Three things this week. Europol ran its second multinational OSINT sprint in 14 months, this time against the deportation of Ukrainian children, and the format itself is the story. The European Commission's DSA rapid-response mechanism has now been used through two national elections without a published methodology for evaluating it, and the field should be pushing back on that. Hungary and Bulgaria voted within eight days of each other, and the results read as a mixed verdict for the FIMI frame, which is a problem for the analytic frame rather than for the verdict. Section 01 starts with the Europol sprint.
The issue also resolves the SkyOSINT test promised in #001. Full test, methodology, and assessment live in the From Signal & Shadow section below, which runs longer than the sections above it this week. That is deliberate.
Europol's second OSINT sprint normalises an operational format
Forty investigators, eighteen countries, two days. Europol hosted the team at The Hague on 16 and 17 April for a coordinated OSINT effort to identify and trace children forcibly transferred from Ukraine to Russia, Belarus, and the temporarily occupied territories. The team produced 45 reports, each containing leads that could help locate a specific child or identify individuals and structures involved in the transfer. The material covered possible transport routes, enablers such as orphanage directors, military units that may have assisted, facilities where children were taken (re-education camps, psychiatric hospitals, in some cases adoptive Russian families), and online platforms hosting photographs of the children. The output was handed to Ukrainian authorities to support prosecutions that will run through both Ukrainian courts and the ICC.
The 45 reports are the headline. The operational format is the story. This is the second time Europol has run a time-boxed multinational OSINT sprint with ICC and NGO participation. The first was in February 2025, targeting networks using online platforms to traffic Ukrainian nationals for sexual exploitation; that sprint involved 12 countries. The April 2026 sprint involved 18. The format is being normalised as an institutional operational mode: assemble the capacity in one location for a short, structured window, produce discrete leads attached to named individuals and locations, hand them to a prosecutorial pipeline. This is not how institutional OSINT has typically been done in Europe before 2024. It is closer to the way NGO investigations like Bellingcat, OSINT For Ukraine, and the Centre for Information Resilience have worked for a decade, now operating inside Europol's institutional structure and with ICC coordination.
Working analysts and investigative journalists who may be invited into the next iteration or a comparable sprint. The format rewards preparation: arrive with documented methodology, retain your own evidence chain, agree attribution protocols with the coordinating body in writing before the sprint begins. The output is prosecutorial in ambition, which raises the evidentiary bar on everything produced.
What to watch for is whether the format holds. Two sprints in 14 months is a pattern, not yet a programme. Europol has not published whether the April output materially advanced specific Ukrainian prosecutions or ICC cases, and the February 2025 output was similarly opaque in follow-through. If a third sprint runs before autumn, the format is real. If the next 12 months produce a documented prosecution that rests on sprint-generated leads, the format is vindicated. Until either happens, treat the format as promising and under-evaluated.
