The Commission has presented its Tech Sovereignty Package, a series of measures to turn Europe into a leading technological force while strengthening its strategic autonomy.
On the one hand, the strategy, which was unveiled on Wednesday (3 June), involves better regulating foreign technology companies to reduce risks. On the other, it is about supporting European alternatives.
Data is power
The package comprises two legislative proposals – the Chips Act 2.0 and the Cloud and AI Development Act – plus an open-source strategy and a roadmap for digitalising Europe’s energy system.
Quoting Henna Virkkunen, the Brussels executive’s vice-president responsible for technological sovereignty, it is important for us to reduce “risky dependencies”. Indeed, there are growing concerns about vulnerabilities caused by our dependence on US technology (where there are fears of Trump flicking a ‘kill switch’ or harvesting European citizens’ data under the US Cloud Act), as well as on China (with chip supply chain disruptions last year paralysing the German automotive industry, for instance).
The Commission is keen to highlight that seeking tech sovereignty is not about seeking tech autonomy as dependencies are unavoidable.
Nicolas van Zeebroeck, Professor of Digital Economics and Strategy at the ULB and Solvay in Brussels, agrees, telling RTBF that Europe just needs “leverage” to balance out these dependencies.
Nicolas van Zeebroeck, Professor of Digital Economics and Strategy (in French):
“The real danger is being held captive, being taken hostage. That is what we want to avoid when we talk about sovereignty. It is also about being strong enough in certain areas to have leverage; a bargaining chip, so to speak. At some point, we will find ourselves stuck in a situation where we are highly dependent. And it’s not a big deal to be dependent on another country – not if in return you can say: ‘Yes, but mind you, don’t mess with me because I too have the means to do X or Y’. But that is something we’re lacking. There are few areas in which Europe is truly indispensable.”
And it is vital for Europe to find this leverage, given that we are living in a world where data is a valuable resource that is traded as a commodity, as one young Bulgarian tells BNR during a vox pop.
Vox pop (in Bulgarian):
“There is a precedent for this in our modern history, when the States launched a campaign against TikTok and, generally speaking, sought to ban it. And the agreement they reached is that TikTok will continue to exist, but part of the deal was that all data collected by TikTok would be stored exclusively on US territory. Information is a resource these days, and like any resource, it has its own value.”
Cloud cuckoo land?
Starting with cloud services, three non-European tech giants (Microsoft, Google and Amazon) currently control over 70 per cent of the European cloud market. The Commission’s strategy sets out to change this, as Borja Adsuara, an expert in digital law and technology regulation, explains to esRadio.
Borja Adsuara, Specialist in Digital Law and Technology Regulation (in Spanish):
“The aim is for data to be stored on European territory. And that can be achieved, but then the data is stored on servers belonging to foreign companies, outside Europe, which means you still do not have complete certainty that the data will remain in Europe and will not end up in those countries, or in the US or even China.”
The Cloud and AI Development Act focuses on establishing independent, secure and environmentally friendly data storage across Europe, with the aim of creating three times as many data centres over the next five to seven years. It also incorporates flagship initiatives to boost research and the creation of a ‘Eurocloud Federation’ to encourage countries to share their digital capabilities.
The Act also requires member states to carry out ‘sovereignty risk assessments’ for public procurement to ensure that highly sensitive data remains strictly on secure European cloud systems. Providers are to be assessed in terms of ownership, supply chain dependencies and vulnerability to the laws of foreign jurisdictions.
Bulgaria’s former acting minister of e-government, Georgi Sharkov, raises this latter point in an interview with BNR.
Georgi Sharkov, Bulgaria’s Former Acting Minister of e-Government (in Bulgarian):
“There is always the excuse of ‘security reasons’. For example, the so-called Cloud Act in the USA allows the US government to request – from any cloud operator – data on the activities of users of their networks or services – not only users in the USA, but throughout the world. This directly opposes the European Data Protection Regulation, the GDPR. In China, it is a different problem. There are no such official requirements there, but the Chinese government may ask companies to implant chips or other technologies that enable the extraction of data.”
In a concrete example, in late 2025, a Norwegian public transport operator conducted tests on its Chinese-made electric buses and discovered that the manufacturer had direct digital access to the vehicles’ systems, which could theoretically allow them to be disabled remotely.
There are also strict rules proposed to facilitate switching cloud providers, and big foreign tech firms will be banned from bundling their office software packages with their cloud services, a tactic often used to crowd out smaller European rivals.
Open source
Digitalcourage is a German NGO that advocates for fundamental rights, privacy and the protection of personal data. Max Hampel, a Digitalcourage campaigner, tells AMS that digital sovereignty goes beyond setting up European facsimiles of the global tech giants.
Max Hampel, Digitalcourage Campaigner (in German):
“For us, digital sovereignty does not simply mean replicating the same surveillance-intensive structures, albeit with a European logo. Rather, Europe should build public, open, and common-good-oriented digital infrastructure. Such infrastructure should be privacy-friendly, interoperable, transparent and, wherever possible, based on free software. One example of this would be the Fediverse, serving as an alternative to the social networks run by American Big Tech companies. Acceptance is fostered primarily when people perceive digital services as helpful rather than as a form of coercion. Those seeking to politically drive forward digitalisation must ensure that freedom of choice, data protection and non-digital alternatives are integral to their strategy.”
But with its Open-Source Strategy, the EU is not just promoting European ‘replicas’ of non-EU proprietary solutions across both the public and private sectors. It is a fundamentally different vision.
Open-source software is software whose source code is made publicly available, meaning that anyone can see it and use it to build their own projects. This also means that independent security experts can inspect the software, thereby ensuring that there are no security vulnerabilities or hidden spying tools.
But this transparency needs to be there at every stage of every technological process. Let’s return to Spanish digital law expert Borja Adsuara.
Borja Adsuara, Specialist in Digital Law and Technology Regulation (in Spanish):
“When you don’t have control over the entire environment and all the technology – even if certain companies and services are required to make their code open source – well, you still don’t know if there’s a backdoor through which that data is being surreptitiously transferred to another country.”
This said, investment in open-source development can only be a good thing. And such development has, albeit on a lesser scale, been going on for a while now.
A few months back, The Europeans interviewed Eugen Rochko, the young coder who founded the free open-source social media platform Mastodon in Germany in 2016. His not-for-profit has grown slowly but surely over the last decade – although there was a sudden spike in users after Elon Musk took over Twitter in 2022.
Even today, Mastodon remains relatively small, with around 15 million registered accounts and 750,000 active users (compare this to Instagram’s three billion!). When asked if he felt frustrated that Mastodon was just one of several small-scale platforms that have taken business away from X, Rochko points out that the internet was never supposed to be just a handful of large corporations. He also explains the thinking behind the Fediverse, a term mentioned by Max Hampel.
Eugen Rochko, Founder of Mastodon (in English):
“If you have a phone provider, you don’t really care if your friends are on the same one or not. And it would be wild to suggest like, everyone I know and all my family has to be on Vodafone, otherwise I cannot talk to them. But that is the situation with social media right now. Like, oh, this person’s on X, so I have to get an X account. Oh, this person’s on Instagram, oh, I have to get an Instagram account. And the vision behind the Fediverse and Mastodon is that, okay, so you have a Mastodon account and here’s a different platform called Flipboard. Oh, I can just follow Flipboard accounts and they appear in my Mastodon feed. […] I want people to make one account that they can stick with and then talk to anybody in the world that they want to talk to. And then if that platform goes bad for some reason, because inevitably platforms do go bad, you can just take your account, move to a different platform and nobody else has to move.”
Just as an aside, the Commission actually runs a so-called ‘Mastodon instance’, in other words one of the independently operated servers running the Mastodon social-networking software.
https://www.europeanspodcast.com/all-episodes/europes-anti-elon?rq=Rochko
Scaling up
European providers exist in a wide range of tech fields, adds Belgian professor Nicolas van Zeebroeck. If you are after a cloud service like the ones offered by Microsoft, Google or Amazon, there are European versions available. Office software, email solutions, social media platforms, search engines… you name it.
The problem, he says, is that they are neither robust enough nor scalable enough to handle the massive volume of European traffic.
Nicolas van Zeebroeck, Professor of Digital Economics and Strategy (in French):
“If we were to migrate all European traffic to these platforms overnight, they would collapse because they wouldn’t be able to cope with the load. So there’s a colossal investment to be made here. But you don’t make an investment if you’re not sure the demand is there. And as long as the infrastructure isn’t in place, demand is reluctant to follow because it asks: ‘Will I have the same guarantee of efficiency?’ So it’s a bit of a chicken-and-egg situation. That’s one of the problems we face. Another is uncertainty regarding whether these European versions of services are just as good, just as attractive, just as easy to use…”
So, on the scalability issue, how do we scale them up?
Nicolas van Zeebroeck, Professor of Digital Economics and Strategy (in French):
“It is public authorities that should start by banning themselves from using service providers that are not considered 100-per-cent European, and move towards solutions that are exclusively and entirely sovereign – that is to say, under the exclusive jurisdiction of Europe. In so doing, they will, in a sense, create the market. And by creating the market, little by little everyone else will follow suit. It’s a way of getting things started, but even that will take years. It’s impossible to migrate all public administrations to these new rules overnight.”
This, of course, is what the Commission’s ‘open-source first’ approach is all about. Currently, most of the bloc’s public administrations purchase a proprietary system and are subsequently forced to pay a foreign tech giant indefinitely because they are unable to transfer their data. The new strategy requires administrations to switch to European open-source alternatives so as to minimise dependence on a single supplier and also to create an independent and transparent ‘technology stack’ – in layman’s terms, the collection of tools used to build and run a digital product.
Final two areas
To complete our tour of the Tech Sovereignty Package, we also have the Chips Act 2.0, a regulatory initiative aimed at securing the supply chains for cutting-edge semiconductors within the EU, specifically those needed to power high-performance computing and AI. The EU currently produces only 10.5 per cent of its chips and aims to up this to 20 per cent by 2030.
And finally there is the roadmap for digitalisation and the inclusion of AI in the energy sector. This requires tripartite agreements between data-centre operators, local energy companies and the state to prevent massive data centres from overwhelming the power grid.
So, Brussels is – as ever – busy regulating. And so it should be, says Borja Adsuara, as this is really where the EU leads the field.
Borja Adsuara, Specialist in Digital Law and Technology Regulation (in Spanish):
“Well, our main strength […] lies in regulation. And I believe we need to stand up for it and stop parroting the line that regulation is an obstacle to innovation, and so on. No. Regulation – and this is all regulation, not just in technology – is precisely what guarantees citizens’ freedom and fundamental rights. Which makes it our greatest strength. That’s not to say we don’t sometimes go too far and end up with over-regulation that becomes a straitjacket. But the solution isn’t to scrap regulation, because then it would be the law of the jungle and the strongest would always win. And we must protect the weakest or the most vulnerable. This is what the law does. Clearly, what the major players that dominate technology want – which is why they are exerting pressure – is to remove all regulation so that they can do as they please.”
ADD ESRADIO LINK
The Commission’s proposals will now be sent to national governments and the European Parliament with a view to hammering out a final version.
