G7 Rapid Response Mechanism Annual Report 2025

Introduction

The G7 Rapid Response Mechanism (G7 RRM) was established by the G7 Leaders at the 2018 G7 Summit in Charlevoix as part of a commitment to counter foreign threats to democracies. The G7 RRM is comprised of representatives from G7 countries and the European Union. Australia, New Zealand, the Netherlands, Sweden and the North Atlantic Treaty Organization (NATO) have associate member status.¹ Members are represented by Focal Points who act as liaisons for their national governments and organisations. Canada chairs the Mechanism and provides ongoing strategic leadership through a Secretariat.

The G7 RRM has produced annual reports since 2022 at the request of G7 Foreign Ministers. These reports aim to raise awareness about foreign threats to our democracies and account for the activities of the G7 RRM in addressing them. The Mechanism sets its objectives through an annual Action Plan, while remaining responsive to evolving threats and shifting geopolitics. In 2025, Focal Points established the following objectives:

Jointly responding to foreign threats;
Countering transnational repression (TNR), in recognition of its importance as a foreign interference vector; and
Improving administrative efficiency. This report aims to describe how the Mechanism met these objectives and set the stage for the year to come.

Additionally, as several G7 RRM partners held elections in 2025, it includes in-focus features highlighting their efforts in protecting election integrity and countering potential threats to their respective electoral events.

In 2025, the Mechanism also revised its Terms of Reference to reflect seven years of operations, sharpening roles and responsibilities of Focal Points, the Secretariat, and the Chair. Observers were renamed as associate members, to recognise their active participation, and operational differences between the two membership categories were clarified. A new accession framework was developed, outlining the process of extending associate member status.

Responding to foreign threats

G7 RRM joint exposure

In 2025, the Mechanism operationalized its Collective Response Framework by calling out foreign malign activities on three separate occasions.

On January 17, the G7 RRM released a statement on a Russian influence campaign, which noted statements by some G7 RRM member countries exposing the covert activities of Russian state media outlet RT (formerly Russia Today) and Social Design Agency (SDA). Those statements highlighted that RT and SDA have a track record of employing deceitful tactics, aimed to exploit social and political issues to polarize and weaken societies, undermine and delegitimize elected governments, and advance the Kremlin’s malign interests.
On August 8, the G7 RRM issued a statement on Hong Kong arrest warrants, in which previous statements by the United Kingdom, the United States, Canada, the European Union, Australia, and New Zealand, condemning the July 25, 2025 decision by the Hong Kong Police Authorities were noted. The G7 RRM Statement pointed out that the authorities issued arrest warrants and bounties on individuals outside Hong Kong’s borders, including in G7 RRM countries, for exercising their freedom of expression, and that this form of TNR undermines national security, state sovereignty, human rights, and the safety of communities.
On September 12, the G7 RRM issued a statement on Iranian TNR and other malign activities, in which previous statements made by Australia, Canada, France, Germany, the Netherlands, New Zealand, the United Kingdom, and the United States, condemning TNR and other malign activities by Iran were noted. According to those statements, Iranian intelligence services have increasingly attempted to kill, kidnap, and harass political opponents abroad; taken efforts to obtain and disclose the personal information of journalists; and designed attacks to divide societies and intimidate Jewish communities.

In-focus feature - Australia’s efforts to safeguard its 2025 federal election

Australia’s May 2025 federal election upheld principles of operational excellence, proven practices and robust impartial event delivery by the Australian Electoral Commission. This reflects the success of the broad range of safeguards in place to protect the integrity of Australia’s electoral systems and maintain the trust of the Australian public, including the engagement and action of the Australian Government’s Electoral Integrity Assurance Taskforce (EIAT) throughout the election. In July 2025, the EIAT advised the acting Australian Electoral Commissioner that EIAT agencies did not identify any foreign interference, or any other interference that compromised the delivery of the 2025 federal election and would undermine the confidence of the Australian people in the results of the election.

Ahead of the election, the EIAT also published important information to help Australian voters and candidates understand the Australian electoral environment and the EIAT’s role in protecting electoral integrity. This included the Election Security Environment Overview, which provided an overview of the complex and changing electoral security environment; the EIAT’s Candidate Guide, consolidating Australian Government resources to help candidates and political parties maintain awareness and report threats they may encounter; as well as the EIAT Communication Protocol, which provides public guidance on how the EIAT decides whether or not to communicate with stakeholders, including the Australian public.

Upon request, the EIAT also provides assistance to the Australian state and territory electoral commissions to help ensure the integrity of their elections. In 2025, this included support for elections in the Northern Territory, Tasmania and Western Australia.

G7 RRM joint election monitoring

In recognition of potential information operation attempts by Russia to undermine the 2025 Moldovan Parliamentary Elections, several G7 RRM members and associate members joined efforts, in consultation with the Moldovan government, to monitor the elections for foreign information manipulation and interference. The initiative marked a milestone for the Mechanism in jointly monitoring malign activity in real time. Lessons learned from working alongside Moldovan partners were invaluable for calibrating the G7 RRM’s analytics toolbox.

The monitoring included a baseline assessment of narratives disseminated by FIMI networks and their evolution since the October 2024 Moldovan Presidential Elections. The monitoring period lasted from August to October 2025 and concluded that pro-Russian actors and networks promoted manipulative content and narratives that discredited the Moldovan electoral process and election results.

Countering transnational repression

In 2025, Canada made countering TNR a priority of its G7 Presidency. The G7 Leaders delivered a landmark Statement on TNR, condemning all acts of TNR, and leveraging the RRM as a delivery mechanism, announced the following initiatives:

Build global understanding of the threat and its corrosive impact, including on human rights and democracy. This includes reporting on TNR as an important vector of foreign interference in G7 RRM public reports, and strengthening engagement with likeminded partners and engaging more broadly in relevant multilateral fora.
Develop a TNR Resilience and Response Framework that includes measures to boost G7 cooperation to counter TNR; a compendium of operational, diplomatic, policy, legislative, and community engagement best practices; and information sharing around the latest tactics, techniques, and procedures (TTPs), trends and vectors of TNR observed globally, drawing on wider initiatives such as the Pall Mall process related to cyber intrusion capabilities.
Launch a Digital Detection Academy through the G7 RRM to build collective capacity to detect TNR online. The Academy enhances expertise amongst the G7 RRM and partners, including on technical skills and tools for identifying and responding to the latest technology-enabled threats.
Support those who may be targets of TNR as well as members of civil society who are actively working to counter the threat, including through initiatives like the Canada-UK Common Good Cyber Fund, and by acting in solidarity with other states affected by TNR.

Resilience and Response Framework and table-top exercise

Framework

The G7 Resiliency and Response Framework to Counter TNR, led by Public Safety Canada and developed by leveraging the G7 RRM TNR Working Group (WG), promotes sustained collective understanding of the threat of TNR and helps inform G7+ partners’ national and potential coordinated responses to TNR. The Framework includes a public-facing G7 Compendium of Tools to Counter TNRhighlighting the various operational, diplomatic, policy, legislative, and community engagement mechanisms available to serve as a guiding document for governments looking to bolster their respective toolkits.

Exercising the Framework through multilateral table-top exercise (TTX) would strengthen the G7 RRM’s ability to protect citizens and persons residing within their borders. The TTX would enable participants to:

Share the latest TTPs, trends and vectors of TNR being observed globally.
Conduct a global threat/risk assessment.
Validate approaches and tools to address the evolving threat.
Evaluate the effectiveness of and adapt the Framework as needed.

2025 table-top exercise on transnational repression

On November 19–20, 2025, government officials from the G7 RRM met in Ottawa to participate in the first G7 Tabletop Exercise (TTX) on TNR. The exercise was aimed at identifying best practices, strengthening common responses, and testing the newly developed G7 Resilience and Response Framework to Counter TNR, announced by G7 Leaders at the June 2025 Kananaskis Summit.

Over two days, participants identified persistent legal, law enforcement, intelligence, and diplomatic challenges in responding to TNR. Several strategic insights, promising best practices and tools were also underscored:

Empowering frontline police —typically first responders—with the tools to recognize and respond to TNR.
Building community resilience by engaging victims and at-risk communities.
Leveraging administrative measures such as immigration law or foreign transparency registries.
Addressing digital harassment and the exploitation of digital tools to harass victims.
Using diplomatic measures.

In the coming year, G7 RRM members and associated members will continue to share best practices, strengthen collective resilience, and support each other in addressing the complex challenges posed by TNR.

In-focus feature - Canada’s coordinated effort to protect 2025 federal elections

For Canada’s 45th General Election (GE45), the Government of Canada undertook a robust, coordinated effort to safeguard the integrity of the electoral process. These efforts were led through the Critical Election Incident Public Protocol Panel (the Panel), a non-partisan group of senior public servants mandated to oversee and respond to potential threats to the integrity of federal elections during the caretaker period. The Panel was informed by the Security and Intelligence Threats to Elections Task Force (SITE TF), an interdepartmental operational working group that coordinates collection and analysis efforts.

At the direction of the Panel, the SITE TF provided weekly technical briefings to media during the election. The briefings, a first of its kind initiative, touched on a variety of topics, including an outline of the threat landscape and the measures the Government of Canada had taken to protect GE45 from foreign interference, engagement between the Government of Canada and social media platforms, and recommendations for Canadians such as defences against information manipulation, responses to transnational repression, and cybersecurity best practices.

The Panel viewed the technical briefings as an opportunity to provide information on the overall tactics and measures employed by threat actors, while minimising the risk of amplifying specific incidents unnecessarily. They were supplemented by other key lines of effort, such as providing briefings, including classified briefings, to political parties to support their informed and effective responses to potential foreign interference attempts. Following GE45, the Panel and the SITE TF issued post-election reports, in which the Panel outlined its assessment that none of the incidents detected had a material impact on the election.

G7 RRM Digital Transnational Repression Detection Academy

Academy 2025

The Academy was conceived to deepen the capacity of G7 RRM analysts and partners to detect foreign threats online and enhance the Mechanism’s interoperability, including to speed up collective response. The Academy was set up as an annual initiative to provide ongoing technical training as technology and threats evolve, with flexible curriculum that allows for changes in thematic and geographic focus. The 2025 Academy focussed on detecting digital TNR with partners from Central and Eastern Europe.

The inaugural Academy took place between October 27 to 31, 2025. Delivered by the Digital Forensics Research (DFR) Lab, housed at the Atlantic Council, the week-long Academy provided training to over 30 data analysts from G7 RRM and partner countries on detection techniques using open-source research and analysis. The curriculum covered evolving TTPs of digital TNR actors; artificial intelligence (AI) detection tools; platform specific investigation techniques; archiving and evidence preservation practices, and operational security. The analysts performed interactive group exercises allowing them to apply theory to practice. The academy included a full day of interoperability training facilitated by NATO and Canada, as co-chairs of the G7 RRM Analytics Working Group, including to facilitate collective response. Feedback from the Academy was overwhelmingly positive. Participants appreciated working alongside colleagues from partner countries and organisations in real time, sharing their approaches, and further enhancing their capabilities related to identifying and analyzing digital TNR.

Symposium 2025

The Academy was accompanied by a symposium called “Digital TNR in the Age of AI: Manipulation, Power, and the Future of Democracy” at the Schwartz Reisman Institute for Society and Technology (SRI), University of Toronto. The Deputy Minister and Personal Representative of the Prime Minister of Canada for the G7 and G20 (Sherpa), Cindy Termorshuizen, delivered a keynote address. The Sherpa called for a whole-of-society approach to countering TNR and spoke to the need to better coordinate multilateral responses through joint threat detection and interoperability.

The Symposium brought together over 80 experts from government, academia, industry, and civil society. The interdisciplinary panel explored how AI and other emerging technologies may be leveraged for surveillance and control, the geopolitical backdrop for these dynamics, and the implications for state sovereignty. The panelists explained how adversarial state and non-state actors increasingly deploy spyware, biometric monitoring, predictive analytics, and AI-driven information to intimidate and silence individuals beyond their borders.

Joint Canada-UK Common Good Cyber Fund

Under Canada’s G7 Presidency, Canada and the UK launched the Common Good Cyber Fund. Investing in and coordinating an ecosystem of mission-aligned nonprofit cybersecurity organisations, the Fund is designed to deliver protection at scale to actors at risk of digital TNR (including human rights defenders, civil society organizations, journalists, and dissidents) by providing rapid technical assistance in the event of compromise and enhanced cybersecurity ensuring they can withstand and recover quickly from targeted attacks. Additionally, the Fund will raise costs for hostile actors by exposing malign infrastructure and TTPs, denying attack vectors, and disrupting malicious tools and services.

Implemented by the Internet Society (ISOC), the fund draws support from both the public and private sectors. In 2025, the Fund was operationalized with CAD $34M (USD $25M) in contributions from Canada, the UK, Australia, and the Netherlands as well as Craig Newmark Philanthropies and ISOC.

The Fund fills an important gap, identified by national cybersecurity authorities, civil society organisations and academia, in providing support to individuals at high-risk of digital TNR. Targeted individuals often lack resources and specialist support to protect themselves effectively from threats. At the same time, foreign actors obfuscate their involvement in digital TNR to maintain plausible deniability. This complicates coordinated multilateral response. The Fund is conceived to work closely with the G7 RRM on detection and disruption of digital TNR activities, while offering protection to targeted individuals.

In-Focus Feature - Germany’s security measures for its 2025 federal election

In the run-up to the early Federal election in February 2025, Germany improved its organizational readiness. The new inter-agency Central Office for the Detection of Foreign Information Manipulation focused on the Federal election and reported on a regular basis. The task force against disinformation and further hybrid threats ensured that all ministries and numerous agencies, including intelligence and the Office of the Federal Returning Officer, shared their findings on the current threat situation and coordinated measures to counter threats to election integrity. The task force developed various multilingual information materials to raise public awareness. In the Federal and State open Working Group on Hybrid Treats, these information materials were shared with the Federal States and with the Municipal Umbrella Organizations. Germany’s approach to protecting the Federal election from hybrid threats also included various exchanges with international partners. The Federal Government also engaged in conversations with the social media platform providers.

In the context of the Federal election in Germany, there were various attempts to exert foreign influence in the information space, primarily aimed at undermining confidence in the democratic electoral process and influencing the voting behavior of eligible voters. Russia carried out several covert influence operations and campaigns in the information space. However, these attempts generated little reach. The integrity of the Federal election was not compromised at any time. There was no interference in the election process.

G7 RRM working group updates

The G7 RRM working groups help to advance specific objectives and processes of the Mechanism. The working groups are delivery-oriented and time-bound. In 2025 the following five WGs were active:

Led by Canada and NATO, the Analytics working group focused on enhancing the G7 RRM collective capacity for open-source research and analysis, including through increased interoperability. The group drove interoperability through analyst exchanges and training sessions and joint monitoring exercises. The group played a key role in supporting the 2025 Academy curriculum-building and training delivery.
Led by the European External Action Service (EEAS), the Collective Response working group drove operationalization of the G7 RRM Collective Response Framework and helped identify response options to incidents.
Led by the UK, the Capacity Building working group served as a platform for coordination and deconflicting of the G7 RRM partners’ activities in support of countering foreign interference targeting Moldova.
Led by Canada and the U.S., the TNR working group supported leader level commitments on countering TNR during Canada’s G7 presidency, developing a Resilience and Response Framework. The group played an important role in the process of publishing the G7 RRM collective statements on Hong Kong’s arrests warrants and Iranian TNR and other malign activities.
Led by Germany, the ad hoc Subnational Interference working group plans to produce an information paper on subnational interference.

Date modified:: 2026-03-17

Language selection

Search