09.01.26

There are terms that are used so frequently and so enthusiastically that they eventually take on an almost magical quality. “Innovation” is one of them. “Artificial Intelligence” has joined that list as well. And for some time now, another term has firmly taken its place among them: Digital sovereignty.

“Sometimes I feel we use the word ‘sovereignty’ just as readily as ‘innovation’. It sounds good, but hardly anyone asks: what does it actually mean?”

Today, hardly any political speech comes without mentioning “sovereignty.” Funding programs proudly carry the term. Strategy papers place it on page one. Even public-sector tenders now consistently demand “sovereign technologies” often without defining what that actually entails. And that is precisely the problem: we use the term without discussing its substance.

This article explores what digital sovereignty truly means beyond political buzzwords and clarifies what we should understand when we talk about it.

Sovereignty does not mean independence – it means freedom of choice

Many still equate digital sovereignty with independence from non-EU providers.

Or with open source.
Or with local hosting.
Or with national clouds.

All of these can contribute to greater sovereignty but they are not sovereignty in themselves.

Because every technological decision creates dependencies:

Anyone who introduces software depends on its release cycles.
Anyone who uses cloud services depends on the provider’s services, APIs, and pricing models.
Anyone who relies on open source depends on the maintainer teams.
Anyone who operates on-premises depends on their own expertise and staff.

So the question is not: How do we completely avoid dependencies? Total independence would neither be realistic nor sensible. The real question is: Which dependencies do we consciously accept and do we understand their consequences?

Digital sovereignty does not mean that Europe must do everything itself. It is not about developing every tool, every line of code, or every cloud from scratch. It means having freedom of choice. That freedom requires real options and therefore alternatives that are at least as good as, or better than, existing ones.

Put differently: Digital sovereignty is the ability to make informed, deliberate technological decisions not the illusion of being free from dependencies. This shifts the focus away from isolation and toward conscious control and active design.

Data residency, data sovereignty, compliance: Three terms we should no longer confuse

In many discussions, these concepts are blurred together. Time to bring clarity:

1. Data Residency

Where is my data physically located? In Germany, in the EU, or globally? This matters but on its own, it does not constitute sovereignty.

2. Data Sovereignty

Who is allowed to access the data? Which laws apply? Which legal access obligations exist (e.g. the CLOUD Act)? This is critical, because even if data is stored in Germany, a non-European provider may still be legally required to grant access.

3. Compliance

Do I meet regulatory requirements (GDPR, ISO, NIS2, DORA, AI Act, etc.)? But: Compliance or data residency alone are no guarantees of sovereignty, they are merely minimum requirements. Many organizations pride themselves on being “GDPR-compliant” or “ISO-certified” while having no real control over their technological dependencies.

Compliance is the seatbelt.
Data residency is choosing the road.
Data sovereignty is the traffic law.
Digital sovereignty, however, is driving competence: The ability to consciously make decisions and control the vehicle yourself.

Sovereignty is not created by buzzwords but by awareness

Digital sovereignty is not a label you attach to a technology. It emerges where organizations are able to make informed decisions and where providers create the conditions to enable that.

Sovereignty is therefore the result of interaction between two sides: Providers who enable transparency, openness, and trust, and users who consciously make use of these possibilities.

What does this mean for companies, public administrations, and decision-makers?
1. Technology decisions must be made consciously.
2. Open source is a product – not automatically sovereign.
3. Cloud or on-premises has nothing to do with sovereignty per se.
4. Sovereignty is a strategic factor for every organization.

This means:
Sovereignty does not arise from a stamp, a label, or a hosting location. It arises from capability, knowledge, transparency, and freedom of choice.

A European path to digital sovereignty: Pragmatism instead of dogmatism

Europe does not need ideological debates between:

“Everything open source!” vs. “Everything cloud!”
“National cloud!” vs. “Hyperscalers for everything!”
“Build everything ourselves!” vs. “Outsource everything!”
All of these positions fall short.

The question is not whether we can completely avoid US technologies. Nor is it whether everything must be developed in Europe. We will continue to use US technology and that is perfectly fine. Many of these solutions are excellent, mature, and simply the best choice for certain use cases.

But something else is just as important:
We must develop powerful solutions in Europe and we must actually use them.

Only then can we strengthen our technological competitiveness, create real choices, and increase pressure on global providers to align with European requirements. As European markets increasingly adopt European technologies, a new dynamic emerges:

US providers come under pressure as they lose market share, which in turn increases political pressure in the US to create better frameworks. Competition leads to quality. Choice leads to better products. And both together lead to greater sovereignty.

Europe already has impressive technologies today: From modern cloud approaches to scalable SaaS platforms such as cidaas or cnips.

But it is equally clear: We have structural weaknesses that slow us down.

1. An ecosystem that is still maturing

We have excellent universities and courageous investors. But the tight integration of research, capital, product culture, and risk appetite found in Silicon Valley is not yet a given in Europe.

2. A large but fragmented market

On paper, the EU is a market that can rival the US. In reality, it is fragmented – linguistically, regulatorily, and culturally. This makes it harder for young and growing companies to scale across Europe.

3. Bureaucracy that slows innovation

Every government promises “cutting red tape,” yet in practice regulation continues to grow. And although many rules are intended to apply EU-wide, implementation often differs from country to country (see point 2). For companies, this means uncertainty, effort and less speed.

4. Lack of visibility

Europe has strong solutions, but too few people know about them. We must actively work to make European technology more visible in politics, among decision-makers, in tenders, and in public discourse. Without visibility, there are no real options. And without options, there is no sovereignty.

Conclusion: Digital sovereignty in Europe

We must stop using sovereignty as a label and start understanding it as a capability

Digital sovereignty is not a state, a certificate, or a political slogan. It is a competence and a mindset. It is not about building everything yourself. It is about being able to decide for yourself.

Independence at any cost leads to isolation. Dependence without awareness leads to dependency. Between these poles lies the space of true sovereignty.

And that is the space we must actively shape.