PARIS—Europe’s fractured landscape of national police and security forces has for years been an obstacle to stopping terror attacks.

The problem may have cropped up again in the failure to stop Saturday’s London terror rampage, with Italy and the U.K. contradicting each other over whether one of the assailants had been flagged as a threat to British authorities.

European governments have been working for more than a decade to push their turf-conscious police forces and intelligence agencies to work together more closely, aiming to prevent threat information from falling between the cracks. That effort has yet to produce a cross-border law-enforcement agency akin to the U.S. Federal Bureau of Investigation that can conduct its own investigations across the European Union.

Instead, the region has created a number of multilateral institutions and databases that are supposed to prevent extremists deemed security risks in one European country from moving undetected into another.

That approach, however, has left security loopholes, to the consternation of U.S. authorities. Washington has expressed exasperation with Europe’s welter of security forces and pressed its national governments to band together to fight transnational crime and terrorism. The U.S. is concerned largely because it relies heavily on Europe’s capitals to provide information about who should be on security lists, such as the U.S. “no-fly” list, EU officials say.

One of Europe’s main cross-border security tools is the Schengen Information System, a pan-European law-enforcement database that contains millions of alerts on stolen cars and documents, arrest warrants and the names of people deemed to be terror threats. The database can also call for a “discrete check,” in which a national police force is notified when the subject of an alert has been stopped elsewhere in Europe. Police across the EU have access to the database in real time.

The database’s weak point has long been that governments are under few obligations to feed it with information or to consult it in law-enforcement operations. Before the Paris attacks of 2015, that laxness produced a crucial mistake: Belgium had entered the name of Salah Abdeslam, one of the Islamic State operatives who planned the Paris attacks, in the database but gave no indication he was a suspected Islamist radical.

Hours after the attack, French police stopped Mr. Abdeslam as he drove from Paris to Belgium. They ran his name against the Schengen database and turned up the alert from Belgium, but then let him go. Mr. Abdeslam remained on the run for months before being arrested in March 2016.

That episode prompted a sharp increase in the amount of information national governments placed into the Schengen database.

They also created a special category of alert for people deemed to be suspected “foreign terrorist fighters.”

Italian authorities in March 2016 stopped Youssef Zaghba, a 22-year-old Italian citizen who was one of the assailants on London Bridge, from boarding a plane to Turkey and discovered extremist propaganda on his phone.

That episode would have been enough for some governments to place an alert in the database for him as a security risk, an EU official.

The Italians, however, didn’t do so, having dropped the investigation against him for lack of evidence.

“We don’t have strict rules” on using the database, the EU official said. “It’s a matter of human judgment.”

Italian authorities said they did flag concerns about Zaghba in bilateral contacts with Britain, but British authorities said he hadn’t been “a person of interest” before Saturday’s deadly attack.

Europe has also created Europol, an agency based in The Hague that helps coordinate multinational police investigations. It also maintains a database of “persons of interest,” which contains the names of thousands of people deemed to be threats supplied by governments across the bloc.

“Having a name in the database does not lead to an automatic alert,” a Europol spokesman said. “A EU member state has to actively cross-check a name against our database.”

The U.K. has access to the Schengen database even though it isn’t a member of the Schengen area, the region including most of Europe where border checks are largely abolished.

Whether that access will continue after the U.K. leaves the EU is likely to be one of the more sensitive points of exit negotiations.