Three years ago, no one was talking about "digital sovereignty" and now it seems the term is popping up everywhere.
This isn't a coincidence or a sudden trend, but the result of a convergence of geopolitical, legal and technological developments that have gained momentum in recent years.
What is digital sovereignty?
In essence, digital sovereignty is the degree of control a country, organization, or individual exercises over their own digital destiny. It is the ability to make independent decisions about data, software and digital infrastructure without being subject to the laws and commercial interests of external entities, which are often non-European.
Specifically, it addresses critical questions like:
- Where is my data stored? Is it stored in a data center within the EU or in the US?
- Which laws apply? Is my data protected by the European GDPR or can a foreign government demand access through laws like the US CLOUD Act?
- Who manages the software and infrastructure? Should we rely on a handful of non-European tech giants to support critical business processes?
- Do we have the knowledge and the means to develop and maintain our own infrastructure and technology?
Ultimately, digital sovereignty is a mix of technological independence and legal protection.
A Convergence of Geopolitical, Legal and Technological Forces
Digital sovereignty has surged in relevance, driven by a combination of critical events and growing public awareness.
Legal Contradictions
U.S. surveillance laws, notably the CLOUD Act and FISA Section 702, empower the U.S. government to compel American companies to hand over data, even when that data is stored in Europe. This directly conflicts with the privacy protections enshrined in the EU’s General Data Protection Regulation (GDPR).
The tension became impossible to ignore in 2020, when U.S. authorities requested personal data from Austrian privacy activist Max Schrems. The irony was palpable.
Overnight, every European organization relying on U.S. cloud services such as Microsoft 365, Google Workspace or AWS faced a stark legal dilemma: they could no longer guarantee that customer or employee data was safe from foreign government access. This forced companies to grapple with a fundamental question: Where is our data and who truly controls it?
Geopolitical Tensions and Economic Instability
In recent years, the world has entered a period of heightened instability. Intensifying U.S.–China rivalry, the war in Ukraine and growing friction between Europe, Russia, the U.S., Israel and Gaza have shown how technology can be weaponized.
Examples include:
- The U.S. ban on Huawei and export restrictions on advanced semiconductors.
- Concerns that Russia or China could cut off access to critical software or infrastructure.
- Taiwan’s role as the world’s leading producer of advanced semiconductors, now seen as a strategic vulnerability.
- Deep mistrust of companies from nations with opposing political systems or values.
Governments and businesses have concluded that overdependence on a single country or region for key technologies is a strategic liability. Strategic autonomy is no longer a luxury; it is a necessity.
The data explosion
Data has become one of the world’s most valuable economic resources. The business models of the largest tech giants rely on collecting and analyzing it at scale.
For Europe, this has been a wake-up call: despite generating enormous volumes of valuable data, much of the economic benefits flow to non-European technology giants that control the infrastructure.
This realization sparked calls to develop a sovereign European data economy. One that creates jobs, drives innovation and strengthens economic independence within the EU.
Rising Cyber Threats and New Regulations (NIS2)
Cybercrime has grown more sophisticated and state-sponsored hacking is now a persistent threat. In response, the EU introduced the NIS2 Directive to raise cybersecurity standards and improve resilience across European organizations and their supply chains.
» For a deeper dive, download our whitepaper “NIS2 Directive – The Essentials.
Why it Matters
Digital sovereignty offers compelling benefits, but it also carries certain risks. Policymakers, businesses and citizens should weigh both sides carefully.
Arguments for Digital Sovereignty
- Cybersecurity: This is the strongest argument for digital sovereignty. When data is stored and processed within the EU by European companies, it falls under the GDPR (Global Data Protection Regulation), one of the strictest privacy regimes in the world. This protects citizens and businesses from unauthorized access, misuse, and foreign espionage.
- Greater Autonomy: Heavy reliance on non-European technologies, from chips and cloud infrastructure to operating systems, creates strategic vulnerabilities. A trade boycott, export ban or sudden withdrawal of software licenses due to geopolitical tensions could cripple critical sectors such as healthcare, energy and government.
- Economic Strength: Building a robust European digital ecosystem fosters innovation, creates jobs and ensures that the economic value of European data benefits European economies.
- Legal Certainty: European companies partnering with other EU-based entities can operate within a stable, well-understood legal framework, free from the unpredictability of foreign laws and regulations that can change overnight.
Risks and
Pitfalls:
- Protectionism and Limited Choice: Overly protectionist policies risk the exclusion of world-class innovations developed outside Europe. Organizations must retain the freedom to choose the best-fit technologies, regardless of origin.
- The “Too Little, Too Late” Problem: Europe currently lags significantly in key areas such as cloud computing and semiconductor manufacturing. Achieving full digital independence in the short term may be unrealistic without significant investments and international collaboration.
Read in the next blog what the legal catch-22 of digital sovereignty is.
Digital Sovereignty: What's the Fuss About?