European cloud, telecommunications and defence companies have renewed calls to develop digital sovereignty in response to growing uncertainty in the US. The aim is to liberate European firms from Silicon Valley’s heavy-hitters, such as Google and Microsoft, and ensure that digital infrastructure and applications located within Europe are untethered from US laws and regulations.
“Europe finds itself a quasi-colony across all layers of our critical digital infrastructure,” says Andy Yen, CEO and founder of Proton, the Swiss privacy application suite. “This almost complete dependence on non-European technologies has created security and economic risks that also hurt our growth prospects.”
The EuroStack initiative is a new set of policy proposals by academics, researchers and think tanks, which aim to reduce the EU’s dependence on US technology companies. Doing so could help solve the bloc’s tech-sovereignty problem and also make European economies more competitive.
Europe failed to understand that technology would be the driving force of the 21st century
Its mission is outlined in an open letter to the European Commission, with signatories including prominent EU businesses such as Airbus.
Europe “cannot regulate itself out of its laggard position,” the letter states. It must “become more technologically independent across all layers of its critical digital infrastructure”. These include apps and platforms, AI models, physical infrastructure, semiconductor production, data storage and connectivity.
While the EU has historically been strong on tech regulation, this has led to tensions with the new US administration. Donald Trump has threatened the EU with tariffs in response to its Digital Markets Act, for instance, which he says is “overseas extortion” of Silicon Valley firms.
Such rhetoric has helped to catalyse European efforts to achieve digital sovereignty, but the problem of Europe’s over-reliance on US and Chinese IT has been stewing for decades. Rather than investing in domestic technologies, governments and companies in Europe have historically opted for short-term cost savings, Yen explains.
“Speaking frankly, this has left the UK and Europe dependent on these foreign services – and left us economically exploited and politically neutered,” he adds. “Europe failed to understand that technology would be the driving force of the 21st century.”
Data at the core of digital sovereignty
According to Ulrich Ahle, CEO of Gaia-X, an open-source infrastructure for digital sovereignty, the central issue is storage and the jurisdictional control of data.
“US cloud and software providers are subject to extraterritorial laws, such as the Cloud Act and FISA, which allow US authorities to request access to data stored on their infrastructure, even if that data resides in Europe and belongs to European citizens or businesses,” Ahle says.
An over-reliance on tooling therefore, particularly from US companies, introduces “significant risks” for the sovereign control of data. These, he says, extend from cloud infrastructure through to common productivity tools such as Gmail, Outlook and Google Drive, which are “deeply embedded in daily operations”.
Could the UK follow in Europe’s footsteps?
The Labour government has been keen to attract investment from major international firms, including the US hyperscalers Google, AWS, Microsoft and Oracle.
But the recently adopted AI opportunities action plan, set out by Matthew Clifford, the influential technologist, specifically mentioned building sovereign compute capacity.
It’s unlikely that the UK, which already has sovereignty requirements for some public sector bodies, will abandon its current approach entirely – but there may be opportunities for increased collaboration with the EU where it makes sense, especially considering the threat of tit-for-tat trade wars from the US.
Ahle adds that this not only undermines the ability of European governments and companies to guarantee compliance with EU data-protection laws, it also raises concerns about economic and political independence.
For individuals, moving away from US software is irritating but not impossible, as explained in a recent blog post by Martijn Hols, a freelance developer. Citing fears over security and spying from US authorities, Hols published a list of his US tech dependencies and detailed the steps he took to resolve them.
While he mostly managed to switch from US-based companies to self-hosted options or European alternatives, he struggled to find a suitable alternative for Google Search and, for now, remains locked into GitHub, a code repository.
But achieving independence from US tech is more complicated for enterprises, which often have sprawling IT estates and many third-party partners, whose stacks cannot be easily audited.
How can enterprises decouple from US tech?
Decoupling doesn’t mean abandoning all US tech overnight, Ahle says. Rather, the aim is to make “strategic decisions to diversify and regain control over critical digital infrastructure and services.” The goal should be to bring autonomy to certain kinds of digital environments, so they’re compliant with local laws, values and long-term economic interests.
He advises businesses to start by mapping out their entire technology estate and marking dependencies everywhere they’re found, from infrastructure to applications. That includes cloud hosting, office tools, CRMs and communications platforms such as Microsoft Teams.
Stewart Laing, CEO of Asanti, a UK-based data centre provider, agrees that tech teams must carefully assess their organisation’s workloads and applications. Only by knowing exactly where all data lies can IT leaders begin to “understand how and when to repatriate from the cloud”. This will necessarily mean leaving hyperscale environments and instead using private or colocation facilities, where organisations can then host their own tech.
For Jacob Ideskog, CTO of Curity, a Swedish identity-management company, another concern is the use of software-as-a-service (SaaS) platforms.
“Many organisations have become deeply reliant on SaaS platforms hosted by providers in other geographical regions, from office productivity tools and cloud storage to security and identity management,” Ideskog says. “While these services offer convenience, they also introduce significant risks, whether due to shifting regulations, geopolitical tensions or unexpected service disruptions.”
When businesses lease out software from SaaS companies, they put themselves in a vulnerable position. For example, if a country levies sanctions against another, these might leave users locked out of technologies they rely on.
Building a sovereign tech stack therefore means ensuring essential functions, such as authentication, collaboration and data storage, are all under an organisation’s control.
“This doesn’t mean abandoning cloud-based services altogether, but rather making strategic decisions about which systems must be self-hosted, run on local infrastructure or diversified across multiple providers,” Ideskog says.
Lasting change requires a mindset shift
According to Ahle, UK and European firms should begin identifying and migrating towards European or open-source collaboration and file-sharing platforms that that align with EU data protection, interoperability and sovereignty standards. This will “immediately reduce jurisdictional risk” while “maintaining functionality”.
Europe finds itself a quasi-colony across all layers of our critical digital infrastructure
Organisations should also seek to build interoperability across their systems to avoid being locked into proprietary formats or ecosystems, he advises. “This can be achieved by adopting solutions based on open standards and participating in federated data spaces. These frameworks enable companies to exchange and store data securely and transparently under conditions they define, without relying on dominant providers.”
Businesses may be able to reduce their risks by committing to digital sovereignty, but lasting change will require a collective mindset shift.
For too long, Yen says, Europe and the UK have hewed towards US and Chinese companies with the “erroneous” view that these businesses “will treat us fairly – this is unrealistic”.
He continues: “European companies don’t have free access to the Chinese economy – and although there are no such laws in the US, there is a very pronounced first-mover advantage leaving British and European companies de facto locked out of the American market. If the world’s two largest markets lock out European companies, why should Europe or the UK behave fairly?”
The only way to ensure a safe and secure domestic technology ecosystem is to create the demand for it, perhaps by encouraging the purchase of locally made tech systems through public procurement, Yen says.
Doing so, he adds, may help to “reverse the short-sighted decision to procure tech from the US and China for short-term cost savings”, rather than “making the strategic choice of investing in developing European capabilities”.
European cloud, telecommunications and defence companies have renewed calls to develop digital sovereignty in response to growing uncertainty in the US. The aim is to liberate European firms from Silicon Valley's heavy-hitters, such as Google and Microsoft, and ensure that digital infrastructure and applications located within Europe are untethered from US laws and regulations.
“Europe finds itself a quasi-colony across all layers of our critical digital infrastructure,” says Andy Yen, CEO and founder of Proton, the Swiss privacy application suite. “This almost complete dependence on non-European technologies has created security and economic risks that also hurt our growth prospects.”
The EuroStack initiative is a new set of policy proposals by academics, researchers and think tanks, which aim to reduce the EU's dependence on US technology companies. Doing so could help solve the bloc's tech-sovereignty problem and also make European economies more competitive.
