Synthetic Law

EU SAFE Programme & "Design Freedom" Paradox

Apr 09, 2026By Dariusz Czuchaj
Dariusz Czuchaj

EU's SAFE Programme: Why "Design Freedom" May Be the Biggest Compliance Puzzle in European Defence

Last month I published a viewpoint piece in National Defense Magazine examining the practical compliance challenges that the EU's Security Action for Europe (SAFE) programme creates for non-EU defence contractors. The article has generated significant interest, so I wanted to expand on several themes here and explain why the issues I raise are not hypothetical.

The core problem

SAFE is the EU's €150 billion defence loan instrument designed to accelerate joint procurement and strengthen Europe's industrial base. At its heart lies a distinction between two categories of defence products. Category 1 systems face relatively straightforward eligibility rules. Category 2 — covering air and missile defence, AI, electronic warfare, strategic drones, and other complex platforms — imposes an additional requirement: contractors must demonstrate "design freedom," meaning the unrestricted ability to define, adapt, and evolve their product's design without constraints imposed by non-EU entities.

The regulation offers no further guidance on what this means in practice. It describes a capability contractors must possess rather than specifying the legal rights that would satisfy the requirement. For any system built on licensed software components, third-party datasets, or foundation AI models, this creates a compliance gap that neither contractors nor procuring member states can currently resolve with confidence.

The classification paradox

In the NDM article I highlighted what I called a regulatory "Schrödinger's cat." SAFE places cybersecurity systems in Category 1 (exempt from design freedom) and artificial intelligence in Category 2 (design freedom mandatory). In practice, the two are inseparable. Modern cyber defence platforms rely on machine learning models for automated threat detection — models that technically fall under Category 2 restrictions. A contractor supplying an AI-powered firewall cannot know whether Brussels considers it an exempt cybersecurity tool or a restricted AI system.

Counter-UAS platforms make this even starker. The same AI system engages small drones (Category 1) and larger drones (Category 2). Only the target's size determines the legal regime — not the system's architecture. Since SAFE operates as a regulation rather than a directive, the European Commission cannot fix these classification issues through implementing acts; it would need a full co-decision amendment.

The software forking trap

The second major risk I addressed is what happens to transatlantic software supply chains. The value of U.S. defence software has always been its unified baseline — a patch developed for one customer can be pushed globally because everyone runs the same code. If SAFE forces European consortia to maintain sovereign forks of that software to prove design freedom, those systems get severed from the global update stream. The result is what I described as "orphan" European systems: sovereign on paper, but increasingly expensive to maintain and vulnerable until security patches can be manually reconciled.

There may be architectural workarounds. A modular open systems approach (MOSA) could in theory allow a European partner to control the mission layer through open APIs while the U.S.-sourced core remains a protected module. But nobody currently knows whether Brussels would accept that distinction as satisfying the design freedom requirement. The regulation is silent on the question.

Why this matters for the European defence market

From our work advising defence manufacturers on European market entry, including in Poland  which stands to receive over €43 billion under SAFE, the largest single-country allocation we see these compliance uncertainties playing out in real time. Companies structuring their entry into SAFE-funded procurement pipelines need to think about design freedom not as a distant regulatory concern but as a structuring question that affects partnership models, IP licensing, entity formation, and technology transfer agreements today.

What comes next

The Commission will need to provide interpretive guidance on design freedom or the market will develop its own answers through bilateral negotiations between contractors and procuring authorities, which risks fragmentation across member states. We will be watching closely and writing about it as the landscape develops.

The full article is available at National Defense Magazine.