The Health-Security Nexus and the European Union: Toward a Research Agenda

The European Union is increasingly moving toward an integrated policy approach, which also acknowledges linkages between public health and (external) security policy. This introduction to the Special Issue sets out a research agenda on the emerging health-security nexus. It analyses recent policy developments with respect to the public health and security, and discusses interactions along the health-security nexus in the context of the European Union. It suggests drivers behind the integrated approach and it critically examines the health-security nexus from the perspective of effectiveness and legitimacy


I. INTRODUCTION
It has long been recognised that public health may affect security and vice versa. 1 The use of chemical and biological weapons by terrorists and enemy states presents a serious security threat, which can put public health infrastructures under pressure. 2Pandemics and epidemicsfrom the 1918 Influenza to HIV/AIDS and Ebolacan disrupt societies, undermine development and cause conflict. 3Inter-and intra-state wars can cause displacements, which in turn affect the provisions of humanitarian assistance and public health. 4Pandemics are more likely to emerge in conflict zones where institutions are weak. 5The human security paradigm and the notion of "freedom from want" dedicate a central role to health security. 6raditionally, the EU has been a strong supporter of multilateral policies that address security and public health concerns.It has supported non-proliferation regimes at least since the early 1990s and has provided project funding to clean up nuclear stockpiles. 7ince the Chernobyl disaster in 1986, the EU has been building an external chemical, biological, radiological, and nuclear (CBRN) threat capacity. 8The EU has also long prided itself as the world's principal development donor and as a keen supporter of the Millennium Development Goals (MDGs), which encompassed a comprehensive approach to issues of developments including health targets (MDG 4-6).As a result of the Bovine Spongiform Encephalopathy (BSE, or "mad cow disease") crisis, public health rose to the EU policy agenda resulting in a more comprehensive public health model during the 1990s. 9The EU established the European Centre for Disease Control (ECDC) in 2004 to address infectious diseases. 10hile EU policies have largely developed in parallel (and continue to do so), in recent years, we have witnessed an emerging nexus between public health and security policy.Following the 9/11 terrorist attacks, the EU has adopted a series of sectoral policy strategies that recognise the interaction between public health and security.The Lisbon Treaty introduced an explicit link between public health and security policies, 11 on which basis the EU adopted the Decision on Serious Cross-Border Threats to Health in 2013 in an effort to "bridge the policy fields of health and security". 12The EU Global Strategy of June 2016, at the same time, calls for a truly "integrated approach" spanning across policy areas and overcoming the internal-external dichotomy.
Although officials in the international organisations, the EU and its member states are increasingly focusing on the interaction between security and public health, academic research continues to treat EU security policy and EU public health as two separate domains of inquiry.With this Special Issue, we want to launch a new research agenda regarding EU policy and law in public health and security.This introduction to the Special Issue aims to take stock of the recent developments.In addition to providing an overview of key policy developments, it outlines interactions along the health-security nexus and it discusses the key drivers behind a more integrated approach.In the conclusion, this introductory article focuses on the implications of an integrated approach.It discusses implications for the efficiency and the legitimacy of policymaking in this area.

II. TOWARD A HEALTH-SECURITY NEXUS IN EUROPEAN GOVERNANCE
Despite a relatively long tradition in the World Health Organization (WHO) and United Nations (UN) on establishing linkages between public health and security policy (and the "freedom from want" discourse going back at least as far as the Four Freedoms speech of Franklin D Roosevelt in 1941), it has taken a considerable time before a health-security nexus started to emerge in the EU.This section first analyses the emergence of public health as an issue in the EU's security strategies.It then turns to the identification of security threats in the EU's public health documents.Finally, it focuses on the contemporary developments as a result of the Treaty of Lisbon of 2009.

Public health as part of EU security policy
In the area of EU security policy, implications for domestic public health have not been considered in a truly comprehensive way.This goes both for external and internal security policies, which becomes clear when analysing the relevant security strategies.With respect to the external security strategiesparticularly the European Security Strategy (2003), 13 the Implementation Report of the European Security Strategy (2008) 14 and the EU Global Strategy (2016) 15 public health concerns are mostly a development/humanitarian problem: something for other countries to worry about.The European Security Strategy, for instance, notes that "AIDS is now one of the most devastating pandemics in human history and contributes to the breakdown of societies". 16Similarly, the 2008 Implementation Report puts pandemics explicitly under the security-development nexus: "Threats to public health, particularly pandemics, further undermine development". 17he European Security Strategy acknowledges a (limited) domestic element by stating that "New diseases can spread rapidly [in conflict areas] and become global threats". 18he recent EU Global Strategy is more explicit and it aims to strengthen global governance in this regard: "On health, we will work for more effective prevention, detection and responses to global pandemics". 19Yet with respect to CBRN in particular, the link to health issues is nearly absent.This is rather surprising, as particularly the European Security Strategy puts weapons of mass destruction (WMD) up-front-andcentre.Of all the external security strategies, only the 2008 Implementation Report considers the issue indirectly by stressing "Within the EU, we have done much to protect our societies against terrorism ... on the basis of such existing provisions as the Crisis Coordination Arrangements and the Civil Protection Mechanism". 20he implications of external security threats for public health thus seem obvious, but they are ultimately not addressed.We witness the same phenomenon in the internal security policies of the EU.The EU Counterterrorism Strategy of 2005, 21 which was adopted after the terrorist attacks in Madrid (2004) and London (2005), and which continues to guide European policies, presents a key example in this respect.It outlines a comprehensive approach to combat terrorism by proposing concrete measures that the EU and its member states can take.These are labelled under "prevent", "protect", "pursue" and "respond".At first instance, the strategy seems to make clear links with public health implications of terrorism.The protect pillar, for instance, focuses on citizens as well as infrastructure and has as its aim to reduce vulnerabilities.The respond pillar notes explicitly the "needs of victims". 22et when reading the strategy in greater detail, it becomes clear that these issues have been defined in minimalist terms.The EU has not gone the extra mile discussing public health implications.The protect pillar is about critical infrastructures and transport (not surprising in the aftermath of the Madrid and London attacks). 23A key initiative is, for instance, the passenger name record. 24 With respect to the respond pillar, the strategy notes that the response to terrorist attacks is often similar to natural and man-made disasters (echoing Article 222 TFEU) and that similar mechanisms may be used.Health is not explicitly mentioned.The needs of victims focus on "solidarity, assistance and compensation", 25 including for families, rather than cure and care.
This concise analysis of the key external and internal security strategies therefore shows that while there are some references to public health, connections between security policy and public health remain indirect.It is explicitly made clear that public health is part of the security-development nexus, but this applies largely to other 18 Supra, note 13, p. 2. 19 EEAS, supra, note 15, p. 43. 20Solana, supra, note 14, p. 4. 21 Council of the European Union, The European Union Counter-Terrorism Strategy 14469/4/05 (30 November  2005), available at <http://register.consilium.europa.eu/doc/srv?l=EN&f=ST%2014469%202005%20REV%204>(accessed 26 July 2017). 22ibid., p. 3. 23 ibid., paras.14-21. 24EU fight against terrorism (16 December 2016), Website of the Council of the European Union, available at <http:// www.consilium.europa.eu/en/policies/fight-against-terrorism/>(accessed 26 July 2017). 25The European Union Counter-Terrorism Strategy, supra, note 21, para.36.countries.Furthermore, despite the comprehensive nature of EU counter-terrorism policies and the obvious links to public health, the EU has so far refrained from making connections explicit.

Security as part of EU public health
The EU has a public health programme that addresses various issues, including many that are not directly linked to security threats, such as obesity or mental health programmes. 26At the same time, however, in several EU public health policies, security is more explicitly entering the mechanisms, laws and institutions. 27Article 168 TFEU outlines the role of the EU in human health.Although harmonisation of public health law is excluded, 28 there are several specific areas where the EU can harmonise national laws.On health security the EU needs to "complement national policies".This covers, inter alia, "monitoring, early warning and combating serious cross-border threats to health".By way of the ordinary legislative procedure the EU institutions may also adopt, in this regard, "incentive measures". 29n terms of secondary EU law the scope for defining a "threat to health" is relatively broad.In 2013, the EU adopted a new legal instrument, the Decision on Serious Cross-Border Threats to Health ("Health Threats Decision") to regulate EU involvement in the response to public health threats, chemical attacks and bioterrorism. 30This Decision is an all-encompassing regulatory instrument, covering not only known, but also unknown health risks.It is a European effort to, in the words of the European Commission, "bridge the policy fields of health and security". 31Importantly this Decision also covers health threats that may come from the access of non-state actors to CBRN materials.CBRN, in this respect, serves as a link between the fields of security and public health.In the EU, a CBRN Action Plan was adopted in 2010 alongside a Chemical, Biological, Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative, which aims to limit unauthorised access to CBRN materials and improve member states' capacity to prevent and detect CBRN incidents. 32ence, whereas the regulatory approach of the EU in the late-1990s kept security out of the public health coordination and regulation, with the 2013 Decision, security aspects, such as the deliberate release of biochemical toxins became part of the existing health disease mechanisms. 33Within these mechanisms the EU can coordinate and exchange personal records, commence contact tracing and coordinate member states' responses to "health threats" generally, which includes e.g.bioterrorist attacks. 34urthermore, with the establishment of the Health Security Committee and its strengthening in 2013, the EU has put in place a permanent internal coordinating mechanism to respond and act in case of an emerging threat. 35he analysis of both primary and secondary legal instruments and EU public health policies shows that security has made inroads into public health policy.This is much more explicit than, as noted above, the consideration of public health in the various security strategies.The EU has established and nominated special institutional actors to work on security within public health, such as the Health Security Committee.Furthermore, the public health information systems and mechanisms are now also used for security purposes.Hence within the policy field of public health there is an increasingly explicit link with security.

The internal-external security nexus after the Lisbon Treaty
The entry into force of the Lisbon Treaty has resulted in several changes in the overall architecture of combating health-related security risks.A number of provisions were added which give the EU a basis for responding to emergencies.Article 214 TFEU outlines the role of the EU in external action particularly regarding humanitarian aid in third countries.It allows the EU to respond and provide ad hoc relief in natural or manmade emergencies in third countries.In addition, the new Article 222 TFEU addresses internal challenges.It provides for solidarity between member states in case of a natural or man-made disaster and/or a terrorist attack.This action is to be coordinated by the EU institutions.Article 196 TFEU furthermore provides for civil protection, both internally and externally.These three new Treaty articles complement the strengthening of the health-security nexus of Article 168 TFEU, as outlined above.
On the basis of the "health threats" paragraph in Article 168 TFEU, the abovediscussed Health Threats Decision was adopted.It regulates the coordination of member states' action in responding to "major health threats".The Decision encompasses the existing communicable disease control network.The Decision extends the Early Warning and Response System (EWRS), 36 which is operated by the ECDC, from only several specific communicable diseases to all health threats. 37Chemical, biological and radio-nuclear threats, particularly when it involves the risk of deliberate release 33  (bioterrorism or bio-chemical warfare), are currently all subsumed into one legislative and institutional framework.In this decision, naturally occurring disease (public health) and threats to security are merged as its definition of a "serious cross-border threat to health", in Article 3(g), reads as a … life threatening or otherwise serious hazard to health of biological, chemical environmental or unknown origin which spreads or entails a significant risk of spreading across the national borders of Member States, and which may necessitate coordination at Union level in order to ensure a high level of human health protection.
Furthermore, the coordinating structures created by the Health Threats Decision: [S]hould, in exceptional circumstances, be available to the Member States and to the Commission when the threat is not covered by this Decision and where it is possible that public health measures taken to counter that threat are insufficient to ensure a high level of protection of human health. 38nce, the Decision creates a wide scope as it brings a number of new security related (CBRN threats) aspects into the fold of older systems for information exchange, surveillance and preparedness. 39Operationally, the EU has created a European Medical Corps in 2016 in order to help medical teams and public health teams and equipment within and outside the EU.The Medical Corps can make medical teams and assets available already before a health security threat evolves.The corps can deploy medical teams, public health coordination teams, mobile biosafety laboratories and medical evacuation planes.The recent Ebola outbreak spurred on setting up this "white helmets" initiative.The Commission, through the Emergency Response Capacity, managed the initiative.The Medical Corps also works together with the WHO Global Health Emergency Workforce and it is part of the European Civil Protection Mechanism. 40ence, as a result of the Lisbon Treaty, interactions along the internal-external security nexus in the EU have come more prominent.As a result of secondary EU law we witness an increasing blurring of lines, also with respect to the policy silos of public health and security. 41Diseases can be considered a threat to security because they may be deliberately released or because of the fast speed that pathogens travel in a globalised world.Security threats may have specific public health implications and challenge critical infrastructures in this regard.

III. DRIVERS BEHIND THE INTEGRATED APPROACH
While we cannot yet speak of a fully comprehensive health-security nexus in the EU, we clearly see a development towards a more integrated approach.At this point it is worth moving away from describing these policy developments toward offering explanations.Essentially, we can identify four drivers behind a more integrated approach.These drivers are not mutually exclusive and complement each other.Our purpose is not to provide one answer, but rather to bring the debate to a conceptual level.

Systemic risks and management strategies
It is regularly argued that the world has grown more complex in recent decades due to processes of globalisation and technological innovation. 42Complexity, in this regard, is characterised by the fact that we can no longer easily relate cause to effect.It is one of several factors behind what have been called "systemic risks". 43Contrary to "simple risks", which are addressed in banking and insurance of a daily basis, systemic risks cannot be captured in probabilistic formulas.What is more, systemic risks often involve "interdependencies and ripple and spillover effects that initiate impact cascades between otherwise unrelated risk clusters". 44n understanding of systemic risks is significant, as it presents a clear driver for the integrated approach proposed by the EU in the Global Strategy. 45Traditional divides, such as the one behind internal and external security, are no longer sustainable once European nationals pack their bags to fight for ISIS in Syria, and occasionally return for terrorist attacks.Equally there is an increasing recognition that health is part of the wider development-security nexus, that natural diseases do not stop at Europe's borders, and that attacks with chemical and biological weapons by enemy states and combatants affect public health.Security and public health are no longer separate public goods (or problems that can be contained separately) and the emphasis is on joined-up policy.
While greater coordination and policy integration are lofty aims, the tragedy of systemic risks is that they cannot be really solved.When it comes to systemic risks, the objective is risk acceptance and management and mitigation instead of risk elimination. 46This involves making societies and policies more robust and resilient against unpredictable risks and the unpredictable impact of risks. 47While the EU Global Strategy puts significant emphasis on the resilience of states and societies in the "east and south", 48 it pays no attention to its own resilience by the EU as an international actor. 49The integrated approach is a recognition of the changing environment, but systemic risks equally demand an increased degree of flexibility of the EU itself to cope with the unexpected.

Reactive events-driven policy-making
Another key driver behind the increasing integrated approach in the EU is the focus on governing yesterday's risks and problems.International institutions, like all political institutions, tend to be relatively stable, status quo prone and path dependent. 50Change comes about from highly salient events and the path chosen at those key critical junctions is often a response to the crisis of the day. 51The most obvious example is the European Security Strategy of 2003, which was an attempt to heal the wounds of a strongly divided membership over the US intervention in Iraq earlier that year.As the "most frightening scenario", the European Security Strategy sketches the possibility that weapons of mass destruction fall in the hands of terrorists. 52It is difficult to understand such language outside the context of 9/11, the hunt for Saddam's nuclear weapons and the talked up synergies between Iraq and Al-Qaeda.
Examples of a reactive policy approach are omnipresent in both EU security policy and public health.It is well-documented how EU terrorism policy was established through the European counterterrorism strategy of 2005 following the Madrid and London bombings in 2004 and 2005. 53Similarly, in the field of public health and food safety, we have witnessed extensive regulation after the BSE crisis from 1996.In line with the security environment after 9/11, and particularly after the attack of anthrax after 9/11, where anthrax was sent by letters through the US mail, the public health model changed.The idea was that similar to military readiness the "armaments of public health" would need to be prepared for terrorist attacks. 54But also the setting up a European Food Safety Agency (EFSA) and the ECDC can be traced back as reactions to food scares and disease outbreaks with an EU-wide reach. 55The international scares of SARS, bird flu and swine flu were pivotal drivers in creating momentum at EU level for adopting a number of legislative changes. 56recisely because many of the contemporary crises and risks have important crosspolicy effects, as noted above under systemic risks, it is not surprising that responses to previous salient events put an emphasis on an integrated approach.The Madrid and London bombings were transport related, as was 9/11, the March 2016 Brussels attacks, but also the shooting in the 2015 Thalys train.This has resulted in the EU putting a lot of emphasis on transport security and particularly cross-border vulnerabilities.It is also obvious that transport and the cross-border implication potentially give the EU more competence, which connects to the next driver for an integrated approach.Dynamics along the health-security nexus may be similar.

EU-level entrepreneurship
Closely related to the previous two drivers is the central role that EU-level actors have in pushing their agendas forward. 57EU-level actors tend to thrive when they operate in between the defined lines.In grey areas, and unexplored territory, they can propose courses of action that do not immediately conflict with the predefined preferences of the membership.What is more, due to their central position in policy networks, 58 they are typically in a unique position to act when "windows of opportunity" present themselves. 59Indeed, international bureaucrats tend to be particularly strong when it comes to "overlap management". 60he examples of entrepreneurship by EU actors have been well-rehearsed in the academic literature. 61What is worth stating is that EU actors may have a strong interest in the integrated approach and the health-security nexus: defence, homeland security and public health are national-level policies par excellence, monopolised by the nation-state.It is precisely when an innovative label can be put on approach (such as the invention of crisis management in the area of external security), or when a cross-border element can be identified (such as the argument that diseases and biological weapons do not stop at borders), that the EU can pursue competence and expand its remit of activities.A key example is the European Security Strategy, which puts an explicit emphasis on "new threats" before boldly stating that "[t]he European Union is particularly well equipped to respond to such multi-faceted situations". 62

Securitisation across policy areas
Finally, continuing on the previous point, the securitisation literature has made it clear that certain actors for their political interests may seek to "securitise" a policy in order to affect policy outcomes. 63When the label of security is put over a policy area, it empowers a typically different set of actors.This can be a particular concern in the area of public health, where, at global level there is ample research on the manner in which securitisation may take place. 64The Copenhagen School has suggested that there is a clear rational-actor process by which securitisation can be identified. 65In the first phase an actor identifies an existential threat to security through declaring the threat as such in a "speech act".The second phase concerns the acceptance by the target audience that a certain threat to security is existential.In the third phase emergency measures are assumed, whereby policy and budget is allocated in order to combat the threat. 66ecuritisation is well researched and established with regard to the analysis of global health policy. 67However, with regard to the EU public health-security nexus, although there are strong indicators that securitisation can be an explanatory factor for recent policy changes, research has been lagging.Analysing the possible different drivers in the increasing nexus between EU public health shows that there are multiple possible dynamics at work.Besides offering explanations and understanding what is happening, it is important to bring into play the possible implications and trade-offs of the publichealth security nexus in the EU.

IV. CONCLUSION: IMPLICATIONS AND TRADE-OFFS
In this introductory article, we have discussed the emergence of a health-security nexus in the EU.We have traced this development through official policies and discussed interactions along the health-security nexus.We have also outlined a number of drivers behind an increasing integrated approach to public health and (external) security.In this conclusion, we critically reflect on these developments and raise a number of concerns from the standpoint of effectiveness and legitimacy.
In the policy discourses, the integrated approach is often presented in terms of effectiveness. 68It is generally assumed that coordination and collaboration results in a more coherent EU approach to contemporary problems.Yet a key question for effectiveness remains whether there is any more to the integrated approach than solely coordination.A truly integrated approach involves a reallocation of competences, the breaking down of barriers, and adequate resourcing.One also wonders whether this is desirable.For instance, the dichotomy between external and internal security exists for very good reasons and we may not want to break down the existing constitutional and legal order.If an integrated approach does not go further than coordination, one wonders whether it does not raise unrealistic expectations.
One can also ask questions as to what implications a security-health nexus has for the assignment of of resources. 69On the one hand the profile of public health may be raised due to the linkages between health and security, which may in turn result in more resources assigned to public health.More funding for public hospitals' surge capacity, for instance, may become possible as the infrastructure for preparedness get higher on the policy agenda.On the other hand, the focus on possible health security threats may lead to a more short-term focus on policy, particular also with regard to externaldevelopment public health priorities, and take attention off ongoing and more durable public health prevention programmes that that may be more deserving in terms of morbidity and mortality. 70part from questions over effectiveness, we see a number of possible trade-offs with respect to legitimacy.In the field of public health there is a long-standing discussion about balancing public health and individual rights.Indeed, choices regarding quarantines or mandatory vaccinations have long been part and parcel of public health. 71The HIV/AIDS pandemic showed that when disease becomes part of a different paradigmin the late 1980s HIV/AIDS discussions revolved around the criminalisation of disease carriers as different members (criminals) of societythe effects can lead to serious fundamental right infringements. 72In a study on the SARS outbreak and the uses of quarantines in Hong Kong, Shanghai and Toronto, the more extensive use of quarantines in Toronto was attributed to the different consciousness with regard to the nature of the risk that was involved. 73In the framework of security, health threats are a rational risk that can be assessed and established by scientific experts. 74undamental rights, instead, are part of a value-based legal framework.The question is whether these different balances are on an even par in terms of both in-and output of EU policy and law. 75nother possible trade-off concerns the central role of civil society in public health versus the state-run monopoly on security matters and the use of force.These may be Decision No 2119/98/EC of the European Parliament and of the Council of 24 September 1998 Setting up a Network for the Epidemiological Surveillance and Control of Communicable Diseases in the Community [1998] OJ L 268/1); Commission Decision (2000/57/EC) of 22 December 1999 on the Early Warning and Response System for the Prevention and Control of Communicable Diseases under Decision No 2119/98/EC of the European Parliament and of the Council [2000] OJ L 21, p. 32. 34ibid.And see European Commission, Statements of Health Security Committee and Early Warning and Response System, MEMO/09/362 (13 August 2009). 35Decision No 1082/2013/EU, supra, note 12. 36 Commission Decision (2000/57/EC) of 22 December 1999 on the Early Warning and Response System for the Prevention and Control of Communicable Diseases under Decision No 2119/98/EC of the European Parliament and of the Council [2000] OJ L 21, p. 32. 37Decision No 1082/2013/EU, supra, note 12, at para 16.