focus of democratic oversight), you’ll find this podcast worthy of your time.
Recommended by Thorsten Wetzling
Vik's Newsletter
Vik's Newsletter by Vikram Sekar offers sharp, well-researched insights into the inner workings of the semiconductor world. With an experienced chip engineer behind it, the Substack pairs technical insight with accessible explanations, serving both industry veterans and curious outsiders. It fills the gap between academic publications, industry news, and policy discussions. Some editions are paid, but the depth of the content makes it well worth it for anyone who wants to get a better understanding of the semiconductor technology itself.
Recommended by Maria Nowicka
SWP WebMonitor
The roughly quarterly cybersecurity, emerging tech, and digital policy digest (SWP-WebMonitor Cybersicherheit und Digitalpolitik) published by the German Institute for International and Security Affairs (SWP) compiles think-tank publications and selected other sources, organized by topic, making it easy to stay updated on key developments in the field. Although the title, table of contents, and some documents are in German, most of the referenced reports are in English, making the digest valuable for an international audience as well.
Recommended by Christina Rupp
AI Supremacy
If you want to make sense of the fast-moving world of AI, read AI Supremacy, a Substack newsletter by analyst Michael Spencer. It mixes reliable news, thoughtful analysis, and big-picture insights on where AI is headed and how it’s shaping technology, business, and everyday life. AI Supremacy cuts through the hype and keeps you informed about the trends and breakthroughs that matter most.
Recommended by Nicole Lemke
Collateral Damage
Collateral Damage, a podcast series from The Intercept, shows how the war on drugs created a system of unchecked policing, with innocent people routinely caught in its path. The series reveals a broader pattern in which surveillance, raids, and informant networks thrive without oversight, eroding due-process protections and rewarding force over fairness. Though rooted in U.S. cases, the warning is universal: any democracy that expands coercive powers faster than accountability risks the same abuses — with real-life effects.
Recommended by Corbinian Ruckerbauer
Natto Thoughts
Natto Thoughts is a thoughtful Substack by the Natto Team, offering clear-eyed analysis on China, geopolitics, cybersecurity, and the cultural undercurrents that shape them. Their newsletters unpack big-picture trends without the noise, pairing smart research with an accessible tone. It's an excellent pick for readers who want to understand how technology, politics, and culture interact — without getting lost in the weeds.
Recommended by Sven Herpig
404 Media
404 Media is putting out the best independent tech reporting newsletter out there right now, hands down. It was founded by journalists and does some incredible investigative reporting and has some scoops about cybersecurity, surveillance, and tech within society. They also have a great podcast if you prefer audio.
Recommended by Catherine Schneider
CTO at NCSC — Cyber Defence Analysis
The weekly newsletter by Ollie Whitehouse, the Chief Technology Officer of the UK National Cyber Security Centre, provides concise summaries of political and technical developments, new guidance, law-enforcement actions, think-tank reports, threat research insights, and notable reporting — making it a valuable resource for staying updated across strategic and operational dimensions of cyber policy.
Recommended by Christina Rupp
Our Latest Publications
Assessing Irresponsibility in Cyber Operations: A Guide for Operators and Decision-Makers in Times of Strategic Competition
Drawing on recent cases of irresponsible cyber activity, Sven Herpig sets out seven "red flags" to help governments and operators assess when cyber operations risk crossing normative lines. The paper offers a practical tool for decision-makers navigating strategic competition, highlighting behaviours that undermine stability and should prompt restraint.
Signals in the Noise: Building Governmental Capabilities to Detect Cybersecurity Threats
Amid rising cyber threats, Christina Rupp argues that detection — the ability to spot malicious signals in vast volumes of digital noise — is a crucial source of effective cybersecurity. Yet detection capability building remains under-prioritized, with many governments lacking the skills and tools to monitor threats, and with little attention to the issue in international cyber diplomacy. Rupp outlines why stronger detection capacities matter for early warning and norm implementation and shows how governments can strengthen their own capabilities as well as support partners in developing theirs.
Soft Law, Hard Risks? Co-Regulation and Risk Mitigation Under the Digital Services Act
Drawing on the DSA's mix of hard-law duties and voluntary instruments, Lena-Maria Böswald examines how codes of conduct, crisis protocols and technical standards risk becoming de facto binding. She argues that while co-regulation can help address systemic risks on large platforms, weak oversight, opaque processes and inconsistent audits limit its effectiveness — turning soft-law tools into potential box-ticking exercises rather than meaningful risk mitigation.
The European Union's AI Factories: Lessons for Public Investment in AI Infrastructure in Europe
Drawing on an assessment of 13 existing AI Factory sites across Europe, Nicole Lemke and Catherine Schneider analyse their performance, infrastructure, and ecosystem integration. They find that many sites are not yet well placed to drive AI innovation and outline key lessons for future public investment — including for selecting Europe's upcoming AI Gigafactories.
Built for Purpose? Demand-Led Scenarios for Europe's AI Gigafactories
In their policy brief, Julia Hess and Felix Sieker (Bertelsmann) argue that Europe's planned AI Gigafactories will only succeed if they are built around real user demand rather than supply-side assumptions. They outline two operational models and show that a multi-client setup is likely the most viable path toward a dynamic European AI ecosystem.