The idea of digital sovereignty isn’t a new one. Yet, it always seems to be at the heart of every debate around digital autonomy, rights, and ethics. Simply put, digital sovereignty is the degree of control a person, business or even a government has over the data it produces.
Digital sovereignty has many dimensions that can be interpreted in different ways, depending on the context in which it appears — business, legislation, location, politics and others. Yet there is one dimension which is more agnostic than the rest. The technological dimension. This is because the technological aspect is strictly defined by requirements, specifications and functionalities. But how autonomous are technology providers from their home countries versus the ones they operate in?
Do the origins of the technology matter? How can you be sure you have full control of every technology deployed in your environment? Let’s take a closer look.
The role of technology in sovereignty
Technologies are the foundation of digital sovereignty. Big data, high-performance computing, cloud computing, AI and 5G are the key technologies driving the business world today, creating huge volumes of data to be processed, stored and transmitted. Moreover, cybersecurity technologies are the key enablers for data sovereignty, including crypto technologies, digital identities, cloud security and blockchain.
It is paramount that any emerging technology has safe and secure foundations if it is to be considered for adoption and implementation.
As such, cybersecurity technologies must be considered in all aspects of a digital sovereignty strategy, starting with R&D initiatives up to deployment and operations activities. However, the point is not to consider just any technology, but only those that provide enough levers in terms of trust and autonomy. This aspect is extremely important when dealing with digital sovereignty. For example, the European Commission has been quite explicit on its digital sovereignty expectations for “Europe’s ability to act independently in the digital world… in terms of both protective mechanisms and offensive tools to foster digital innovation.”
There are multiple investments, funds and R&D initiatives to back up these intentions, such as Horizon 2020 or the 2030 Digital Compass, which aims to foster EU industrial and technological capacity with new policies and regulations released to protect EU interests (GDPR, European strategy for data).
Concerns about the roots of technology
There have been many recent cases where the origins of a technology have influenced business decisions, leaving the adopters of such technology with no means to respond. This is one of the primary reasons to review the roots of any technology before finalizing your digital sovereignty strategy.
Let’s take the COVID-19 crisis for instance. Lockdowns, especially the one at the beginning of the crisis (March-April 2020) led to a widespread adoption of remote working. Such a sudden spike in workloads and waves of new users translated into a stress test for cloud providers, which had to adopt multiple workarounds to cope with the situation. One of these was to prioritize nearby demands based on proximity. As a result. Europe was severely impacted due its lack of capabilities and extreme dependency on cloud service providers from abroad. Even today, 70% of the cloud services delivered in Europe come from American and Chinese providers.
It is not only about the dependencies in technology itself, but it is also about the control we can exercise on those companies from abroad. We depend on a business negotiation rather than having local policies or regulations protecting our interests. In March 2020, EU Commissioner Thierry Breton sought to negotiate with Netflix to reduce its video quality to prevent network congestion in the European Union following higher demand due to COVID-19 confinement. Mr. Breton may have been successful, but in April 2021, Cédric O, France’s digital minister, was unsuccessful in convincing Apple and Google to change their operating systems to allow full Bluetooth access to France’s centralized COVID-19 contact tracing app.
Cybersecurity technologies in Europe suffer the same fate. In the 2021 Gartner Magic Quadrant for Access Management, only one vendor is based in Europe, and most are based in the US, many with Israeli roots. According to Forrester, the situation is quite the same for the Extended Detection and Response (XDR): there is only one European vendor among the 14 leading XDR providers. 
Creating a responsible and autonomous world
Digital sovereignty requires technology autonomy. Europe took a positive step in this direction with its 2030 Digital Decade’s ambition of “75 percent of European enterprises having taken up cloud computing services, big data and Artificial Intelligence.”
This is just another way of saying that European-based technologies have priority from now on. Obviously, granting priority for European technologies is not enough; such technologies must adhere to the highest standards and expectations in terms of data governance, infrastructure, legislations, functionalities, operability and innovation.
There are promising initiatives already in place such as Gaia-X, a project to connect cloud providers around Europe using open technical standards and shared data privacy and security standards, so businesses and customers can move industrial data freely within the network.
Building a secure pan-European data framework together with the adoption of trustworthy and controllable digital technologies and services may help businesses and service providers achieve their long-desired aspirations for digital sovereignty.
 EPCS, Rethinking Strategic Autonomy in the Digital Age, July 2019. The concept was however criticized as based on faulty assumptions. See T. Barker, Europe Can’t Win the Tech War It Just Started, Foreign Policy, 2020.
About the author
Cybersecurity Global Business Development, Atos
Atos Senior Expert and member of the Scientific Community
Marc is part of the Cyber Security Global Business Development team at Atos.
His base profile is Senior IT and Information Security Consultant with extensive experience in most areas of the business, in international multicultural environments, from architecture or strategy definition, up to systems integration or operations management. Marc has played various roles during his career: as specialist, systems architect, business consultant, team lead, pre-sales, service manager…
On top of his technical profile Marc has developed and practiced multidisciplinary activities such as project management, change management, customer management, innovation management and leadership.
He is member of the Atos Scientific Community and as such he is actively involved in all aspects of Innovation and thought leadership to foresee upcoming technology disruptions and future business challenges. He is also appointed an Atos Senior Expert in Cyber Security, leading the IoT Security domain.