How a Nordic-led international taskforce is disrupting the gig economy of organised crime — and why the business community should pay attention
When Swedish police superintendent Theodor Smedius addressed the press last month, he delivered a statistic that should concern every boardroom in Northern Europe: 280 arrests in one year, nearly half linked to Swedish criminal environments, with the youngest suspect just ten years old. But beneath the headline numbers of Operation Grimm lies a more troubling narrative for the business community — the industrialisation of violence through digital platforms, and the systematic recruitment of Generation Alpha into what Europol now terms “violence-as-a-service” (VaaS).
From Street Corners to Smartphones: The Business Model of Modern Violence
Operation Grimm, launched in April 2025 as a Swedish-led initiative under Europol’s European Serious and Organised Crime Centre, represents a fundamental shift in how criminal enterprises operate. The taskforce — now comprising Belgium, Denmark, Finland, France, Germany, Iceland, the Netherlands, Norway, Spain, Sweden, and the United Kingdom — targets not traditional turf wars, but a distributed, platform-based criminal economy.
The VaaS model operates with unsettling efficiency. Criminal networks have adopted a four-tier structure that mirrors legitimate platform economies: the instigator (the client ordering violence, often operating from abroad), the recruiter (using social media and gaming platforms to identify vulnerable youth), the enabler (providing logistics, weapons, and financial infrastructure), and the perpetrator (typically an inexperienced minor with no prior connection to organised crime).
This is not opportunistic delinquency. It is a deliberate business strategy. Swedish police estimate approximately 62,000 people are active in or connected to criminal networks nationwide, with 14,000 identified as active members. The networks range from motorcycle gangs to family-based operations, but all share a common dependency on digital infrastructure for recruitment and coordination.
The Foxtrot Network: A Case Study in Transnational Criminal Enterprise
No analysis of Sweden’s VaaS ecosystem is complete without examining the Foxtrot network, led by Rawa Majid, the 39-year-old “Kurdish Fox” who has become Europe’s most wanted gangster. Majid’s operation illustrates the geopolitical dimensions of modern organised crime — Foxtrot has been sanctioned by the US Treasury for carrying out attacks on Israeli and Jewish targets in Europe on behalf of Iran’s Ministry of Intelligence, including the January 2024 attack on the Israeli embassy in Stockholm.
The network’s second-in-command, Mohamed “Moewgli” Mohdhi, 28, currently believed to be in Tunisia, has emerged as a particularly violent priority target for Swedish authorities. According to SVT’s criminal affairs reporter Diamant Salihu, Mohdhi has transitioned from narcotics trafficking to suspected coordination of murders, including incidents in Vårby and Malmö in March 2026 where a 15-year-old girl was arrested as the suspected perpetrator.
The arrest of Ali Shehab, a 21-year-old dual Swedish-Iraqi national and key Foxtrot figure, in Iraq’s Kurdistan Region in December 2025 marked a significant operational success. Shehab, wanted for instigating five murders and 23 attempted murders, was detained following long-term cooperation between Swedish and Iraqi authorities — demonstrating the cross-border coordination required to dismantle these networks.
The Child Recruitment Crisis: A Governance Challenge
Perhaps the most disturbing development for policymakers and business leaders is the systematic targeting of children. Swedish police have identified children as young as ten being recruited through digital platforms, with assignments communicated “completely openly on digital marketplaces” . National Police Chief Petra Lundh has described how 12-, 13-, and 14-year-olds carry out violent assignments “as if they were extra jobs,” often orchestrated remotely by gang leaders based abroad.
The statistics are stark. The number of children under 15 suspected in murder cases has surged fivefold in just two years. In 2024, approximately 1,700 children under 18 were identified as active members of criminal networks — 13% of Sweden’s organised crime actors. Within the 15-20 age group, serious violent crime suspects increased by nearly 400% between 2014 and 2023.
This recruitment strategy exploits Sweden’s legal framework. Children under 15 cannot be convicted of crimes, while those aged 15-17 face significantly reduced sentences. The government has responded with legislative reforms — including the 2023 law criminalising the recruitment of minors into criminal activity (punishable by up to four years imprisonment) and the removal of automatic sentence reductions for serious crimes committed by 18–20-year-olds. From July 2025, a new Social Services Act aims to strengthen prevention, with special youth prisons for 15–17-year-olds planned for 2026.
Operation Grimm: Results and Strategic Assessment
The first year of Operation Grimm (April 2025-April 2026) has yielded measurable results:
- 280 suspects arrested, including six High Value Targets
- Over 14,000 accounts identified across investigations
- More than 1,417 individuals linked to VaaS activities identified
The operational breakdown reveals the taskforce’s focus on disrupting the VaaS supply chain: 63 perpetrators arrested (preventing violent crimes), 40 enablers apprehended, 84 recruiters detained, and six instigators arrested including five High Value Targets.
Recent cases illustrate the transnational nature of the threat: a triple shooting in Oosterhout, Netherlands (March 2025) led to arrests in Sweden and Germany; an attempted murder in Tamm, Germany (May 2025) resulted in suspects detained in the Netherlands; and a murder plot in Spain (July 2025) saw six arrests including a minor, with firearms and ammunition seized.
The January 2026 arrest in Iraq of a 21-year-old Swedish national — a High-Value Target on the EU Most Wanted list linked to Foxtrot — marked a significant milestone, demonstrating the operation’s reach beyond European borders.
The Tech Platform Dilemma: Regulation vs. Responsibility
Superintendent Smedius has been explicit about the critical role of tech industry cooperation. Swedish police have held multiple meetings with major technology companies, yet “there are platforms that are still not coming to the table” . The 14,000 identified accounts linked to digital recruitment underscore the scale of platform-based criminal coordination.
The recruitment methodology reveals sophisticated exploitation of platform ecosystems. Criminal networks use public platforms like Meta and X as entry points — innocuous posts, memes, music video comments — before funneling respondents into larger group chats on Telegram, and finally into encrypted channels where assignments are issued. The EU’s Digital Services Act and Digital Markets Act have inadvertently pushed recruiters toward coded language and visual culture (violent memes, gore-coded content) that can “brand extremist narratives” while evading automated detection.
For the business community, this presents a dual challenge: technology companies face increasing regulatory pressure to moderate content without undermining encryption-based privacy protections, while legitimate businesses must navigate reputational and security risks associated with platform-based criminal coordination.
Market Implications: Why Business Leaders Should Monitor VaaS
The VaaS phenomenon carries significant implications for Nordic business:
1. Security Infrastructure and Corporate Risk Management
The industrialisation of violence means corporate security can no longer rely on traditional threat assessments. The 621 explosion offences recorded in Sweden in 2025 — the highest level reviewed — indicate that criminal violence is shifting form rather than receding. Businesses with cross-border operations, particularly in logistics, retail, and financial services, must reassess physical and digital security protocols.
2. Labour Market and Youth Employment
With approximately 17,500 active gang criminals remaining in Sweden, the competition for young talent extends beyond legitimate employers. Criminal networks offer immediate financial rewards, status, and belonging — particularly attractive to youth in underserved communities. Corporate social responsibility initiatives and youth employment programmes are not merely philanthropic; they are strategic investments in community stability.
3. Regulatory Compliance and Financial Crime
The VaaS economy relies on sophisticated money laundering through corporate entities. The Operation Candy investigation, which began with two seized phones in western Sweden, uncovered interconnected criminal networks using “a sophisticated web of corporate entities to obscure ownership, logistics and financial flows”. This has direct implications for Know Your Customer (KYC) protocols, supply chain due diligence, and anti-money laundering compliance.
4. Geopolitical Risk Exposure
The Foxtrot network’s documented cooperation with Iranian intelligence illustrates how organised crime and state-sponsored activity increasingly converge. Businesses with operations in regions where criminal networks maintain state relationships must factor this into geopolitical risk assessments.
The Road Ahead: Adaptation and Resilience
Operation Grimm enters its second year with clear priorities: further disruption of criminal service providers, strengthened cross-border intelligence sharing, and closer cooperation with technology companies to detect and block recruitment activities. The UK has joined the taskforce, expanding its operational footprint.
However, Swedish police caution that criminal networks are adapting faster than authorities. National Police Chief Lundh has warned that groups are “well organised, well financed and able to respond rapidly to changes in enforcement”. The decline in shootings — while welcome — may represent a tactical shift rather than strategic defeat, with criminal violence evolving toward explosions and other forms of intimidation.
The Nordic response is also evolving. Denmark, Finland, Norway, and Iceland’s participation in Grimm reflects recognition that Swedish gang crime has become a regional phenomenon. The Nordic Child Protection Conference in Stockholm (June 2025) highlighted the systemic weaknesses — absent early intervention, inconsistent support — those criminal networks exploit.
Analysis: The Governance Gap in the Platform Economy
Operation Grimm reveals a fundamental governance gap: criminal networks have successfully platformised violence before democratic institutions have platformised their response. The VaaS model leverages the same infrastructure — social media, encrypted messaging, digital payments — that powers legitimate commerce, but operates across jurisdictions with asymmetric legal frameworks.
For Nordic business, the key insight is that this is not a law enforcement problem with business implications, but a market structure problem with security implications. The “gig economy” of violence functions because it minimises transaction costs, obscures accountability, and exploits regulatory arbitrage between platforms, jurisdictions, and age-based legal protections.
The businesses most likely to thrive in this environment are those that treat community safety as a competitive advantage — through robust supply chain verification, youth employment pipelines, and security protocols that account for distributed, platform-based threats. Those that ignore the VaaS phenomenon risk operational disruption, reputational damage, and regulatory exposure as governments inevitably expand compliance requirements.
What’s Next: The Follow-Up Story
Nordic Business Journal will continue tracking Operation Grimm’s second year with a focus on the regulatory response. Our upcoming feature will examine:
- The EU’s evolving Digital Services Act enforcement against platform-based criminal recruitment, with exclusive analysis of compliance costs for Nordic tech firms
- Corporate best practices in supply chain security and KYC protocols drawn from Operation Candy’s revelations about criminal use of corporate structures
- The Nordic labour market response — how Swedish municipalities, businesses, and social services are collaborating to provide alternatives to gang recruitment
We want to hear from you. Are you seeing VaaS-related security impacts in your sector? How is your organisation adapting to the platformisation of criminal coordination?
Connect with our editorial team:
- LinkedIn: Nordic Business Journal
- Secure tip line: For sensitive information regarding organised crime and corporate security, contact investigations@nordicbusinessjournal.com (Signal available)
This article was prepared with reference to official Europol communications, Swedish Police Authority statements, and verified investigative reporting. Nordic Business Journal is committed to responsible coverage of organised crime that informs business decision-making without glorifying criminal activity.
About the Author: Nordic Business Journal’s security and regulatory affairs desk covers the intersection of organised crime, digital policy, and corporate risk management across Northern Europe.