Risk Intelligence: How the Russia-Ukraine war reshapes Baltic Sea risk

The Baltic Sea is no longer defined primarily by traditional challenges such as weather, congestion, and routine port-state compliance. Instead, it is increasingly shaped by the spillover effects of a major interstate conflict into what was previously a relatively low-tension maritime environment.

As explained, today’s threat profile combines low-visibility hybrid risks, such as sabotage of subsea infrastructure and widespread AIS/GNSS interference, with the possibility of intermittent kinetic spillover, including long-range strikes targeting port and energy export infrastructure.

At the same time, sanctions enforcement has become more assertive and politically sensitive. Inspections and detentions across the Baltic are now more intrusive, increasing the potential for miscalculation, particularly around naval escorts and key chokepoints.

Even in cases where vessels are not directly targeted, the heightened uncertainty is having a tangible impact on operations, influencing routing decisions, anchorage patterns, insurance considerations, and overall contractual performance.

Impact on traffic flows and port operations

The strikes on Ust-Luga and Primorsk have had immediate and measurable effects on vessel traffic and port operations. Risk Intelligence monitoring throughout 2025 and 2026 has recorded pronounced congestion at Ust-Luga following drone strikes on associated port infrastructure and feeder pipelines. Where normal anchorage patterns typically involve a limited number of tankers rotating through loading windows, the number of vessels at or near anchorage rises sharply in the days following confirmed attacks.

These congestion patterns are significant not only as indicators of physical disruption, but also as signals of increased caution by operators and charterers. Extended idle time at anchor, uncertainty over berthing schedules, and the possibility of follow-up strikes all contribute to operational delays.

Over time, the cumulative effect has been a subtle redistribution of traffic, with greater reliance on alternative routes and terminals where feasible, and increased volatility in port calls at Russian Baltic facilities. For merchant shipping, a further emerging threat is the potential of collateral damage from drones that are intercepted, malfunction, or lose guidance while transiting congested maritime areas. Experiences from the Black Sea show that air-defence activity against incoming drones has repeatedly resulted in debris falling into ports and anchorages, damaging civilian vessels and shore-side infrastructure, even where merchant shipping was not the intended target.

In several cases, drones that failed to reach their primary objectives have struck or exploded near commercial ships waiting at anchor or alongside, highlighting how dense traffic patterns amplify unintended risk. As drone operations expand into geographically constrained seas such as the Baltic, the probability of similar spillover increases, particularly in port approaches, traffic separation schemes, and anchorage areas.

For operators, this reinforces that proximity to ports or energy infrastructure can mean increased exposure to warfare in the Baltic, even in the absence of deliberate targeting.

AIS and GNSS interference as normalised operational friction

Another increasingly relevant, but less visible dimension of the Baltic Sea threat environment—and the wider Russian hybrid activity campaign—is the potential recruitment, coercion, or exploitation of foreign seafarers by Russian intelligence services. This threat has been highlighted in Risk Intelligence assessments since 2024 and has become more pronounced as Russia has expanded its hybrid activity against NATO states and critical maritime infrastructure.

When calling Russian ports—including Ust-Luga, Primorsk, and other Baltic facilities—it is assessed as plausible that Russian authorities may seek to exploit access to visiting crews with non-Russian flags or mixed nationalities. The mechanisms for such activity are intentionally opaque, but may include informal security interviews, prolonged inspections, alleged documentation irregularities, or pressure linked to port clearance and departure permissions.

Alternatively, if seafarers are identified by Russian intelligence services through various means, initial contact may take the form of messages via social media channels.

The operational rationale for Russian intelligence is clear: seafarers have unique access to vessel systems, anchoring equipment, and navigational practices, and they routinely transit areas containing critical subsea infrastructure, including pipelines, power interconnectors, and communications cables. Risk Intelligence assessments have previously noted that sabotage conducted via anchor dragging or other ostensibly accidental actions offers a low-cost and deniable method of imposing strategic volatility for NATO in the Baltic Sea environment.

Even absent direct tasking of sabotage, crews may be pressured into passive intelligence collection, such as reporting on inspection regimes, port security measures, offshore activity, or the locations and movements of naval or coast guard vessels.

Aggregated across multiple vessels and crews, such information can provide valuable situational awareness for Russian authorities at a time when NATO states are increasing monitoring and enforcement activities.