The Trump administration’s shift in tone and approach toward traditional allies has understandably unsettled many nations, raising doubts about U.S. reliability and concerns over dependence on American technology. Many had become used to China and Russia’s often belligerent tone, flexing their economic and military muscles, but watching the world’s most powerful nation and flag bearer of liberal democracy reach for similar tactics against its friends has certainly been a wake-up call.
Europe’s push for tech sovereignty
In Europe, calls for greater tech sovereignty – the ability to choose and act independently, autonomously, and securely – have become almost deafening. The often rather philosophical debates about strategic autonomy or sovereignty have been ongoing within deliberations on defense and energy for several years now, most prominently following Russia’s full-scale invasion of Ukraine in February 2022. However, concern about an over-reliance on China as a market, a source of goods and a supplier of critical minerals had been bubbling away years before that.
In the last year or so, this concept has visibly seeped into a whole spectrum of industrial and economic policies, digital technologies notwithstanding. Conceptual policy ideas and approaches started to take the form of specific policy proposals and initiatives, currently culminating in a line of legislative measures being put on the table. However, reducing dependencies layered over decades will not be easy. Alternative sources of critical technologies and materials will need to be found or, ideally, developed locally, which requires a complex approach cultivating the right ecosystem more conducive to technological innovation in Europe. At a minimum, it has to facilitate digital infrastructure investments, retain and attract needed talent and nurture home-grown tech companies while giving them space to scale.
US firms dominate the tech space, with profits from their international business arguably helping cement their dominance, often through investment in R&D, healthy marketing budgets, and acquisition – including of talent and emerging start-ups from around the globe, Europe not being the exemption. And it makes sound business sense for them to do so. Additionally, when it comes to tech, early movers with large investment often stay first, which presents Europe with a two-fold challenge – unleashing the competitiveness on its market without reinforcing the position of established leaders.
In this context, the US has also been quick to robustly defend its tech industry in other nations, particularly against what it views as attempts to overregulate and/or seek to narrow the trade surplus in services that the US generally enjoys. Countries or bodies like the European Union taking a leaf out of the assertive US goods trade playbook and turning it against the US in services is not appreciated in D.C and US ringfencing remains.
The technology landscape is becoming increasingly political, and US technology firms are certainly not immune to growing domestic political pressures. For example, a Microsoft representative acknowledged under oath in a French Senate inquiry that the company could not guarantee full digital sovereignty if US authorities requested access to data stored on Microsoft servers abroad, as permitted under the US CLOUD Act. It has also been reported that Microsoft cancelled services to the International Criminal Court’s chief prosecutor following the decision to open an investigation into actions by Israeli officials in Gaza, to comply with US sanctions. Rumours of backdoors for intelligence agencies (who work with tech firms) and kill switches add to the concern.
Assessing risks
But of course, it is not just the US that uses trade as a geopolitical lever. Every continent (including Europe) has countries willing or inclined to use such methods, making it essential to factor in the political risk of alternatives. Over the last year in the EU, several groups of countries have coalesced around more or less political approaches to tech sovereignty. The emphasis on operational, technical and legal control over the technology is seemingly presented as being at odds with focusing primarily on the country or origin or geographical location of the infrastructure. On the other hand, the fears of a potential kill switch being used against Europe in a confrontation further fuel the political considerations of digital sovereignty, potentially impacting the quality of evidence-based policy debate rooted in legal and technical realities.
A further challenge arises from the differing cultural and regulatory approaches to technology governance. Despite America First, the US generally prioritizes market openness and international competitiveness, whereas the EU places stronger emphasis on consumer protection, public safety, competition enforcement and now digital sovereignty. Some worry that by accepting US tech, they are forced to accept a US approach that is at odds with their own values. Digital sovereignty is gaining traction beyond political and policy circles – with civil society groups, as well as nationalist narratives, precisely because it appears conducive to enforcing a European digital rulebook providing the usual safeguards on the market. Proponents of digital sovereignty therefore tend to stress the legal jurisdiction under which the tech operates. This bears the risk of hijacking the debate and getting carried away on an ideological wave to the detriment of the European innovation ecosystem. Without maintaining reasonable openness, home-grown technologies will struggle to thrive.
Political weaponization of tech is not the only concern. The CrowdStrike outage in 2024 affected several large businesses, including those in the important aviation sector. IT systems can fail and be vulnerable to attacks. Certainly, there seems to be a steady flow of vulnerabilities that can be exploited, including zero-days. This is where the EU’s enhanced focus on ICT supply chain security comes into foreground complementing the initiatives specifically aimed at tech sovereignty. The proposed framework for identifying high-risk vendors in ICT supply chains under the revised Cybersecurity Act aims to provide a comprehensive methodology merging political, legal and technical considerations for excluding high-risk suppliers. This approach aims to increase European control and jurisdiction over critical supply chains, as well as potentially create space for the growth of European alternatives replacing excluded vendors.
In response to growing demands for national tech sovereignty and protection of local competitiveness in various regions around the world, several US tech firms have begun offering “sovereign” solutions tailored to foreign jurisdictions. While these initiatives, such as those in Europe, are intended to address concerns over data governance and operational autonomy, some analysts note that such models may still rely heavily on US-based infrastructure, legal frameworks, and corporate oversight. Critics, including many Members of the European Parliament, call this “tech sovereignty washing”. Similar questions hang over certain domestic providers that market their services as sovereign solutions, yet continue to depend on US origin technology at the core of their platforms, creating uncertainty about the extent to which these offerings can genuinely deliver independent control.
While criticism is currently focused on the US (and China), we should also recognize that relationships between nations can shift over time. Membership in the same grouping, whether the EU, ASEAN, the African Union, or others, does not guarantee that one member might not use technological leverage against another during a dispute. Political leadership and policy priorities can change rapidly, and with them, the dynamics of trust and cooperation. Some may point to legal frameworks or contracts as reassurance, but arguably these matter little when nation states decide to use their own legal sway over their companies and those that want to operate in their market. The challenge for policymakers is to translate supportive words and sentiment on securing greater tech sovereignty and digital independence into meaningful action.
Trusted cyber defenses made in Europe
In cybersecurity, there are credible alternatives available – ESET is one strong example, though certainly not the only one. Many European firms are working hard to compete globally. Ultimately, organizations need to understand and reduce their exposure risks, adopting trusted solutions that are tailored to each case and that ensure strong compliance with strict data protection frameworks, such as the GDPR.
Across the EU, there is also a growing discussion about adapting public procurement processes and public funding schemes to favor such alternatives. Increasing the awarding of public contracts (rather than grants) could be an effective way to stimulate business growth while reducing costs for taxpayers. Switching providers should also be made easier through greater and built-in interoperability, mitigating “technical lock-ins” and easing switching costs. The European Cybersecurity Organisation (ECSO) has advocated for a dedicated industrial strategy for cybersecurity, given its strategic importance. We await the details of the European Commission’s “Tech Sovereignty Package” due at the end of May, as well as the potential revision of public procurement rules under the Public Procurement Act to see tangible, realistic and hopefully practical measures aimed at nurturing and scaling European alternatives.
Primarily, it is critical to strike the right balance between fluid political and objective technical considerations when setting out criteria defining a “made in Europe” solutions. Sovereignty should not be reduced to the geographical origin of a provider. Greater weight should be placed on objective indicators of how a solution delivers operational autonomy and legal insulation from non-EU jurisdictions. Finally, given the complexity of the challenge and the vastness of the gap that the EU aims to close, it is also necessary to be realistic about timelines and certain specific types of technologies where achieving sovereignty is unlikely for Europe in a short or even medium term. In such cases, a reasonable share of EU-made components in the final product should be a sufficient step towards incrementally increasing domestic capacity. This could be coupled with the assessment of critical functions of a product which should be based (or at least majority of them) on EU-made technology.
The private sector also has a vital role to play by considering technological sovereignty, geopolitical risk and supply chain vulnerabilities within its procurement decisions. If the private sector also aligns itself to the cause, the take-up of alternatives and stimulus would be widely felt. One risk, however, is that support becomes concentrated on just one or two national/regional firms – a mistake that could undermine the sector. Healthy competition drives lower prices, greater innovation, and reduces strategic vulnerability should any single company fail or encounter difficulties.
The geopolitical landscape has shifted significantly. A complete decoupling from US technology is neither realistic nor necessary, but the changing environment does require nations and companies to reassess their relationships and dependencies. Risks that were barely considered only a few years ago must now be recognized, understood, mainstreamed and actively mitigated.
