In December 2024, Finnish authorities seized the Eagle S, a Cook Islands-flagged tanker, after its anchor dragged across the Baltic seabed and severed the Estlink 2 power cable and four telecommunications cables. The vessel was physically detained. The crew was questioned. Forensic evidence was gathered from the seabed, from AIS records showing the transponder had been switched off in the cable corridor, and from satellite imagery confirming course deviation. This is as close to catching a saboteur in the act as maritime law gets.
The case was dismissed. On 3 October 2025, the Helsinki District Court ruled that Finland lacked jurisdiction over acts committed by a foreign-flagged vessel in its Exclusive Economic Zone, and that the disruption caused was not severe enough to warrant criminal charges. Network redundancy meant nobody noticed the cables were down.
Detection technology works. Distributed Acoustic Sensing pinpoints cable breaks in real time. AIS records track vessel movements. Satellite imagery confirms positions. Yet as of mid-2026, not a single perpetrator has faced criminal prosecution for undersea cable sabotage. Detection works. The bottleneck is the legal architecture — a failure that sits at the heart of the broader geopolitical infrastructure warfare landscape.
What happened with the Eagle S case and why was it dismissed?
The Eagle S was not a subtle operation. The vessel deactivated its AIS transponder before entering the cable corridor, deviated from its course to intersect cable routes, and dragged its anchor across multiple cables. Investigators found transmitting gear, laptops with Russian and Turkish keyboards, and sensor-type devices onboard, equipment atypical for commercial shipping. The vessel was registered in the Cook Islands, operated by an Indian company in Mumbai, and crewed primarily by Indian and Georgian nationals. Damages claimed by affected cable companies reached almost €56 million.
The Helsinki Court interpreted Articles 97 and 113 of UNCLOS to mean that jurisdiction lay only with the flag state, the Cook Islands, or with the crew’s nationalities, Georgia and India. Finland, as the coastal state where the damage occurred, had no authority to prosecute. The Cook Islands, a small Pacific nation with no Baltic presence and no investigative capacity, took no action.
The case exposed a chain of failure across three layers: technical attribution (identifying the vessel), legal attribution (proving intent), and political attribution (states willing to name and respond). Technical attribution worked. The other two collapsed. Catching saboteurs and prosecuting them are fundamentally different thresholds, and the gap between them is where impunity lives. If catching the vessel in the act did not lead to prosecution, the problem runs deeper than detection. It starts with how we define attribution itself.
Why is attribution of undersea cable sabotage so difficult to prove?
Attribution is not one problem. It is three, and success at each layer is necessary but not sufficient.
Technical attribution is the most robust layer. DAS acoustic signatures detect the event, AIS records identify vessel positions, satellite imagery confirms locations, and anchor-drag forensic analysis matches damage patterns to specific anchors. This technology works.
Legal attribution, proving intent to a criminal standard, is where most cases collapse. Anchor drags happen accidentally. AIS transponders malfunction on poorly maintained vessels. Crew testimony requires multinational cooperation, and chains of shell-company ownership obscure beneficial ownership across multiple jurisdictions. The Fitburg, a vessel flagged to a convenience registry, owned by a Turkish shell company, and crewed by Georgian and Kazakh nationals, was detained after cable damage in the Baltic. The Finnish Security and Intelligence Service, Supo, spent 19 months gathering forensic seabed evidence, vessel records from a convenience registry, and crew testimony across multiple jurisdictions before reaching referral threshold, and the outcome remains uncertain. The Eagle S and Fitburg cases that exposed the legal gaps reveal a pattern where even successful technical attribution cannot guarantee prosecution.
Political attribution, the willingness of states to name a perpetrator and respond, can fail even when both technical and legal attribution succeed. Fear of escalation with a nuclear-armed adversary means governments may choose inaction. When Denmark detained the Chinese-flagged Yi Peng 3 in November 2024, a bulk carrier suspected of severing two Baltic data cables, the investigation became a multilateral diplomatic negotiation involving five states. China ultimately conducted its own inspection with only Swedish observers present before the vessel departed.
What legal framework exists for prosecuting deliberate undersea cable damage?
UNCLOS Articles 113 to 115 form the foundation. Every signatory must criminalise deliberate or negligently caused cable damage by vessels flying their flag. Article 113 specifically requires states to make cable breaking “willfully or through culpable negligence” a punishable offence.
These provisions were inherited from the 1884 Convention for the Protection of Submarine Telegraph Cables. It was built for an era when cable damage was a commercial nuisance. Three structural gaps make it inadequate for the current threat environment.
First, flag-state enforcement. Only the state whose flag a vessel flies bears primary responsibility for investigation and prosecution. When that state is a convenience registry with no capacity or incentive to act, enforcement evaporates.
Second, EEZ jurisdictional ambiguity. Coastal states hold full sovereignty in territorial waters, 12 nautical miles from shore, but only resource-related rights in the Exclusive Economic Zone, which extends to 200 nautical miles. Cable protection is not clearly included in coastal state EEZ powers, meaning most cable cuts fall into an enforcement grey zone where coastal states cannot prosecute foreign-flagged vessels without flag-state consent.
Third, UNCLOS has no dedicated enforcement mechanism. There is no international cable-protection prosecutor, no tribunal with compulsory jurisdiction over cable damage, and no obligation on states to cooperate in prosecution. UN General Assembly Resolution 78/69 of December 2023 recognised the problem diplomatically but imposed no binding obligations. It was diplomatic recognition without enforcement weight.
Why do flags of convenience systematically undermine undersea cable protection law?
The flag-of-convenience system is not a loophole. It is the architecture’s design failure.
UNCLOS assigns enforcement to the flag state, an approach that assumes flag states have a genuine connection to their vessels and will enforce the law. In practice, the world’s largest ship registries, Panama, Liberia, the Marshall Islands, and the Cook Islands, operate as open registries. Any vessel owner can register. Fees are low. Regulatory oversight is minimal. There is no requirement for a genuine link between the vessel’s operations and the flag state.
When the Eagle S damaged cables in the Baltic, the Cook Islands was the state legally responsible for prosecution. It did nothing. When the Fitburg was detained, the flag state was absent. This is the outcome of a system where enforcement responsibility is assigned to states that were never intended to enforce.
The gap is self-reinforcing. States that sponsor sabotage deliberately flag their vessels in convenience registries precisely because those registries will not investigate. Coastal states in whose EEZs the damage occurs cannot prosecute without flag-state consent. Denmark has responded with intensified inspections of shadow-fleet tankers transiting the Danish straits, but port state control cannot substitute for criminal prosecution. The flag-of-convenience system makes cable sabotage effectively decriminalised for any state willing to operate through it.
Even if the jurisdictional barriers could be overcome, if a coastal state could prosecute, a separate problem waits: the forensic evidence itself is rarely conclusive enough for a criminal court.
Intentional cable sabotage vs. accidental anchor drag — how can investigators tell the difference?
The forensic evidence is probabilistic, not deterministic. The criminal standard of proof becomes the barrier.
Indicators of intent form a cumulative pattern. A vessel deactivates its AIS transponder before entering a cable corridor and reactivates after exiting, pattern evidence, not a one-off malfunction. An anchor is deployed in a known cable corridor with no navigational reason: no designated anchorage, no emergency, no standard commercial route. The vessel deviates from its course to intersect cable routes. The anchor-drag track crosses multiple cables, suggesting deliberate targeting rather than a single snag. Vessel ownership links to shadow-fleet networks through opaque shell companies.
Indicators of accident form the contrasting profile. AIS remains active throughout. The anchor is deployed in a designated anchorage or during a documented emergency. The vessel stays on a standard commercial route. Only a single cable is struck. Vessel ownership is transparent and commercial.
The problem is that these indicators are necessary but not sufficient. The Eagle S demonstrated most of the intent indicators, AIS off, course deviation, multiple cables struck, shadow-fleet ownership, and still did not result in prosecution. A defence can always argue AIS malfunction, navigational error, or crew negligence rather than state-directed sabotage. In the absence of a confession or intercepted order, that defence is difficult to disprove. What convinces an intelligence analyst rarely satisfies a criminal court’s beyond-reasonable-doubt standard.
The Yi Peng 3 dragged its anchor for more than 100 nautical miles in the area of the cables and had switched off its transponder for several hours, yet investigators could not bridge the gap from pattern evidence to proof.
The forensic evidence problem is only half the story. A deeper paradox means that even if evidence were perfect, prosecution would still face a structural obstacle, one that grows stronger with every investment in cable resilience.
What is the “resilience dilemma” — when does hardening infrastructure make sabotage harder to prosecute?
This is the most counterintuitive failure in the system. The better we defend cables, the weaker prosecution becomes.
Route bifurcation means a cut cable causes no user-visible outage. Traffic reroutes seamlessly, and nobody notices. From a legal standpoint, what was the harm? If no harm is measurable, the basis for criminal charges erodes. Rapid repair compounds this. The faster a cable is fixed, the less time evidence persists on the seabed, and the less disruption accumulates.
The Finnish Eagle S court explicitly ruled that the disruption caused was not severe enough to justify criminal charges, in part because network redundancy mitigated the impact. This was not an incidental finding. It is the logical consequence of resilience investment. Every euro spent on hardening infrastructure simultaneously makes prosecution harder.
The dilemma operates at the strategic level too. If cable sabotage causes no user-visible outage and no economic damage beyond private operator repair costs, governments have less incentive to escalate diplomatically. Resilience protects the public from disruption but also protects perpetrators from consequences. This is the operational reality of every Baltic cable cut since 2023. Across more than a dozen suspected sabotage incidents in the region, the network stayed up, users noticed nothing, and the legal and political basis for prosecution was correspondingly weakened. The pattern is the same whether it is the Eagle S, the NewNew Polar Bear, or the Yi Peng 3: traffic reroutes, the public never sees a disruption, and the case for action dissolves.
This feedback loop ties the entire system together: detection works, institutions are mobilising, but the better the defence, the weaker the case against attackers. This is the core challenge facing the deterrence strategies that depend on fixing attribution.
The accountability gap is a problem of law. UNCLOS was drafted in 1982 for an era when cable damage was a commercial nuisance, not a geopolitical weapon. Its jurisdictional architecture assigns enforcement to states that will never enforce. The three-layer attribution problem separates intelligence certainty from courtroom proof. The forensic indicators that distinguish sabotage from accident are probabilistic, not deterministic. And the resilience that protects connectivity simultaneously weakens the case for prosecution.
Each failure reinforces the others, creating a system where cable sabotage is effectively decriminalised. The question has shifted from how to catch perpetrators to what legal system would make catching them matter. As of mid-2026, after more than a dozen suspected sabotage incidents in the Baltic alone, that question remains unanswered. No amount of surveillance technology or naval presence can close the accountability gap without renegotiating the legal architecture that created it. Closing this gap is the central challenge for the institutional responses attempting to close the gap — responses that, as of mid-2026, have yet to produce a single prosecution.
Frequently Asked Questions
Has anyone ever been prosecuted for deliberately cutting an undersea cable?
No. Despite more than a dozen suspected sabotage incidents in the Baltic alone since 2023, not a single perpetrator has faced criminal prosecution. The Eagle S crew were detained, questioned, and released. The Yi Peng 3 departed after China conducted its own investigation with only Swedish observers present. Detection works, but the gap between knowing who did it and proving it in court remains unbridgeable under current law.
What actually happens to the internet when an undersea cable is cut?
For most users, nothing. Modern cable networks are designed with redundant routes, and traffic reroutes automatically within milliseconds. This is precisely the resilience dilemma at work: the system’s robustness means the public never notices a cable cut, which paradoxically weakens the legal case for prosecution because the measurable harm appears negligible. Your Netflix buffers; you blame your Wi-Fi.
Could NATO just station warships over the cable routes to deter sabotage?
Patrols can deter some opportunistic activity but cannot solve the prosecution problem. NATO’s Baltic Sentry operation has increased maritime presence, yet the fundamental legal architecture remains unchanged. A warship can observe a vessel dragging its anchor across a cable corridor, but under UNCLOS it cannot board or arrest a foreign-flagged vessel without flag-state consent. Surveillance without enforcement authority is deterrence theatre, not a solution.
Is Russia the only country suspected of undersea cable sabotage?
Russia is the primary suspect in the Baltic theatre, where most incidents since 2023 trace back to vessels linked to its shadow fleet. But the Yi Peng 3 case implicated a Chinese-flagged vessel, and the vulnerability is systemic rather than actor-specific. Any state with access to a commercial vessel and a convenience-flag registry can exploit the same legal architecture. The framework fails regardless of which flag the perpetrator ultimately flies.
How long does it take to repair a damaged undersea cable?
Typically between one and four weeks, depending on water depth, weather, cable type, and repair ship availability. The global fleet of specialised cable repair vessels numbers fewer than 60 ships, and they are often positioned days away from a break site. This repair timeline is the variable in the resilience dilemma: faster repairs mean less disruption, which means less measurable harm, which means a weaker basis for criminal charges.
If the flag state refuses to investigate, can the country where the cable lands take legal action?
Not directly, and this is the core jurisdictional failure. Under UNCLOS Article 113, the flag state holds primary enforcement responsibility. A coastal state where the cable makes landfall has full sovereignty only within its 12-nautical-mile territorial sea. Most cable damage occurs in Exclusive Economic Zones or on the high seas, where coastal states cannot prosecute foreign-flagged vessels without flag-state cooperation, which convenience registries systematically withhold.
Is anyone negotiating a new treaty to close these legal gaps?
No formal treaty process is underway, and the political will for one is weak. UN General Assembly Resolution 78/69 of December 2023 acknowledged the problem but imposed no binding obligations. The states that benefit most from the current framework, convenience registries and the actors who use them, have no incentive to negotiate restrictions on their own impunity. Incremental port-state measures by Denmark and NATO coordination represent workarounds, not structural reform.
Do submarines physically cut undersea cables, or is it always surface vessels?
Surface vessels cause virtually all confirmed and suspected sabotage incidents. The method is deceptively simple: a ship drops anchor in a known cable corridor, drags it across the seabed, and either snags and breaks cables or causes crushing damage. Submarines could theoretically cut cables with specialised equipment, but surface vessels exploiting anchor-drag ambiguity leave far more plausible deniability. The anchor is a $50,000 sabotage tool with built-in legal cover.
How do investigators locate a broken cable on the seabed, sometimes kilometres underwater?
Distributed Acoustic Sensing (DAS) uses the fibre optic cable itself as a sensor, detecting the acoustic signature of a break or anchor strike in real time. Once the general location is known, remotely operated vehicles (ROVs) descend to survey the damage and collect forensic evidence. The technology works well: investigators can reconstruct the anchor-drag path, measure the force of impact, and correlate it with AIS vessel tracks to establish precisely which ship was responsible.
Who pays for the damage when an undersea cable is deliberately cut?
The cable operator bears the cost, and this is another structural weakness in the accountability system. A single cable repair can run between one and three million dollars, paid by the consortium of telecommunications companies that own the cable. They may carry insurance, but insurers increasingly classify cable sabotage as an uninsurable political risk. The operator absorbs the loss, the saboteur faces no financial penalty, and the cost of sabotage is effectively privatised while the benefit accrues to the attacker.
