Cybersecurity and digital sovereignty: can Europe regain control?
Awareness of the importance of digital sovereignty is growing rapidly in European organizations. In the cyber security environment, choosing a sovereign solution means greater resilience to cyber attacks as well as secure data integrity, trust and decision-making autonomy.
According to the Barometer Digital Sovereignty 2025 by EY, four out of five companies already consider sovereignty to be a key criterion and this will become even more important in the future. This trend illustrates a fundamental change in the understanding of how control over data, infrastructures and digital technologies can be regained.
Digital sovereignty is increasingly coming into focus, not least due to growing concerns about cyber security, data protection and geopolitical tensions. Companies are now systematically incorporating this strategic factor into their technology decisions - be it cloud solutions, software or partnerships - in order to ensure control and independence and reduce systemic exposure to foreign providers. This development will have a lasting impact on the technology market and give a boost to those providers that meet the increasing demands for sovereignty.
Creating trust through digital autonomy
True digital sovereignty requires solutions that are aligned with local standards from the outset and fit seamlessly into regulatory frameworks such as the NIS2 Directive or the Cyber Resilience Act. The following applies: Sovereignty and efficiency are not mutually exclusive. Those who rely on European cybersecurity solutions that are approved by independent authorities such as the French ANSSI or the German BSI The technology that is tested or certified by the IT department is reliable, effective and sovereign - without having to accept a loss of control over data or infrastructure. Such solutions must be easy to implement and offer a high level of protection without compromising productivity.
Choosing a sovereign solution means greater resilience to cyberattacks as well as secured data integrity, trust and decision-making autonomy. It is not enough to simply have products certified, i.e. assessed according to technical safety criteria. They must also be assessed by European authorities qualified become. This qualification goes beyond certification: it confirms that a solution is reliable in the long term, meets operational requirements and is suitable for sensitive environments. If source codes are also checked independently, both unintended vulnerabilities and potential backdoors can be identified. This strengthens trust and contributes directly to the goals of digital sovereignty.
Pooling key players - for sovereign cyber security
Digital sovereignty requires the commitment of everyone involved. From public institutions to companies of all sizes, everyone faces the same challenges: protecting employee and citizen data as well as business-critical and sensitive information. This requires a shared commitment to trusted cybersecurity solutions that enable a sovereign, resilient digital ecosystem. Equally necessary is a consensus between states whose political systems or geopolitical interests do not always coincide with those of the European Union.
In a market that continues to be heavily dominated by non-European players, the decision in favor of local alternatives is an important step. It not only enables technological and data control to be regained, but also strengthens Europe's strategic autonomy in security and digital issues.
This technological shift has an impact on safety and strengthens the economy at the same time. The development and use of European solutions promotes the digital and cybersecurity industry across the continent and creates skilled jobs. Conversely, the continued massive import of American technologies, for example, means indirect financing of the US digital economy - at the expense of European capacities.
In order to achieve these economic goals and strengthen digital sovereignty, organizations already have numerous instruments at their disposal: Research funding, collaborations and information sharing between relevant stakeholders, the creation and use of common standards and a robust regulatory framework. All these elements contribute to building a resilient European digital ecosystem that fulfills the need for sovereignty as well as the need for collective innovation.
Reducing technological dependencies also means safeguarding against extraterritorial legislation. The US Cloud Act, for example, allows American authorities to access data - even if it is stored outside the USA. This example clearly demonstrates the risks associated with a lack of sovereignty: it allows third parties to access sensitive information - possibly even without the owner's knowledge.
A common path to an independent digital Europe
The most important task is to achieve a broad collective solidarity - between all relevant forces in the public and private sectors. Only together can we shape an independent, secure and sustainable digital Europe. Sovereignty cannot be based on the decisions of individuals, but requires broad-based, coordinated and ambitious collective action.
The change has already begun. Public institutions are driving forward corresponding initiatives, and in practice, companies and their customers are increasingly expressing a desire for technological independence. If these impulses are bundled, digital sovereignty can become a real, tangible strength - to the benefit of security, the economy and the future of Europe.
Author:
Pierre-Yves Hentzen is Chairman and CEO of Stormshield, a provider of cyber security solutions for companies, government institutions and defense agencies. www.stormshield.com
