The roots of technology and their impact on digital sovereignty

Technologies are the foundation of digital sovereignty. Big data, high-performance computing, cloud computing, AI and 5G are the key technologies driving the business world today, creating huge volumes of data to be processed, stored and transmitted. Moreover, cybersecurity technologies are the key enablers for data sovereignty, including crypto technologies, digital identities, cloud security and blockchain.

It is paramount that any emerging technology has safe and secure foundations if it is to be considered for adoption and implementation.

As such, cybersecurity technologies must be considered in all aspects of a digital sovereignty strategy, starting with R&D initiatives up to deployment and operations activities. However, the point is not to consider just any technology, but only those that provide enough levers in terms of trust and autonomy. This aspect is extremely important when dealing with digital sovereignty. For example, the European Commission has been quite explicit on its digital sovereignty expectations for “Europe’s ability to act independently in the digital world… in terms of both protective mechanisms and offensive tools to foster digital innovation.”[1]

There are multiple investments, funds and R&D initiatives to back up these intentions, such as Horizon 2020 or the 2030 Digital Compass, which aims to foster EU industrial and technological capacity with new policies and regulations released to protect EU interests (GDPR, European strategy for data[2]).

There have been many recent cases where the origins of a technology have influenced business decisions, leaving the adopters of such technology with no means to respond. This is one of the primary reasons to review the roots of any technology before finalizing your digital sovereignty strategy.

Let’s take the COVID-19 crisis for instance. Lockdowns, especially the one at the beginning of the crisis (March-April 2020) led to a widespread adoption of remote working. Such a sudden spike in workloads and waves of new users translated into a stress test for cloud providers, which had to adopt multiple workarounds to cope with the situation. One of these was to prioritize nearby demands based on proximity. As a result. Europe was severely impacted due its lack of capabilities and extreme dependency on cloud service providers from abroad. Even today, 70% of the cloud services delivered in Europe come from American and Chinese providers.

It is not only about the dependencies in technology itself, but it is also about the control we can exercise on those companies from abroad. We depend on a business negotiation rather than having local policies or regulations protecting our interests. In March 2020, EU Commissioner Thierry Breton sought to negotiate with Netflix to reduce its video quality to prevent network congestion in the European Union following higher demand due to COVID-19 confinement. Mr. Breton may have been successful, but in April 2021, Cédric O, France’s digital minister, was unsuccessful in convincing Apple and Google to change their operating systems to allow full Bluetooth access to France’s centralized COVID-19 contact tracing app.

Cybersecurity technologies in Europe suffer the same fate. In the 2021 Gartner Magic Quadrant for Access Management, only one vendor is based in Europe, and most are based in the US, many with Israeli roots. According to Forrester, the situation is quite the same for the Extended Detection and Response (XDR): there is only one European vendor among the 14 leading XDR providers. [3]

Digital sovereignty requires technology autonomy. Europe took a positive step in this direction with its 2030 Digital Decade’s ambition of “75 percent of European enterprises having taken up cloud computing services, big data and Artificial Intelligence.”

This is just another way of saying that European-based technologies have priority from now on. Obviously, granting priority for European technologies is not enough; such technologies must adhere to the highest standards and expectations in terms of data governance, infrastructure, legislations, functionalities, operability and innovation.

There are promising initiatives already in place such as Gaia-X, a project to connect cloud providers around Europe using open technical standards and shared data privacy and security standards, so businesses and customers can move industrial data freely within the network.

Building a secure pan-European data framework together with the adoption of trustworthy and controllable digital technologies and services may help businesses and service providers achieve their long-desired aspirations for digital sovereignty.

[1] EPCS, Rethinking Strategic Autonomy in the Digital Age, July 2019. The concept was however criticized as based on faulty assumptions. See T. Barker, Europe Can’t Win the Tech War It Just Started, Foreign Policy, 2020.

[2] A European strategy for data, European Commission, Brussels, 2020.

[3] The Forrester New Wave™: Extended Detection And Response (XDR) Providers, Q4 2021.