Europe’s Push for Digital Sovereignty: Opportunities and Challenges Ahead

Last month’s summit in Berlin on “European Digital Sovereignty” gathered +900 policymakers, industry leaders, investors and researchers from the 27 EU Member States. Initiated by France and Germany, measures were presented aimed at fostering innovative solutions and infrastructures while reducing technological dependencies and protecting strategic assets.

The summit served as an important platform to coordinate and leverage private sector investments by European tech leaders. At the summit, French and German companies pledged more than 12 billion Euro of investments to support the following 7 areas in which the EU has to (re)build its digital sovereignty going-forward;

- Simplification: a simpler, innovation-friendly and competitive EU regulatory framework.

- Fairer Digital Markets: more competitive regulatory conditions, e.g. for the (qualitative) designation of cloud hyper-scalers.

- Data Sovereignty: the highest protection standards for the most sensitive data, taking into account the effects of non-EU extraterritorial legislation, and the mandatory usage of privacy-enhancing technologies.

- Digital commons: the development of “digital commons” by founding EDIC (European digital infrastructure consortium).

- Digital Public Infrastructure for public administration: the development of the EUDI Wallet, providing a safe and reliable digital identification for European citizens.

- Digital Sovereignty Task Force work on a common definition of a European digital service and develop sovereignty indicators such as cloud services, artificial intelligence, and cybersecurity.

- Frontier AI: breakthrough innovation at world-class level in this field.

Just a few days later into November, but then in Porto – at the very moment that the Cloudflare outage incident was yet another reminder that the digital foundations of Europe’s society and economy remain largely controlled from abroad - it seemed like the whole discussion on European Digital Sovereignty came to a definite inflection point.

“Gaia-X” - a Brussels-based industry association bringing together European enterprises, technology vendors, cloud providers, standards bodies, and public sector institutions - held its own summit, where executives and governments argued that Europe finally has the technical foundations to sovereign data sharing. “All it needs now is the political will, economic models, and global partnerships to make it work at scale. Because, while conceptual momentum is strong, adoption remains thin on the ground.”

To help change that, Gaia-X released its first multi-provider catalogue: 600 services from 15 providers aligned to four security and sovereignty levels. And Gaia-X reiterated its near-term growth target: 1,000 services by the end of the year, scaling to 3,000 afterwards.

The top tier of the catalogue – Gaia-X Label Level 3 – is designed for maximum sensitivity use cases such as aerospace, energy, and national infrastructure workloads. Level 3 services can only be delivered by providers that have their headquarters in Europe, ensuring they are not subject to extraterritorial laws like the US Cloud Act. EDF’s nuclear station program for example, illustrates this demand: its data space is “requesting the highest level of security… the Gaia-X label level three.

Overall, the message at the Porto summit was that Gaia-X is not trying to reinvent the cloud. Rather it’s trying to standardize trust, compliance, and verifiability in a market dominated by providers whose legal obligations don’t always align with European sovereignty requirements. And that sovereignty is becoming programmable through labels, identity rules, compliance automation, and clearing houses. Hyper-scalers remain essential, but they are no longer sufficient for high-risk workloads. AI governance is elevating data integrity and traceability to strategic priorities. Economic models for data spaces must be planned upfront, not retrofitted. And geopolitics has entered the IT architecture stack in a way organizations can no longer ignore.

So much for the constructive part of the two recent summits. But let’s also face that there is certainly work to be done, and skepticism by analyst-experts to be tackled.

First of all, Big Tech was not invited to the sovereignty summit. And yet, it remained omnipresent, because many “sovereign” solutions run on cloud services provided by Silicon Valley hyperscalers. SAP for example just expanded its collabroation with Amazon’s AWS for its “Sovereign Cloud capabilities”. SAP also announced sovereign solutions on the Delos Cloud and yet Delos itself is built on Microsoft Azure’s infrastructure. Silicon Valley players have long adopted the sovereignty jargon and are marketing products like the Microsoft/Google/AWS “Sovereign Cloud” since 2022. Just days before the Berlin summit event, Google hosted its own “Digital Sovereignty Summit” in Munich and announced to spend €5,5 billion on the construction of data centers in Germany. While politicians welcomed the investment, experts warn that these infrastructures will make it harder to disengage later on. Big Tech is selling “Sovereignty-as-a-Service”, using the calls for more sovereignty to boost its own products.

The “Center for Data Innovation” (https://datainnovation.org/) called the summit’s push even “pure and simple protectionism.” According to them, prioritising European firms over global competition may further widen Europe’s technological and productivity gap. They argue that duplicating existing technologies (instead of using the best globally available) could hinder, rather than help, growth and innovation.

Other commentators noted a cautious or even contradictory approach during the summits. While open-source and small European players were given rhetorical support, the closing keynotes did not mention these initiatives explicitly. Some worry that the “innovation-first, regulation-later” mantra may still favour established large players rather than true European start-ups.

Apart from political statements, several analysts emphasised the real-world difficulties of pursuing digital sovereignty, especially when building and maintaining sovereign digital infrastructure. Some reported after the summit:

• … that establishing European-controlled cloud and data infrastructure (or “data spaces”) is costly and complex. Because indeed, it requires long-term commitment, not only in building, but also in maintaining. E.g. running a compliant data space requires organizations to maintain and support the connectors, to maintain and support Identity and Access Management (IAM), to maintain the contracts, etc. To address this, we do know that Gaia-X is working with the Paris Dauphine University to model participant roles, orchestrator responsibilities, and cost-recovery mechanisms to ensure sovereignty is engineered as a business model, not just a compliance posture.
• … that the summits ambitions must translate into sustainable economic models, or else the project may remain symbolic rather than structural.
• … that Europe’s digital future requires not only regulation, but investment, collaboration, and strategic planning across borders, something that will test the political will, coherence, and industry readiness across many member states.

So, what will these summits really mean for Europe going forward ?

They have certainly helped to reframe “digital sovereignty” as a European strategic imperative, not a niche policy goal. High-level endorsements from leaders like Macron and Merz have raised the issue’s profile which could indeed influence upcoming regulation, procurement policies, and public investment.

But the sharp warnings show there is probably less consensus than we need. Pushing for “European preference” may come at the expense of competitiveness, speed of innovation, and interoperability with global tech. The trade-off between sovereignty and efficiency is real.

Ultimately, whether the summits ambitions succeed, will depend on implementation not on rhetoric.