Europe's Digital Sovereignty: Is the Political Will Ever Coming?

By Tara Tarakiyee, public interest technologist and a supporter of human rights, free and open internet, and open source software.

"Europe must acquire technological sovereignty," Emmanuel Macron declared at the Sorbonne in September 2017. "We must think of Europe as a power that wants to remain sovereign in a world of three empires—the United States, China, and ourselves." His words set the tone that digital sovereignty would be a focus of Europe from that moment on. The concept gained further institutional momentum when Germany's 2020 EU Council Presidency established "digital sovereignty as a leitmotiv of European digital policy."

If we check in eight years later, we get quotes with a slightly different tone. "If it comes to digital sovereignty," admitted Claudia Plattner, head of Germany's Federal Office for Information Security, "then you have to be honest with yourself. Digital sovereignty for Germany is unreachable for the time being." Plattner speaks as a responsible security official managing current realities. "Some of the big companies, especially from the US, already have a ten-year head start," she noted.

Now this is a valid statement coming from her position, yet when European leaders let bureaucratic pragmatism set the ceiling rather than the floor, they expose a profound failure of strategic imagination. Only 16% of European tech and policy leaders believe the continent will achieve digital sovereignty within five years, according to a recent survey by Wire.

Then you look at the actions of European institutions. In 2024, while again declaring digital sovereignty a continental priority, the European Union eliminated all €27 million in Next Generation Internet (NGI) funding. The NGI program had supported 1,400+ projects over five years, with 57% offering alternatives to US platforms.

The contrast reveals Europe's lost vision. Is this the same continent that created Airbus in 1970, directly challenging Boeing's aerospace monopoly through extraordinary political coordination and massive public investment? The same Europe that built the European Space Agency, developed Global System for Mobile Communications (GSM) standards, and created CERN's World Wide Web? So how did it get here?

Europe's technological subordination didn't happen through passive colonization from American Big Tech as some recently like to claim, it resulted from decades of deliberate institutional choices that prioritized convenience over sovereignty. The most damaging pattern reveals itself in how Europe systematically underfunded its own alternatives to US tech dominance, even when these projects showed exceptional promise.

The open source funding elimination of 2024 epitomizes European priorities. Despite documented success creating viable alternatives to US platforms, the EU Commission cut Next Generation Internet funding from €27 million to €10 million while eliminating the cascade funding mechanism that supported grassroots innovation. This occurred simultaneously with the launch of the €200 billion InvestAI initiative, which shows that Europe had money for AI ambitions that would largely go to fund American hyperscalers and chip companies, but not for the foundational infrastructure to support them independently.

Germany's Sovereign Tech Fund faces similar constraints, with only €23 million in funding in 2023 against €114 million in requests, an 80% funding gap. The funding requested covers only a fraction of the actual need in the field of open digital infrastructure, and it addresses maintenance alone, not the creation of new systems. 

This perennial under-investment is more visible when you zoom in on specific alternatives. PeerTube, Europe's decentralized answer to YouTube, operates on €132,000 in NGI grants against total costs of €500,000-600,000. While YouTube generates €23+ billion annually, PeerTube survives on 0.0022% of that revenue. Mastodon, the federated social network, operates with a 10-person team funded entirely by crowdfunding. Nextcloud, the leading open source cloud platform, competes against Microsoft's €50+ billion cloud revenue with a fraction of that budget. Element (Matrix), offering secure, decentralized messaging as an alternative to WhatsApp and Slack, struggles with minimal institutional support despite superior privacy features. Jitsi, providing video conferencing capabilities during the COVID-19 pandemic when Zoom dominated headlines, received recognition but insufficient scaling investment.

Hardware sovereignty projects faced even neglect. Companies like Purism, developing the Librem line of privacy-focused laptops and phones with hardware kill switches and open-source firmware, struggled with limited European institutional support despite offering genuine alternatives to surveillance-capable Big Tech devices. Similarly, Fairphone's pioneering work in ethical, repairable smartphones, which address both digital sovereignty and environmental concerns never received sufficient scaling support from European institutions.

European governments and industry chose dependency over development. 92% of European data sits in US clouds. Over 90% of Nordic companies rely on American platforms for basic operations. Six Spanish sectors show complete dependence on US technology, including critical infrastructure like energy and banking. This dependency generates enormous profits for European intermediaries who benefit from the current system. The systems integration market, projected to reach €372 billion by 2033, depends fundamentally on managing rather than eliminating US technological relationships. Major consulting firms like Capgemini and Atos have built practices around connecting American platforms to European enterprises, creating business models that actively resist genuine sovereignty.

These firms now position themselves as digital transformation experts while deepening US dependencies. They recommend Microsoft Azure over Open alternatives, implement Salesforce rather than open CRM solutions, and migrate European organizations to US cloud platforms. Their revenue depends on complexity and vendor relationships that sovereign alternatives would eliminate.

Meanwhile, European research and funding continues to strengthen proprietary competitors. Belgium's IMEC research center, despite €1.034 billion in annual revenue and world-leading semiconductor research, sees 60% of partnerships benefit Big Tech companies. European institutions made these choices because they served immediate interests within existing market structures. Each decision seemed rational in isolation, but collectively they constructed a cage of technological dependence, and combined with a lack of political will and coherent industrial policy, we ended up here.

EuroStack: A Vision Emerges

In February 2025, the Bertelsmann Stiftung published the comprehensive "EuroStack – A European Alternative for Digital Sovereignty" report, commissioned from UCL's Francesca Bria and described by its authors as Europe's "moonshot" moment. The proposal calls for €300 billion in investment over a decade, including a €10 billion Sovereign Technology Fund to develop open-source, federated systems that could genuinely compete with US platforms.

Parallel to EuroStack, Germany has been developing its own national approach with the "Deutschland-Stack" vision. In August 2025, Schleswig-Holstein published an "Impulspapier" setting guiding principles for "sovereign, interoperable, and Europe-compatible digital infrastructure" mentioned in the federal coalition agreement. The Deutschland-Stack emphasizes open standards, transparent development, and European cooperation, representing Germany's attempt to create practical national infrastructure that aligns with broader European sovereignty goals.

The European Commission's Digital Building Blocks team has explicitly embraced EuroStack language, arguing their existing programs "can help bring EuroStack's vision of European digital sovereignty to life." Multiple Commission directorates are engaging with EuroStack submissions on procurement reform, strategic foresight, and single market strategy, representing broader institutional engagement than previous sovereignty efforts achieved.

Yet the proposal faces familiar obstacles that killed earlier initiatives. The €300 billion price tag dwarfs existing EU programs, compared  to the entire Digital Europe Programme budget of €7.5 billion over seven years.

Critics worry about repeating past failures. Competition economist Cristina Caffarra, one of EuroStack's own contributors, has previously characterized EU digital sovereignty efforts as "useless" when not backed by serious industrial policy. The same consulting firms and systems integrators that profit from US dependency are now positioning themselves as EuroStack implementers, potentially capturing and diluting the initiative.

The Buy European Trap

The make-or-break question is whether this iteration can overcome the structural forces that killed previous sovereignty initiatives. Unlike Gaia-X, which became diluted when US companies were permitted to participate, EuroStack explicitly calls for "Buy European" procurement rules and European-first policies. But implementation requires coordination between member states unwilling to pool digital capabilities, massive public investment during fiscal constraints, and confrontation with powerful European business interests that profit from current arrangements.

While "Buy European" policies appear to offer a direct path to digital sovereignty, and may even be appealing as a way to support "open" approaches, it is a dangerous shortcut and it risks creating new dependencies. Protectionist approaches often produce inferior solutions that survive through regulatory protection rather than technical merit.

The telecommunications sector offers a cautionary example. European governments spent decades protecting national champions like France Télécom, Deutsche Telekom, and Telecom Italia through procurement preferences and regulatory barriers. The result was fragmented, incompatible systems that lagged behind global standards. Only when European telecoms faced genuine competition did innovation accelerate, leading to breakthroughs like GSM that succeeded globally through technical excellence rather than regulatory protection.

More fundamentally, protectionist approaches contradict the open standards and interoperability that make genuine digital sovereignty possible. True sovereignty emerges from systems that resist control by any single actor, which should include European governments and companies. Procurement preferences that favor European vendors risk creating new forms of technological lock-in, where European organizations become dependent on European monopolists instead of American ones.

Early signals suggest familiar patterns may be emerging. National governments express enthusiasm for digital sovereignty while maintaining existing procurement practices that favor US vendors. European consulting firms tout their EuroStack expertise while continuing to recommend American platforms to clients. Industry associations support sovereignty initiatives in principle while lobbying against specific policies that might disrupt profitable dependency relationships.

The more dangerous risk is that "Buy European" becomes a substitute for the hard work of building genuinely superior alternatives. Political leaders may declare victory by mandating European procurement while European users continue seeking better foreign solutions through unofficial channels. This creates the worst of both worlds: official digital sovereignty that exists only on paper while real dependency deepens underground.

True success requires recognizing that genuine digital sovereignty cannot simply recreate Big Tech with European characteristics or rely on regulatory protection to shield inferior European alternatives. Any lasting solution must be built on open standards and interoperable architectures that prevent new monopolistic gatekeepers from emerging, whether American, European, or Chinese.

Beyond Digital Empires

Europe's approach to digital sovereignty has been fundamentally limited by imperial thinking that views technological independence as a zero-sum competition between "digital empires." Macron's original formulation of "three empires" reflects the same extractive mindset that characterizes current Big Tech dominance. Real sovereignty requires abandoning this framework in favor of collaborative networks based on shared standards and mutual benefit.

Countries across Africa, Latin America, and Asia face identical challenges of technological dependency and seek alternatives to both American and Chinese digital hegemonies. Brazil's struggles with US platform dominance mirror those of Germany. India's efforts to develop indigenous payment systems parallel European sovereign technology initiatives. African nations seeking to avoid Chinese digital colonialism through Belt and Road infrastructure projects share European concerns about technological sovereignty.

Europe's path to digital freedom requires working with the Global Majority as equal partners rather than passive markets for European solutions. This means supporting genuinely federated and open systems, rather than replacing American gatekeepers with European ones. Such collaboration requires abandoning colonial mindsets that view other continents as implementation territories for European technology. Instead of exporting European digital solutions, genuine sovereignty emerges through co-developing interoperable systems that serve local needs while maintaining global connectivity.

This approach offers strategic advantages beyond moral considerations. Network effects that currently benefit US platforms could instead support European alternatives if those alternatives serve global rather than purely European markets. A federated social network with users across six continents becomes more valuable to European users than a European-only platform competing against global US alternatives.

Protectionist "Buy European" policies would undermine this global approach by creating artificial barriers that fragment the very networks Europe needs to compete effectively. Even if procurement preferences protect European digital infrastructure and meet regulatory requirements, global users will choose platforms based on functionality, not because politicians mandate them. The result could be a "sovereign" European internet that becomes increasingly isolated and irrelevant as global digital networks evolve elsewhere.

IX's Mallory Knodel on Power Station Podcast

On a recent episode of the Power Station podcast, Mallory discusses how the internet has become central to politics, culture, and daily life, while social media companies profit from disinformation. She asks: What if we looked at the internet and social media apps not as the final arbiter of politics and culture but as a tool we can shape and control together? What if the way these platforms are built helped protect human rights and support democracy?

Mallory talks about her work with the Social Web Foundation to make this vision real by advancing the Fediverse and ActivityPub as open, community-driven alternatives that support intentional, equitable, and creative online connection.

From the Group Chat 👥 💬

This week in our Signal community, we got talking about:

Google’s new requirement that developers verify their identities even when distributing Android apps outside the Play Store. Google says this adds a “crucial layer of accountability to the ecosystem” and is designed to “protect users from malware and financial fraud,” but it raises questions about privacy, surveillance, and whether these kinds of checks are even effective in the first place, given malicious actors could just use stolen identities. Is this a step toward censorship in the West, echoing practices we usually critique elsewhere? Could the EU’s Digital Markets Act eventually weigh in on this kind of gatekeeping? And at a bigger-picture level, will this kind of behavior reignite the case for a real open-source mobile operating system? Maybe it’s time to dust off the Firefox Phone.

This Week's Links

Open Social Web

• Blacksky, built on Bluesky’s AT Protocol, shows how decentralized, open-source platforms can scale rapidly and serve communities excluded by mainstream social media. https://newpublic.substack.com/p/how-blacksky-grew-to-millions-of 
• At the first Protocols for Publishers event in New York, journalists and technologists gathered to talk about building an internet that works for news. Hosted by Unternet, Graze, and Free Our Feeds, the event focused on protocols, particularly Bluesky’s AT Protocol, as a way to give publishers more control and flexibility. https://www.niemanlab.org/2025/08/the-next-internet-for-news-publishers-gather-to-discuss-protocols-over-platforms 
• Bluesky has made the decision to block access to its service in the state of Mississippi, instead of complying with a new age assurance law, citing limited resources and privacy concerns. https://www.wired.com/story/bluesky-goes-dark-in-mississippi-age-verification

Internet Governance

• IRTF SPACERG is a proposed Internet Research Task Force (IRTF) research group focusing on protocol and system challenges in aerospace networking. It aims to develop research and standards that make space-based networks interoperable, resilient, and capable of supporting the next generation of communications beyond Earth. https://github.com/irtf-spacerg 
• ICANN is consulting on a proposed Functional Model for DNS root server system governance, created by the RSS Governance Working Group. https://www.ripe.net/about-us/news/icann-consultation-functional-model-for-root-server-system-governance 
• A new standard currently under IETF review called vCon (Virtualized Conversation) that stores the full content of a conversation could change how customer interactions are recorded and analyzed. Unlike traditional call recordings or after-call notes, vCons provide secure, portable, and queryable data that can be easily integrated into AI systems. https://telecomreseller.com/2025/08/20/frontline-group-strolid-redefining-the-contact-center-with-vcons-podcast 
• The pending Wyden–Lummis Amendment would direct the Department of Defense (DoD) to adopt secure, interoperable, and standards-based collaboration technology for communications and remote work. Sounds better than telling everyone to “get on Signal.” https://www.congress.gov/amendment/119th-congress/senate-amendment/3186/text 
• The UN Human Rights Office (OHCHR) warns that internet standards affect human rights and urges governments, companies, and standards bodies to build rights into tech design, with CDT contributing research via the IRTF. https://cdt.org/insights/implementing-recommendations-for-supporting-human-rights-in-web-standards 
• Trump’s new executive order, America by Design, promises beautiful, user-friendly federal services, but whether it works depends on execution, explains Erie Meyer, USDS co-founder. https://fedscoop.com/america-by-design-trump-executive-order 
• Venture-capital firm Andreessen Horowitz and OpenAI President Greg Brockman are among those in Silicon Valley putting more than $100 million into a network of political-action committees and organizations to advocate against strict artificial-intelligence regulations. https://www.wsj.com/politics/silicon-valley-launches-pro-ai-pacs-to-defend-industry-in-midterm-elections-287905b3 
• The Trump administration is considering imposing sanctions on European Union or member state officials responsible for implementing the Digital Services Act. https://www.reuters.com/world/us/trump-administration-weighs-sanctions-officials-implementing-eu-tech-law-sources-2025-08-26 

Digital Rights

• Implementation of the UK's Online Safety Act is giving internet users around the globe real-time proof that such laws impinge on everyone's rights to speak, read, and view freely writes EFF’s Paige Collings. https://www.theregister.com/2025/08/21/the_uk_online_safety_act 
• Microsoft temporarily locked down a building at its headquarters after protesters demanding that the company cut ties with the Israeli government managed to get inside the office of the company’s president. https://www.theverge.com/news/766324/microsoft-building-34-lockdown-protesters-brad-smith-office 
• US Customs and Border Protection has broad authority to search travelers’ phones and devices at the border, including those of American citizens. Newly released data shows that in the past three months, CBP conducted more device searches than ever before, marking a record high. https://www.wired.com/story/phone-searches-at-the-us-border-hit-a-record-high 
• In a new preprint paper, Kars Alfrink argues that “People’s Compute” offers a vision for designing AI infrastructures grounded in democratic governance, collective autonomy, and realistic power dynamics. https://osf.io/preprints/osf/uaewn_v2 
• Report from Andrew W Alexander finds that major platforms exploit legal and regulatory ambiguities around user data, showing how they mystify ownership and control to both users and investors, then transform that data into codified capital through financialization. https://journals.sagepub.com/doi/10.1177/20539517251355617 

Technology for Society

• The State Department has stalled funding for programs that help Iranians bypass government censorship, risking the collapse of widely used internet freedom tools. https://wapo.st/3UO4H1P 
• Brazil’s tech boom demonstrates that inclusivity is about more than translation: apps must use conversational Brazilian Portuguese, regional slang, and cultural nuance to truly connect with users. https://inclusivenaming.org/blog/borders-and-bridges-why-brazilian-culture-and-language-matter-in-building-inclusive-tech/?_hsmi=116060347 
• The Public Service Alliance is a nonpartisan network offering current and former public servants free and discounted services to safeguard privacy, reduce risks, and support well-being. https://thepublicservicealliance.com/join-psa 
• Google will provide a suite of artificial intelligence (AI) and cloud services to federal agencies for 47 cents each, the General Services Administration (GSA) announced Thursday. https://thehill.com/policy/technology/5463428-google-ai-cloud-services-federal 

Privacy and Security

• A dormant IPv6 feature is a backdoor for Windows attackers, security researchers warn. Enabled by default, if unused and left unchecked, it can lead to a complete domain compromise. https://cybernews.com/security/hackers-can-abuse-ipv6-to-hijack-networks 
• DOGE team members uploaded a database with the personal information of hundreds of millions of Americans to a vulnerable cloud server, according to the agency’s chief data officer. https://www.nytimes.com/2025/08/26/us/politics/doge-social-security-data.html 
• One of our favorite publications, 404 Media, reflects on the impact their journalism has had in year two, how they’ve grown, and what they aspire to accomplish in year three. https://www.404media.co/two-years-404-media-anniversary 

Upcoming Events

• Addressing Trust, Safety, and Privacy Challenges in Agentic AI. 6pm BST, Online. https://events.zoom.us/ev/Atmazb9JvApQzlelQzZiDp9fS6C-Ex_3a_OxKlgJCLtlXIm2j1-B~AiMZD5-LfVzZPpUfuqnJThAPQAGsvdbGfiM0lI8JYkm5eNMyz4ZqBTgUEw 
• Possible AIs: Institute for Speculative Technologies. October 31-November 6. Hong Kong. https://creaworld.org/possible-ais-institute-for-speculative-technologies 
• The Trusted Internet Summer School is hosted by the University of Łódź at the Faculty of Law and Administration, and is part of the third phase of a research project funded by the Internet Society Foundation, focusing on satellite connectivity and disaster relief. September 22–26, Łódź, Poland. https://www.cyber.uni.lodz.pl/en/ssigil25 
•  The 4th Annual Trust and Safety Research Conference. September 25-26, Stanford, CA. https://cyber.fsi.stanford.edu/content/trust-and-safety-research-conference-2025 

Careers and Funding Opportunities

• The Syllabus: Product Lead. Remote. https://www.the-syllabus.com/news/product-lead-job-alert 
• Google: Security Policy Manager, Government Affairs and Public Policy. Washington, DC. https://www.google.com/about/careers/applications/jobs/results/109231977302762182-security-policy-manager-government-affairs-and-public-policy?location=Washingtont%20D.C 
• ACLU:  Technology, Liberty, & Privacy Organizer. Seattle, Washington. https://aclu-wa.org/pages/technology-liberty-privacy-organizer 
• Ada Lovelace Institute: Head of EU and Global AI Governance. Brussels, Belgium (Hybrid). https://www.adalovelaceinstitute.org/job/head-of-eu-global-ai-governance 
• Free Press Unlimited:Programme Lead Safety of Journalists. Amsterdam, the Netherlands. https://www.freepressunlimited.org/en/jobs/programme-lead-safety-journalist