The 2024 European Parliament election took place June 6-9, 2024, with hundreds of millions of Europeans from the 27 countries of the European Union electing 720 members of the European Parliament. This was the first election after Brexit and without the UK, and it had an impact on the Internet. In this post, we will review some of the Internet traffic trends observed during the election days, as well as providing insight into cyberattack activity.
Elections matter, and as we have mentioned before (1, 2), 2024 is considered “the year of elections”, with voters going to the polls in at least 60 countries, as well as the 27 EU member states. That’s why we’re publishing a regularly updated election report on Cloudflare Radar. We’ve already included our analysis of recent elections in South Africa, India, Iceland, and Mexico, and provided a policy view on the EU elections.
The European Parliament election coincided with several other national or local elections in European Union member states, leading to direct consequences. For example, in Belgium, the prime minister announced his resignation, resulting in a drop in Internet traffic during the speech followed by a clear increase after the speech was over. In France, we saw a similar pattern with the announcement of legislative snap elections.
From analyzing patterns seen during previous elections in France and Brazil, we know that Internet traffic often decreases during voting hours, though not as significantly as during other major events like national holidays. This usual drop is typically followed by an increase in traffic as election results are announced.
Let’s start with a wider picture of the 2024 European Parliament election, focusing on the time of the biggest drop in Internet HTTP requests during the election days as compared to the previous week. Note that there were some national or local elections taking place at the same time, and European Union elections are known to have low turnout compared to national and local ones.
Drops greater than 10% were observed only in the Czech Republic, Luxembourg, Slovakia, Cyprus, Belgium, Estonia, and Croatia. The table below includes the percentage that traffic dropped and the specific time during the election day it occurred. In countries with more than one election day, we considered the time and day of the biggest drop.
| Countries | Elections day(s) | Local time | Drop in traffic % |
|---|---|---|---|
| Czech Republic | June 7 - 8 | June 8, 14:30 | -20% |
| Luxembourg | June 9 | 12:45 | -18% |
| Slovakia | June 8 | 15:45; 19:00 | -16% |
| Cyprus | June 9 | 10:00 | -16% |
| Belgium | June 9 | 11:45 | -14% |
| Estonia | June 7-9 | June 9, 9:00 | -13% |
| Croatia | June 9 | 18:00 | -12% |
| Poland | June 9 | 18:00 | -10% |
| Netherlands | June 6 | 10:15 | -10% |
| Germany | June 9 | 13:45 | -10% |
| Ireland | June 7 | 7:15 | -9% |
| Finland | June 9 | 9:00 | -9% |
| Portugal | June 9 | 15:45 | -9% |
| Malta | June 8 | 12:15 | -9% |
| Latvia | June 8 | 08:30, 16:15 | -9% |
| Slovenia | June 9 | 18:00 | -8% |
| Hungary | June 9 | 6:00 | -8% |
| Austria | June 9 | 12:30 | -7% |
| Italy | June 8 - 9 | June 9, 16:00 | -6% |
| France | June 9 | 13:30 | -6% |
| Bulgaria | June 9 | 19:45 | -5% |
| Greece | June 9 | 8:00 | -5% |
| Spain | June 9 | 13:00 | -4% |
| Lithuania | June 9 | 8:00 | -3% |
| Romania | June 9 | 9:45 | -1% |
| Denmark | June 9 | - | - |
| Sweden | June 9 | - | - |
The data in the list above shows that Central European countries had the highest drop in Internet traffic, particularly the Czech Republic and Slovakia. Eastern Europe saw significant drops in Estonia and Poland. Southern Europe had consistent moderate drops across multiple countries, with Cyprus and Croatia showing higher losses. Northern Europe showed minimal to no traffic drop in Scandinavian countries, with Finland and Ireland experiencing moderate declines.
Looking at the specific (local) times of day during voting periods on election days, morning drops (06:00 - 10:00) were more common in Northern and Eastern Europe. Late morning to early afternoon drops (10:15 - 14:30) were predominantly observed in Western and Central Europe. Late afternoon drops (15:45 - 19:45) were more common in Central and Southern Europe.
Impact of notable announcements in Belgium and France
There’s more to say when we look at specific country trends. The 27 members of the European Union bring diversity in habits, languages, and cultures. That also impacted traffic, and this election in particular had a national impact in some of the countries.
In Belgium, national and regional elections took place on the same day, June 9. After polling stations closed at 16:00 local time (14:00 UTC), HTTP requests followed the typical pattern of increasing, peaking at 21:15 local time (19:15 UTC), with 7% more requests than the previous week. This trend was interrupted by Prime Minister Alexander De Croo’s speech at around 22:00 local time (20:00 UTC), admitting defeat in the national elections. This pattern is typical when important announcements are broadcast on TV, impacting Internet traffic.
How about France? President Emmanuel Macron announced at around 21:00 local time (19:00 UTC) that he would dissolve the national parliament for a snap legislative election. This followed the EU elections that gave a victory to his rival Marine Le Pen’s National Rally in the European Parliament vote. At the time of his speech, requests dropped 6% compared to the previous week, and increased right after Macron’s speech, peaking at 22:15 local time (20:15 UTC) with a 6% increase.
After voting ends, traffic increases
It was not only Belgium and France that had typical increases in HTTP requests at night when the first projections and results started to be announced. The same happened in the Netherlands, the first European country to enter the 2024 European Parliament election, on Thursday, June 6.— We have previously written about Dutch political websites being attacked on that day. Traffic was 4% higher than usual after 20:30 local time (18:30 UTC), and peaked at 01:15 with a 15% increase compared to the previous week.
Similar trends were seen in Italy on June 9, and in Germany on the same day. In Germany, at 21:45 (19:45 UTC), requests were already 8% higher, with a 23:00 (21:00 UTC) drop of 2% during election speeches, and a peak at 00:30 (22:30 UTC) with an 18% increase.
The same night-time trends were observed in other countries:
- Slovakia had a peak increase of 24% at 23:45 local time (21:45 UTC) on June 8.
- Spain saw a 21% peak increase at 21:00 local time (19:00 UTC) on June 9.
- Poland had a 9% peak increase at 01:45 local time (23:45 UTC).
- Portugal experienced a 29% peak increase at 00:15 local time (23:15 UTC).
- Croatia had a 19% peak increase at 23:00 (21:00 UTC).
- Slovenia had a 19% peak increase at 22:45 (20:45 UTC).
- Lithuania had a 22% peak increase at 23:00 (20:00 UTC).
- Estonia saw the highest peak increase, reaching 35% at 00:00 (21:00 UTC).
Growing interest in election information and news
Switching to domain trends, DNS traffic (using our 1.1.1.1 resolver) shows a more specific impact related to elections. Social media platforms invited users in Europe to vote, sometimes giving European or local websites as a reference. Here’s an example from Instagram:
Did this increase traffic to election-related sites in the European Union? Our DNS data shows a 26x peak growth at 19:00 UTC on Sunday, June 9, 2024. DNS traffic was already much higher compared to the previous week on June 8, with a peak growth of 8x at 17:00 UTC.
Looking at European news outlets’ domains, there was an initial 1.68x increase (compared to the previous week) at 13:00 UTC on June 9, 2024, and a second peak at 19:00 UTC.
For local election-results sites, there was a significant 55x peak growth at 22:00 UTC on June 9, 2024, compared to the previous week.
Government-focused cyberattacks
Focusing on attacks, as mentioned above, we recently published a blog post about the cyberattack on Dutch political-related websites that lasted two days – June 5 and 6. The main DDoS (Distributed Denial of Service attack) attack on June 5, the day before the Dutch election, reached 73,000 requests per second (rps).
Looking at government or state-related websites in the European Union in 2024, there have been several spikes in attacks targeting defense organizations, European courts, and educational institutions since the year started.
The main one was on February 25, 2024, when Cloudflare blocked a DDoS attack on a French government website that reached 420 million requests per hour and lasted over three hours.
Between January and June 2024, government sites in Belgium, France, and Germany were the main targets, receiving 49%, 25%, and 10% respectively of attack requests targeting EU government-related sites.
In a broader view, from January 1 to June 9, Cloudflare mitigated 8.6 billion threats to government websites in the EU, with 68% of those being DDoS threats. This amounts to an average of 53.42 million threats mitigated per day. These trends highlight the ongoing threat to critical infrastructure across Europe, with government sites frequently targeted by cyberattacks.
Just before the elections
Focusing on the five weeks before the EU election, we didn’t see significant attacks on European election-related organizations. However, there were a few DDoS threats that targeted government sites from European Union member states. Notable instances include attacks on the Bulgarian government on June 6, the French government on May 11 and June 9, another in France on May 23, Sweden on May 18 and April 29, and Denmark on May 7.
These attacks were not very large compared to others mentioned. The largest targeted the Bulgarian government on June 6, with 122 million daily DDoS requests and a peak of 110,500 requests per second at 11:29 local time (08:29 UTC).
On election day in France, June 9, a French government website was also the target of a smaller attack, with 42,000 DDoS requests per second at 11:57 local time (09:57 UTC).
Conclusion
The 2024 European Parliament election had some clear impacts on Internet traffic, and cyber threats were looming in the weeks before, most notably the Dutch political-related attack around election day.
While voting led to typical drops in Internet traffic, the announcement of results and significant political events caused spikes in activity.
If you want to follow more trends and insights about the Internet and elections in particular, you can check Cloudflare Radar, and more specifically our new 2024 Elections Insights report, that we’re updating as elections take place throughout the year.
(Jorge Pacheco contributed to the cyberattacks section of this blog post)