THE CHOKEPOINT REPORT
Global Infrastructure Vulnerabilities Assessment
Beneath the surface, before the crisis
January 2026
EXECUTIVE SUMMARY
BOTTOM LINE UP FRONT
Infrastructure is now a domain of strategic competition. The chokepoints identified in this report are not theoretical vulnerabilities but active pressure points where disruption occurred, was attempted, or is being deliberately cultivated. 2025 marked a threshold year: grey-zone tactics against subsea cables crossed from isolated incidents to sustained campaigns; critical minerals weaponisation moved from threat to implementation; and the governance gaps that enable both remained unaddressed.
This inaugural Chokepoint Report assesses the ten most consequential infrastructure vulnerabilities across three domains: critical minerals and processing, subsea cables and digital infrastructure, and contested maritime corridors. Our methodology integrates physical vulnerability analysis with threat environment assessment and governance gap evaluation. We track not just where disruption could occur, but where it is occurring and who benefits.
Key Findings
- 1.Baltic Sea cable incidents increased 475% year-on-year (2024-2025), crossing the threshold from accident to coordinated campaign. Seven cables damaged in a three-month period; four vessels seized or investigated.
- 2.China controls 90%+ of rare earth processing and demonstrated willingness to weaponise this position through export controls on germanium, gallium, and antimony in 2024-2025. Western diversification efforts remain 5-10 years from meaningful impact.
- 3.Red Sea cable repairs now average 2.3x longer than Atlantic equivalents due to security environment. The corridor remains a dual-domain chokepoint affecting both maritime shipping and digital connectivity.
- 4.Taiwan Strait cable incidents show pattern consistency: Chinese-crewed vessels with flags of convenience, opaque ownership structures, and name/registry cycling. One conviction secured (Hong Tai 58 captain, 3 years).
- 5.Global cable repair capacity is inadequate: approximately 80 vessels serve 600+ cable systems. Average repair time doubled over the past decade. A coordinated attack on multiple cables would exceed response capacity.
METHODOLOGY
What Constitutes a Chokepoint
A chokepoint is a point in a system where disruption would cause disproportionate downstream effects relative to the physical or economic scale of the node itself. This distinguishes chokepoints from merely important infrastructure. Three characteristics define a chokepoint:
- Concentration: A disproportionate share of flows (material, data, energy) passes through a limited number of nodes
- Substitutability constraints: Alternative routes or sources cannot be activated quickly or at comparable cost
- Cascade potential: Disruption propagates across dependent systems rather than remaining contained
Assessment Framework
Each chokepoint is assessed across four dimensions:
| Dimension | Assessment Criteria |
|---|---|
| Physical Vulnerability | Concentration metrics, redundancy levels, depth/accessibility, repair complexity |
| Threat Environment | State actor interest, non-state capabilities, incident frequency, attribution patterns |
| Demand-Side Criticality | Economic dependencies, defence applications, substitution timelines, cascade pathways |
| Governance Gap | Jurisdictional clarity, enforcement mechanisms, international coordination, policy trajectory |
Scoring
Each dimension receives a score from 1 (low concern) to 5 (critical concern). The composite Chokepoint Severity Index weights threat environment and governance gap more heavily than physical vulnerability, reflecting the reality that most infrastructure is technically sound but institutionally exposed. We do not publish raw scores; rankings reflect integrated expert judgment rather than mechanical aggregation.
Data Sources
This report draws on systematic monitoring of publicly available sources including government statements, operator announcements, industry publications (TeleGeography, SubTel Forum, ICPC), maritime tracking data, and quality news media. We maintain proprietary databases tracking cable disruptions (180+ incidents, 2024-2026), policy changes (30+ export control actions), and facility disruptions. All claims are sourced; gaps are acknowledged.
THE 2026 CHOKEPOINT INDEX
The following ten chokepoints represent the highest-severity infrastructure vulnerabilities as of January 2026. Rankings reflect integrated assessment across all four dimensions; movement from prior years is not applicable for this inaugural edition.
| # | Chokepoint | Domain | Primary Risk |
|---|---|---|---|
| 1 | Rare Earth Processing Concentration | Critical Minerals | Weaponisation |
| 2 | Baltic Sea Cable Corridor | Subsea Infrastructure | Grey-zone campaign |
| 3 | Red Sea Dual Corridor | Maritime/Digital | Conflict spillover |
| 4 | Taiwan Strait Cables | Subsea Infrastructure | Grey-zone probing |
| 5 | Cobalt Supply Chain (DRC) | Critical Minerals | Concentration + instability |
| 6 | Global Cable Repair Capacity | Subsea Infrastructure | Systemic inadequacy |
| 7 | Lithium Processing (China) | Critical Minerals | Refining concentration |
| 8 | Egypt Cable Landing Concentration | Subsea Infrastructure | Geographic funnel |
| 9 | Graphite Processing Bottleneck | Critical Minerals | EV supply chain |
| 10 | ISA Regulatory Vacuum | Seabed Governance | Legal uncertainty |
CHOKEPOINT ANALYSIS
#1: Rare Earth Processing Concentration
Domain: Critical Minerals
The Concentration Problem
China controls over 90% of global rare earth element processing capacity. While rare earth mining is distributed across multiple countries (China 60%, Myanmar 10%, Australia 6%), virtually all ore must pass through Chinese refineries to become usable material. This processing concentration constitutes the most severe chokepoint in the global critical minerals system.
The 17 rare earth elements are essential inputs for permanent magnets (wind turbines, EV motors), catalysts (petroleum refining), phosphors (displays, lighting), and numerous defence applications. There is no technological substitute for most applications; reduced supply means reduced production, not alternative sourcing.
2025 Developments: Weaponisation Threshold Crossed
China demonstrated willingness to weaponise processing dominance through a sequence of export control actions:
- • July 2023: Export controls on gallium and germanium (semiconductor inputs)
- • October 2024: Export controls on antimony (military applications, flame retardants)
- • December 2024: Ban on exports of gallium, germanium, and antimony to United States
- • January 2025: Enhanced end-user verification requirements for rare earth exports
This sequence reveals a deliberate escalation pattern, not reactive policy. Each action tested Western response capacity before proceeding to the next. The pattern suggests further restrictions are planned contingent on geopolitical developments.
Mitigation Status
Western diversification efforts remain 5-10 years from meaningful impact. MP Materials (California) is the only significant non-Chinese rare earth processor in the Western hemisphere; its capacity represents less than 5% of global demand. Lynas (Australia) operates processing in Malaysia but faces permit uncertainties. European projects remain at feasibility stage. The gap between political rhetoric and industrial reality is stark.
#2: Baltic Sea Cable Corridor
Domain: Subsea Infrastructure
The Corridor
The Baltic Sea hosts over 35 submarine cables connecting eight NATO member states plus Russia. Shallow waters (average depth 55m), heavy shipping traffic, and confined geography create inherent vulnerability. The sea is accessible only through three narrow straits controlled by Denmark—a physical chokepoint containing a digital one.
2024-2025: Campaign Threshold
Incident frequency crossed from sporadic to systematic:
- • October 2023: Balticconnector gas pipeline and two data cables damaged. Chinese vessel Newnew Polar Bear identified; anchor found at Russian port.
- • November 2024: BCS East-West Interlink and C-Lion1 cables severed. Chinese vessel Yi Peng 3 dragged anchor 160km. Swedish investigation concluded: inconclusive on intent.
- • December 2024: EstLink 2 power cable and four data cables damaged. Russian shadow fleet vessel Eagle S seized by Finland; captain charged.
- • January 2025: Sweden-Latvia cable damaged. Vessel Vezhen seized; Swedish investigation concluded accidental.
- • December 2025-January 2026: Five cables damaged in 72-hour period. MV Fitburg seized with sanctioned Russian steel; crew detained.
Pattern analysis: Vessels involved share characteristics—flags of convenience, opaque ownership, routes from Russian ports, anchor deployment in cable proximity. Whether coordinated sabotage or cultivated negligence, the effect is identical: persistent disruption with plausible deniability.
Response Measures
NATO launched Baltic Sentry (January 2025) deploying frigates, patrol aircraft, and naval drones. The Joint Expeditionary Force activated Nordic Warden AI-based vessel tracking. Finland pioneered aggressive boarding and seizure. However: no prosecution has yet proven intent. Jurisdictional gaps under UNCLOS Article 97 (flag state jurisdiction on high seas) remain unaddressed. The governance gap enables the threat environment.
#3: Red Sea Dual Corridor
Domain: Maritime/Digital
The Red Sea corridor demonstrates how maritime and digital infrastructure vulnerabilities couple. Seventeen submarine cables transit the Bab el-Mandeb strait alongside 12% of global shipping. The Houthi campaign against commercial vessels (November 2023-present) created a threat environment affecting both domains simultaneously.
Cable damage in February 2024 (AAE-1, Seacom, EIG) was attributed to the drifting anchor of the Rubymar, a vessel struck by Houthi missiles. Whether deliberate or collateral, the effect demonstrated dual-domain cascade: shipping reroutes around the Cape while cable repairs face security delays. Average repair time in Red Sea corridors now exceeds Atlantic equivalents by 2.3x due to permitting delays and security requirements for repair vessels.
The September 2025 cable cuts (SMW4, IMEWE) degraded connectivity for India, Pakistan, Saudi Arabia, the UAE, and Kuwait. Microsoft Azure reported elevated latency for Asia-Europe traffic. The ICPC attributed damage to commercial shipping activity—the same ambiguity that pervades Baltic incidents.
#4: Taiwan Strait Cables
Domain: Subsea Infrastructure
Taiwan depends on 14 international and 10 domestic submarine cables for global connectivity. The Taiwan Strait is among the world's busiest waterways, with over 1,000 cargo ships transiting weekly. This combination—high dependency, high traffic, contested sovereignty—creates acute vulnerability.
Since 2023, at least 11 cable incidents have been recorded around Taiwan. Pattern consistency suggests coordination: Chinese-crewed vessels, flags of convenience (Togo, Cameroon, Tanzania), frequent name and registry changes, opaque ownership structures. In June 2025, Taiwan secured its first conviction—the captain of Hong Tai 58 received three years for deliberately severing the TPKM-3 cable. This represents the only confirmed deliberate sabotage conviction globally.
Taiwan has responded with enhanced Coast Guard patrols, mandatory AIS requirements, and legislative penalties. However, as with the Baltic, proving intent remains exceptionally difficult. The grey zone operates precisely in this ambiguity.
CROSS-CUTTING ISSUE: GOVERNANCE GAPS
The chokepoints identified in this report share a common enabler: inadequate governance frameworks. Three gaps are particularly consequential:
1. Flag State Jurisdiction (UNCLOS Article 97)
Vessels on the high seas are subject only to their flag state's jurisdiction. Flags of convenience (St Vincent and the Grenadines, Cook Islands, Togo) provide effective immunity from prosecution. Finland's Eagle S case collapsed because prosecutors could not prove intent, and any negligence finding must be pursued by the flag state. The governance gap is not accidental—it is the mechanism by which grey-zone operations achieve deniability.
2. Critical Infrastructure Definition
Most jurisdictions lack legal frameworks designating submarine cables as critical infrastructure with associated protections. The 1884 Convention for the Protection of Submarine Cables predates modern telecommunications and provides only civil liability. US legislation (Undersea Cable Control Act, Strategic Subsea Cables Act) advanced in 2025 but is not yet enacted. EU proposals remain at consultation stage.
3. Repair Capacity Coordination
Approximately 80 cable repair vessels serve 600+ cable systems globally. Most are engaged in new cable deployment rather than maintenance. No international mechanism coordinates repair prioritisation during multi-incident scenarios. The February 2025 EU proposal for €1 billion investment in surveillance and repair capacity addresses the symptom but not the coordination gap.
OUTLOOK: 2026 AND BEYOND
The trajectory is toward increased infrastructure competition, not stabilisation. Three developments will shape the 2026 threat environment:
- 1.China's export control escalation: The pattern established in 2023-2025 suggests further restrictions contingent on US-China relations. Rare earth processing controls remain available but unused—a capability held in reserve.
- 2.Baltic normalisation: Absent successful prosecutions, cable incidents risk becoming accepted background noise. NATO presence raises costs but does not eliminate capability. The threshold for escalation has shifted.
- 3.Repair capacity stress test: Multiple simultaneous incidents—whether coordinated or coincidental—would expose systemic inadequacy. The December 2025-January 2026 Baltic cluster strained regional response; a similar cluster in the Red Sea or Pacific would exceed capacity.
Infrastructure is where geopolitics becomes material. The chokepoints mapped in this report are not future risks but present vulnerabilities, actively tested and increasingly exploited. The question is not whether disruption will occur but whether responses will match the sophistication of the threat.
THE SUBSURFACE CENTRE
London
www.subsurfacecentre.org
© 2026 The Subsurface Centre. All rights reserved.