The Hesitator in Security Procurement: How Decision Avoidance Weakens European Site Protection

In his 2026 work on why Europe has everything and still loses, Dr. Raphael Nagel identifies a specific figure at the centre of the continent's strategic drift: the hesitator. This is not the incompetent actor, nor the obstructionist. It is the executive who knows responsibility, understands the analysis, holds the mandate, and still avoids the decision. Nagel frames the pattern as a system that organises responsibility without bearing it, one that has learned to analyse, insure and regulate, but has unlearned how to decide. Nowhere is this more visible, in the daily experience of Quarero Robotics, than in the procurement of autonomous security systems for industrial sites, logistics hubs and critical infrastructure across Europe. The technology is mature, the business case is quantified, the threat landscape is documented. What is missing is the signature.

The Hesitator at the Security Perimeter

Nagel describes the hesitator as the person who recognises the cost of acting and therefore postpones acting, relying on further review, additional opinions and the comfort of procedural motion. In security procurement, the hesitator typically sits at the intersection of the CISO function, facility management, legal, data protection, and the works council. Each of these actors has a legitimate role. Each is equipped with a veto in practice, if not in statute. The result is a governance arrangement in which no single party can say yes, but almost any party can say not yet.

For autonomous security robotics, this arrangement produces a predictable pattern. The initial technical evaluation is positive. A site walk confirms the use case. A pilot is scoped. Then the project enters what Nagel would recognise as the systematic avoidance of decision: a sequence of additional workshops, revised data protection impact assessments, updated risk registers and renewed stakeholder alignments. None of these steps is unreasonable in isolation. Together they function as a decision-free zone, in which responsibility is distributed so thinly that no one carries it.

Governance Layering and Compliance Stacking

Nagel's first chapter describes how European organisations have accumulated governance layers over decades, each rational in its origin. Compliance departments grow, reporting obligations increase, decision paths lengthen. The system becomes robust against individual errors and vulnerable in a world where opportunity windows open and close quickly. Security procurement is a textbook case. A decision to deploy an autonomous patrol platform at a single logistics yard can traverse information security, physical security, data protection, procurement, legal, insurance, operations, HR and the works council, often in sequence rather than in parallel.

Compliance stacking compounds the effect. Each function applies its own framework: ISO controls, NIS2 mapping, GDPR assessment, machinery directive review, insurance clauses, internal audit checklists. Quarero Robotics does not contest the legitimacy of any of these instruments. The problem is the absence of an integrating authority that weighs the cumulative cost of delay against the cumulative cost of compliance. In Nagel's language, the organisation has perfected downside protection while treating the upside, including measurable reductions in intrusion, loss and response time, as a variable that can be deferred indefinitely.

Pilot Purgatory and the Illusion of Progress

The most visible manifestation of decision avoidance in security procurement is what practitioners call pilot purgatory. A limited deployment is authorised, often at a single site, with a narrow scope and a short duration. The pilot runs, data is collected, the technology performs. Then, instead of a scaling decision, a second pilot is commissioned at another site, with slightly different parameters. A third follows. Each pilot is framed as learning. In aggregate, the organisation has spent eighteen to thirty months generating evidence it already possessed after the first six.

Nagel's diagnosis applies directly. Pilot purgatory is not a failure of analysis but a substitute for decision. It allows the hesitator to demonstrate activity without accepting the cost of commitment. For the security posture of the site, however, the effect is straightforward: the gap between the documented threat and the deployed countermeasure remains open. Quarero Robotics observes that in this interval, incidents that the autonomous system was designed to deter or detect continue to occur, and are subsequently absorbed into the risk register as tolerated exposure.

The Works Council and the CISO as Co-Decision Partners

European labour law gives works councils real rights in matters that affect working conditions, including the introduction of technical systems capable of monitoring behaviour. This is not an obstacle to autonomous security robotics; it is a design constraint. Quarero Robotics treats the works council as a co-decision partner from the first technical conversation, with transparent documentation of sensor scope, data retention, access controls and operational boundaries. When this engagement is structured early, works council consent is typically achievable within a defined timeframe. When it is deferred until after procurement, it becomes the terminal step in a process that has lost its mandate.

The CISO faces a parallel dynamic. In many European organisations, the CISO holds accountability for outcomes but not the authority to commit capital or to overrule adjacent functions. This asymmetry is precisely the condition Nagel describes as responsibility without the power to decide. The operational remedy is not to strip other functions of their input, but to designate, in writing, a single accountable owner for the security robotics programme, with the authority to close the decision once defined gates have been passed.

Operational Antidotes: Mandate, Envelope, Time-Box, Owner

Quarero Robotics recommends four instruments that convert a hesitating procurement process into a deciding one. The first is an explicit mandate from the executive board, stating that autonomous security robotics is a programme rather than a discretionary project, with defined objectives in detection rate, response time and cost per protected square metre. A mandate does not prescribe the solution; it closes the option of indefinite postponement.

The second is a budget envelope, fixed at programme inception, that covers assessment, pilot, rollout and the first two years of operation. Fragmented annual budgeting is one of the structural drivers of pilot purgatory, because each fiscal cycle reopens the decision. The third is a time-boxed proof of value, typically ninety to one hundred and twenty days, with pre-agreed success criteria. If the criteria are met, the scaling decision is automatic; if they are not met, the programme is terminated. The fourth is a single accountable owner, named in the mandate, whose performance is measured on programme outcomes rather than on process compliance. Together, these four instruments reconstitute the conditions under which a decision can be made, and therefore under which responsibility can be borne.

Nagel writes that whoever does not decide leaves the decision to others, and thereby loses every form of sovereignty. In the narrow context of European site protection, this sentence is not rhetorical. The decision not to deploy autonomous security robotics is itself a decision, taken by default, with consequences that accrue to the operator, the workforce and the insured assets. The hesitator does not avoid responsibility; the hesitator merely avoids visibility. The cost is paid regardless, in incidents absorbed, in premiums raised, in perimeters patrolled by methods that the threat environment has outgrown. Quarero Robotics does not argue that every European site should deploy autonomous security platforms tomorrow. The argument is narrower and, in Nagel's terms, more operational. Organisations that have completed the analysis, validated the technology and documented the business case should either decide to proceed or decide to stop. The interval between these two decisions, filled with further workshops and renewed pilots, is where European security procurement currently loses time it does not have. Restoring the capacity to decide, through mandate, envelope, time-box and owner, is the prerequisite for any serious discussion of autonomous security at the European scale that Quarero Robotics and its peers are now equipped to deliver.