This is a list of published papers related to the project. The DOI serves as a direct link to the respective publication.
Work-in-Progress papers and ongoing endeavors can be found at the bottom of the page. Feel free to use the indicated e-Mail address for further inquiries.
Published
Weiss, Moritz; Krieger, Nicolas (2025)
The political economy of cybersecurity: Governments, firms and opportunity structures for business power
Contemporary Security Policy 2025
Securing cyberspace is a public concern, but often a private task. “Unwarranted influence” of business power might thus challenge advanced democracies. Given the widespread lack of available data in the political economy of cybersecurity, however, this article starts out by theorizing four supply and demand conditions that are normally assumed to enable strong influence by private business. We, then, seek to identify whether these four conditions actually characterize the interactions of the United States’ military service to secure cyberspace, namely USCYBERCOM, with private firms. By drawing on a newly generated data set (containing 290 contracts since 2018), we cannot demonstrate actual capture of public policy, but we present robust evidence for systematic opportunities of business influence. We thus contribute to contemporary security policy and to the political economy of cybersecurity by highlighting that both supply and demand conditions tilt the public-private balance towards the latter side.
Kruck, Andreas; Weiss, Moritz (2024)
Disentangling Leviathan on its home turf: Authority foundations, policy instruments, and the making of security
Regulation & Governance 2024
Making security has been Leviathan’s home turf and its prime responsibility. Yet, while security states in advanced democracies share this uniform purpose, there is vast variation in how they legitimize and how they make security policies. First, the political authority of elected policy-makers is sometimes superseded by the epistemic authority of experts. Second, states make security, in some instances, by drawing on their own capacities, whereas in other fields they rely on rules to manage non-state actors. Based on this variation in authority foundations and policy instruments, we disentangle Leviathan into different types of (i) positive, (ii) managing, (iii) technocratic, and (iv) regulatory security states. Our typology helps better understand contemporary security policy-making; it advances regulatory governance theory by conceptualizing the relationship between expertise and rules in a complex and contested issue area; and it provides insights into the “new economic security state” and the domestic underpinnings of weaponized interdependence.
DOI: 10.1111/rego.12594
For a video description, see the project description (link) or YouTube (link).
Kausche, Katharina; Weiss, Moritz (2024)
Platform Power and Regulatory Capture in Digital Governance
Business and Politics 2024
Digital governance is a public concern, yet under private control. After numerous scandals, all stakeholders in the European Union (EU) agreed to establish a “novel constitution for the internet” that would effectively constrain the power of large platforms. Yet the Digital Services Act (DSA) ultimately legitimized and institutionalized their position as the gatekeepers of the internet. Why? We argue that platforms prevailed thanks to their ability as intermediaries to quietly shape the available policy options. Our “platform power mechanism” combines institutional and ideational sources of business power to show how big tech drew on its entrenched position as an indispensable provider of essential services and promulgated the idea of itself as a responsible and neutral intermediary. We follow the unfolding of platform power through a process-tracing analysis of Google and Meta’s activities with respect to DSA legislation from its announcement (2020) to its adoption (2022). Besides contributing a reconceptualization of the DSA as a regulatory capture, we integrate the notion of platform power into a “regulator–intermediary–target” model and demonstrate how gatekeepers have exploited information asymmetries to share “the public space.” Our analysis thus supplements established approaches that have derived regulators’ deference to platforms from the tacit allegiance of consumers.
DOI: 10.1017/bap.2024.33
Kruck, Andreas; Weiss, Moritz (2024)
Ein regulatorischer Sicherheitsstaat? Herrschaftsgrundlagen und Instrumente europäischer Sicherheitspolitik
integration 2024, 47:1, 21-35
European security policy is still widely regarded as the realm of national and “positive” states. In contrast to this conventional view, this article argues that the European Union – and the broader European multi-level system – can be conceived as a “regulatory” state in many areas of European security policy-making. The European regulatory security state (ERSS) relies on epistemic authority (i. e. experts) to indirectly produce European security policies by means of setting and enforcing rules. The article introduces the concept of a “European regulatory security state” and illustrates how the ERSS manifests itself empirically; it discusses the extent to which Russia’s war against Ukraine and the European responses to it pose a challenge to the ERSS; and it assesses how normatively desirable – and sustainable – the ERSS is.
Special Issue: The Regulatory Security State in Europe. Journal of European Public Policy 2023. Vol. 30, Issue 7
Kruck, Andreas; Weiss, Moritz (2023)
The regulatory security state in Europe
Pages 1205-1229
The ‘regulatory state’ has prevailed in almost every sector of European public policy. The provision of security, however, is still widely viewed as the domain of the ‘positive state’, which rests on political authority and autonomous capacities. Challenging this presumption, we argue that expertise – as foundation of authority – and rules – as policy instruments – also shape the provision of European security by national and, in particular, supranational ‘regulatory security states’, namely the European Union (EU). We lay out a framework for mapping the uneven and contested rise of European regulatory security states; analyzing drivers and constraints of security state reforms; and grasping the implications of the regulatory security state for the effectiveness and democratic legitimacy of European security policy-making. We advance the research program on the regulatory state and contribute to an innovative understanding of who governs security in Europe’s multi-level polity, by what means, and on what legitimatory grounds.
Biermann, Felix; Weiss, Moritz (2023)
Cyberspace and the protection of critical national infrastructure
Journal of Economic Policy Reform 2023, 26:3, 250-267
Protecting critical infrastructure against cyber-attacks is a policy challenge arising from the disruptive potential of emerging digital technologies. Governments face difficult choices since cybersecurity is a public responsibility, but often a private task: Should they design their capacities hierarchically or rely on collaboration with private firms? We argue that choices depend on the institutional setting and the nature of the challenge. Our comparison of state-capitalist France with the market-capitalist United Kingdom corroborates our expectations that the former controls intermediaries more hierarchically and that both governments adopt a more assertive role when safeguarding against threats than when managing risks.
Weiss, Moritz (2021)
Varieties of privatization: informal networks, trust and state control of the commanding heights
Review of International Political Economy 2021, 28:3, 662-689
Why did ordoliberal Germany unconditionally privatize its aerospace and defense industries in the 1980s, whereas the neoliberal government in the United Kingdom established significant state control? To shed light on this puzzle, this article builds on the Varieties of Capitalism (VoC) and theorizes how different production regimes – complemented by distinct legal traditions – shape governments’ decisions about how to privatize state-owned industries. I argue that Germany’s coordinated market economy included informal networks between state and business actors that were based on trust. These relationships enabled the government to transfer ownership of the defense industries to the private sector without retaining any formal control. The United Kingdom’s liberal market economy, by contrast, lacked such informal trust-based networks. That explains why the British government maintained formal control instruments and thus intervened more forcefully in its aerospace and defense sector. The comparative process-tracing analysis draws on original sources, such as formerly secret archival files and interviews with decision-makers. The article’s contribution lies not only in extending the firm-centered logic of VoC to coordination between corporate actors and the state, but also in institutionalist theory-building: Trust-based coordination within informal networks systematically reduces vulnerabilities and can thus substitute for the arguably constant need of formal control.
Abbott, Kenneth et. al. (eds):The Governor’s Dilemma: Indirect Governance Beyond Principals and Agents. Oxford, Oxford University Press
Kruck, Andreas (2021)
Governing Private Security Companies: Politics, Dependence and the Problem of Control
Pages 141-159
This chapter retraces how states as governors have weighed and rebalanced the imperatives of competence and control in utilizing private military and security companies (PMSCs) as intermediaries. It argues that the complex and varying competence requirements of governors, derived from both their operational deficits and their legitimacy concerns, as well as changes in the salience of these equirements, have shaped the levels and modes of control imposed on PMSCs. Focusing on the United States, the chapter explains the shifting control mechanisms applied in different periods: 1) the 1990s and early 2000s, 2) the mid-2000s to early 2010s, and 3) the recent years until 2018. Competence–control theory contributes to a deeper understanding of states’ problem with controlling PMSCs. More generally, the chapter highlights that politics and power are key to grasping the evolution of control mechanisms in indirect forms of governance.
Work in Progress
Johansen, Andrea; Kruck, Andreas
Military AI and the transformation of the national security state
The adoption of Artificial Intelligence (AI) technology for military purposes poses a major challenge to states’ established institutions and modes of security policy-making. What shapes the evolution of the national security state, and its approach to securing relevant expertise, regarding the military use of AI? Existing research on transformations in security policy-making point to different structural drivers of change. On the one hand, rapid technological innovation suggests the empowerment of experts and technocratic governance. As for AI the main sources of technological innovation come from the private sector, technological pressures suggest a heavy reliance of the state on the private sector for military innovation. At the same time, heightened geopolitical competition and international security pressures suggest a build-up of state capacities and a reassertion of political control over military AI development. As the power rivalry between the US and China is heating up, incentives grow for policy-makers in military powers to pursue a geostrategic, state-controlled approach to AI development. In this paper, we study how technological innovation and geopolitical rivalry interact to shape reforms in the organization of the national security state and its relations to the private sector. Focusing on the US adoption of AI technology for operational planning from the mid-2000s to today, we retrace how technological innovation and geopolitical rivalry are mediated by interest and power constellations as well as institutional legacies and lead to changing designs of the national security state.
For further request: andreas.kruck{at}gsi.uni-muenchen.de
Kodaru, Yagnyashri; Sommer, Lorenz
Varieties of Defense Industrial Innovation. Explaining cross-sector variations in air and cyber warfare
In a threat environment marked by hybrid warfare, states’ approaches to defense innovation increasingly vary, with implications for strategic defense-industrial policy. Using a Neorealist Varieties-of-Capitalism framework, we causally explain such variation via divergent security pressures and procurement institutions. Through a comparative study of the U.S. air and cyber warfare sectors, we posit that concentrated security pressures lead to state-oriented procurement and incremental innovation because of strategic self-interests; while diffuse pressures foster market-oriented procurement and radical innovation because of commercial self-interests. Our findings challenge monolithic analyses of the U.S. as a liberal market economy, underscoring the need for sector-specific defense-industrial policies.
For further request: Y.Kodaru{at}gsi.uni-muenchen.de; Lorenz.Sommer{at}gsi.uni-muenchen.de
Kruck, Andreas; Sommer, Lorenz
The Return of the ‘Positive State’? Securitization of Critical National Infrastructures and Transformations in the Making of European Security
As Europe’s geopolitical neighborhood grows more hostile by the day, critical national infrastructures (CNIs) have come to be viewed as vital security issues across European countries. Existing theories suggest that the securitization of CNIs will drive state capacity-building for the governance of CNIs. Securitization thus bodes the return of the ‘positive’ state with regard to CNIs, which had previously been privatized and marketized. Yet, empirically, European states’ responses to the securitization of CNIs vary: Sometimes, they have indeed turned towards state capacity-building, whereas in other instances they have rather resorted to more – and more intrusive – rules for private CNI providers. What explains this variation? When do states rely on capacity-building and when do they rather expand their rule-making activity as previously privatized CNIs are securitized? Drawing on discursive and historical institutionalism, we argue that the type of threat constructions (concentrated supply threats vs. diffuse sabotage threats) and the state’s (liberal or statist) ideational-institutional legacies in a particular CNI sector shape its choice of regulatory or capacities-based instruments for securing threatened CNIs. Only if threat constructions focus on concentrated, supply-related threats and ideational-institutional legacies in the respective country and sector are statist, states will shift to centralized, direct, and capacities-based governance of CNIs. In all other constellations of threat constructions and ideational-institutional legacies, securitization will rather prompt an expansion of regulation of indirect and private CNI provision. We offer a mapping of 30 European states’ – regulatory and/or capacity-building – responses to the securitization of different telecommunication and energy (sub-)sectors. Based on this mapping, we conduct comparative case studies of British and French reforms in the governance of energy and telecommunications. Our empirical findings largely corroborate our theoretical expectations. They contribute to research on the geo-politicization of CNIs in Europe and shifting instruments of European security policymaking, while also yielding important policy implications.
For further request: andreas.kruck{at}gsi.uni-muenchen.de; Lorenz.Sommer{at}gsi.uni-muenchen.de