Today, 27.03.2026
Good morning, Human. The European Investment Fund (EIF) just announced the largest fund of funds in European history, and the timing is anything but coincidental. While Silicon Valley spent the week untangling a supply chain attack that exposed the fragility of AI compliance infrastructure, Luxembourg quietly unveiled a €15 billion vehicle designed to solve a problem that has haunted European tech for decades: the growth capital gap.
The Lead: Europe's €15 Billion Bet on Scaling Its Own Champions
The numbers are stark. European startups receive roughly one-quarter of the late-stage venture capital that flows to their American counterparts. By the time a promising company reaches Series B, the funding gap becomes a chasm – European rounds average 20% smaller than US equivalents, according to World Fund research. The result? Europe's most ambitious companies either slow down or raise from non-European investors, with an inevitable shift in strategic gravity toward Silicon Valley.
The European Tech Champions Initiative 2 (ETCI 2), announced this week by the EIF, represents a structural response to this problem. The fund of funds will back approximately 100 venture capital funds – both "mid-size" vehicles targeting €300-600 million and "mega funds" of €1 billion or more. The first close is expected by summer 2026.
Here's the mechanism hiding under the headline: ETCI 2 isn't just bigger than its predecessor (which raised €3.9 billion and backed 14 funds including Atomico, Headline, and Eurazeo). It's architecturally different. The first iteration relied on the European Investment Bank and six member states. The second aims to involve as many EU countries as possible while actively courting institutional investors – insurers, pension funds, and commercial banks – who have historically sat on the sidelines of European venture capital.
The EIF and EIB have already committed €1.25 billion as anchor capital. The eventual goal, according to Tech Funding News, is to unlock up to €80 billion in scaleup financing across Europe. Individual fund investments will reach up to €200 million – far greater than the €60 million average under ETCI 1.
Why does this matter now? The EIF estimates Europe's late-stage funding gap at approximately €70 billion compared to the US. That gap isn't just a financial inconvenience – it's a sovereignty issue. When European companies must seek American capital to scale, they often relocate staff, research, and operations. The continent invents technologies, then watches them mature elsewhere.
ETCI 2 will be "complementary" to the European Commission's planned €5 billion Scaleup Europe Fund, which invests directly into deeptech companies. The two vehicles are designed to reinforce each other, with ETCI potentially backing funds that invest in opportunities created by the Scaleup programme.
Watch the calendar: the summer first close will signal whether Europe's institutional investors are ready to back this ambition with actual capital.
The Infrastructure Play: Czech IoT Wins Vilnius
While Brussels debates funding mechanisms, Vilnius is demonstrating what European tech sovereignty looks like in practice. Czech firm ACRIOS Systems has completed what Tech.eu describes as one of the largest IoT deployments in Central and Eastern Europe: 10,000 data concentrators installed across Lithuania's capital in just five months, enabling remote meter reading for more than 500,000 residents.
The project matters beyond its scale. ACRIOS won the contract through an open competitive tender against established global players. Each concentrator services up to 800 individual meters, and every unit shipped pre-configured with customer SIM cards loaded and settings applied – saving tens of thousands of minutes of field configuration.
The deeper story is interoperability. Most European cities carry decades of accumulated utility infrastructure: meters from different manufacturers, different generations, different communication protocols. ACRIOS built its products to connect devices from multiple manufacturers into a unified data layer, integrating existing infrastructure rather than requiring expensive "rip-and-replace" programmes. In Vilnius, this removed the city's dependence on a single provider and enabled competition among meter vendors.
This is "Made in Europe" hardware solving European problems – the kind of capability that ETCI 2 is designed to scale.
The Trust Fracture: LiteLLM, Delve, and the Compliance Paradox
Silicon Valley's two biggest dramas of the week have intersected in ways that feel almost scripted. TechCrunch reports that LiteLLM – the Y Combinator graduate whose open-source AI gateway is downloaded up to 3.4 million times per day – was hit by a supply chain attack that stole credentials from everything it touched.
The malware slipped in through a dependency, harvesting environment variables, SSH keys, cloud credentials, Kubernetes tokens, and database passwords. Research scientist Callum McMahon of FutureSearch discovered it when the malware caused his machine to crash – ironically, due to a bug in the malicious code itself. McMahon and AI researcher Andrej Karpathy concluded the malware was likely "vibe coded," given its sloppy execution.
Here's where it gets uncomfortable: LiteLLM proudly displays SOC 2 and ISO 27001 security certifications on its website. Those certifications were obtained through Delve, the AI-powered compliance startup that was accused earlier this month of misleading customers about their true compliance conformity by allegedly generating fake data and using auditors that rubber-stamp reports. Delve has denied these allegations.
One point of nuance worth understanding: security certifications demonstrate that a company has strong security policies in place to limit the possibility of incidents. They don't automatically prevent malware from slipping through. SOC 2 covers policies surrounding software dependencies, but malware can still infiltrate.
Even so, the optics are brutal. As engineer Gergely Orosz noted on X: "Oh damn, I thought this WAS a joke... but no, LiteLLM *really* was 'Secured by Delve.'"
According to LiteLLM's security update, the compromised PyPI packages were versions 1.82.7 and 1.82.8, now removed. The company believes the compromise originated from the Trivy dependency used in their CI/CD security scanning workflow. Customers running the official LiteLLM Proxy Docker image were not impacted. LiteLLM has engaged Google's Mandiant security team for forensic analysis and is pausing new releases until the supply-chain review is complete.
The incident raises uncomfortable questions about the entire compliance-as-a-service model. When speed and automation become the selling points, what happens to the verification that makes certifications meaningful?
The Vilnius Signal: CEE's Quiet Tech Concentration
Vilnius keeps appearing in this brief for a reason. According to Go Vilnius, the city's startup ecosystem reached €15.5 billion in total value in 2025, with venture capital investment jumping 60% year-on-year to €212 million. Lithuania's national tech ecosystem hit €16.4 billion – a sixfold rise since 2020.
The numbers tell only part of the story. What makes Vilnius unusual is its retention rate: only about 5% of Vilnius-founded startups relocate their headquarters to global hubs like Berlin, London, or New York, compared to a 26% average across the CEE region. The city is proving that European companies can scale internationally without leaving.
By 2026, Vilnius anticipates 19,000 new technology and natural science professionals, complementing around 35,000 current students. University research output is increasingly translating into commercial activity, particularly in AI, data analytics, and advanced technology sectors.
This is the ecosystem that ACRIOS Systems just served with European-made hardware. It's also the kind of ecosystem that ETCI 2 is designed to fuel with growth capital.
The Numbers That Matter
- €15 billion – Size of ETCI 2, the largest fund of funds of its kind in European history (Sifted)
- €70 billion – Estimated late-stage funding gap between Europe and the US (EIF via Sifted)
- €80 billion – Potential scaleup financing unlocked by ETCI 2 (Tech Funding News)
- 10,000 – IoT data concentrators deployed by ACRIOS Systems across Vilnius in five months (Tech.eu)
- 3.4 million – Daily downloads of LiteLLM before the supply chain attack (TechCrunch)
- 5% – Vilnius-founded startups that relocate headquarters abroad, versus 26% CEE average (Go Vilnius)
- €16.4 billion – Total value of Lithuania's startup ecosystem, up 5.9x since 2020 (Startup Lithuania)
The Week Ahead
ETCI 2 roadshow begins – The EIF will be courting institutional investors across EU member states ahead of the summer first close. Watch for signals from pension funds and insurers about their appetite for venture exposure.
LiteLLM forensic review continues – Mandiant's investigation will determine the full scope of the supply chain compromise. New releases remain paused until the review is complete.
Delve response expected – The compliance startup faces mounting pressure to address the allegations in detail. Part II of the anonymous Substack investigation was promised.
The Thought That Lingers
There's a strange symmetry to this week's news. In Luxembourg, European institutions are building the financial infrastructure to keep the continent's best companies from leaving. In Vilnius, a Czech firm is proving that European hardware can win European contracts. And in San Francisco, an AI company's security certifications turned out to be worth less than the paper they weren't printed on.
The common thread is trust – and the infrastructure required to maintain it. Capital markets need trust that European companies can scale without relocating. Cities need trust that their critical infrastructure runs on reliable technology. Developers need trust that the tools they download haven't been compromised.
Building that trust takes time, consistency, and verification. It cannot be automated, vibe-coded, or rubber-stamped. The question for Europe's AI ecosystem isn't just whether it can raise the capital to compete. It's whether it can build the institutions – financial, technical, and regulatory – that make competition sustainable.
These are exactly the conversations happening at Human x AI Europe on May 19 in Vienna – where Europe's AI ecosystem gathers to work through the hard problems together.
Human×AI Daily Brief is compiled from Sifted, TechCrunch, Tech.eu, Vestbee, Tech Funding News, Go Vilnius, Startup Lithuania, LiteLLM documentation, and World Fund research. This is meant to be useful, not comprehensive.
Frequently Asked Questions
Q: What is ETCI 2 and how does it differ from the first European Tech Champions Initiative?
A: ETCI 2 is a €15 billion fund of funds launched by the European Investment Fund to back growth-stage venture capital across Europe. Unlike ETCI 1 (which raised €3.9 billion and backed 14 mega funds), ETCI 2 will support approximately 100 funds including mid-size vehicles (€300-600 million) and mega funds (€1 billion+), with individual investments up to €200 million versus the previous €60 million average.
Q: How large is Europe's late-stage funding gap compared to the US?
A: The EIF estimates Europe's late-stage funding gap at approximately €70 billion compared to the US. European Series B rounds average 20% smaller than US equivalents, and only 14.7% of European climate tech startups that raised a Seed round between 2010-2020 reached Series B, compared to 24.5% in the US.
Q: What happened in the LiteLLM supply chain attack?
A: Malware infiltrated LiteLLM versions 1.82.7 and 1.82.8 through a compromised dependency (believed to be Trivy), stealing credentials including environment variables, SSH keys, cloud provider credentials, Kubernetes tokens, and database passwords. The compromised packages have been removed from PyPI, and users of the official Docker image were not affected.
Q: What is the ACRIOS Systems deployment in Vilnius?
A: Czech firm ACRIOS Systems deployed 10,000 IoT data concentrators across Vilnius in five months, enabling remote meter reading for over 500,000 residents. Each unit services up to 800 individual meters and was shipped pre-configured, representing one of the largest IoT deployments in Central and Eastern Europe.
Q: When will ETCI 2 complete its first close?
A: The EIF plans to complete the first close of ETCI 2 by summer 2026. The EIF and European Investment Bank have already committed €1.25 billion as anchor capital, with plans to attract additional support from EU member states and institutional investors including insurers, pension funds, and commercial banks.
Q: Why does Vilnius have such a low startup relocation rate?
A: Only about 5% of Vilnius-founded startups relocate their headquarters abroad, compared to 26% across the CEE region. This is attributed to EU market access, competitive operating costs, robust digital and physical infrastructure, and a growing talent pipeline with 19,000 new technology professionals expected by 2026.