Europe must move beyond equating digital sovereignty with technological control and instead engage it as a lever for regional resilience and growth rooted in integrated digital, energy, and defence innovation, write Tanya Filer and Paolo Turrini.
The Franco-German-led Summit on European Digital Sovereignty took place in Berlin on 18 November 2025, presided over by President Emmanuel Macron and Chancellor Friedrich Merz. Its ambition was to strengthen Europe’s ability to build and govern independent, secure, innovation-driven digital infrastructure. Coordinated proposals on topics ranging from artificial intelligence (AI) to digital identity were launched, alongside Franco-German flagship projects including a “Sovereign AI for Public Administration” in partnership with European tech firms Mistral and SAP SE.
Yet the eclecticism of this agenda exposes a core uncertainty—Europe remains divided on what, precisely, digital sovereignty should mean and what its guiding purpose is. If these European projects are to succeed, their unifying vision needs greater clarity. Should Europe treat digital sovereignty as a project of control—aiming for a securitised digital sphere in which dependencies are limited, foreign vendors constrained, and platforms tightly governed—or as a foundation for European economic, social, and technological resilience that enables the innovations needed for long-term security and prosperity?
What is European digital sovereignty?
Digital sovereignty has risen to prominence as a term over the past decade, deployed to cover many, often contradictory, ambitions across the European Union (EU) and beyond (Heidebrecht et al, 2024). European digital sovereignty has been described as “increasingly vague” and as “ambiguous enough” to be “a projection surface for a wide variety of political demands” (Christiano and Monsees, 2025; Christakis, 2020). Even an Austrian-led Declaration on European Digital Sovereignty, presented at the Summit, declares “clarity on terminology” lacking.
Security metaphors have fed the confusion, casting digital sovereignty as a “fortress” or “safe harbour”. The prominent EuroStack report from a multiparty EU group describes “all available spaces” as “occupied by large US [United States] corporations,” leading to a failure to develop an “integrated indigenous European digital ecosystem.” The putative exercisers and beneficiaries of digital sovereignty are similarly diverse— from individual member states to the EU as a whole, and from public institutions to private organisations and citizens.
The conceptual split between the Summit co-convenors is also hard to ignore, the French seeking a centralised EU version, while Germany favours a globally integrated approach. The European Council’s call for “reinforcing sovereignty” last month emphasised “international partnerships with reliable countries,” prioritising a German approach but ultimately exposing limits to consensus across the two countries. France, meanwhile, called for a “Buy European” procurement policy at the Summit, to which Germany’s Digitalisation Minister, Karsten Wildberger, reportedly declined to offer support.
The trouble with control
This lack of alignment points to a deeper question about what Europe wants digital sovereignty to deliver. The one clear throughline across the various European digital sovereignty debates is European control, whether over infrastructure, code and standards, data, or platforms (Heidebrecht et al., 2024; Couture and Toupin, 2019). For the EuroStack authors, the goal is to “contain US tech corporations” and “reduce near-total dependency”. President Macron has also proposed developing European solutions “to reduce dependence on US tech giants.” While the dominance of US platforms makes its tech firms the primary object, Chinese technology is also a concern for obvious security reasons.
In infrastructure, several European states have excluded foreign vendors from 5G to retain control over critical communications networks. In code and standards, Europe is pursuing its own rules on AI transparency and algorithmic auditing. Governments increasingly mandate that sensitive public-sector and citizen data be stored and processed within the EU, while the Digital Markets Act (DMA) seeks to control the conduct of large online intermediaries.
Control matters greatly, particularly amid unpredictable global policies and shifting geopolitics. The temporary pause in US intelligence sharing with Ukraine earlier this year underscored for many Europeans the vulnerability of the Union to potential cut-offs from U. services, from weapons systems to cloud infrastructure. Investigations into facilitation of electoral interference in Europe on the Chinese-owned platform TikTok shows the damage to democracy that unchecked platforms could cause. But if managing external digital dependencies and threats forms the key objective, Europe risks drifting into defensive policymaking.
Europe has already seen how the quest for control as an end, within a nebulous digital sovereignty debate, can lead to expensive, directionless efforts. Gaia-X, the European cloud computing infrastructure project, is acknowledged as a failure. As its former chief executive, Francesco Bonfiglio, described “Everybody was projecting into Gaia-X their own, at times very different, hopes on how Europe can regain digital sovereignty,” leaving the project in a digital policy silo, divorced from the practical needs of key industries.
Channelling digital sovereignty for European resilience
Digital sovereignty is unlikely to shed its security-centricity any time soon. But genuine resilience—the capacity to absorb and adapt to major shocks and stresses, from war to climate impacts to economic volatility—requires more than control alone. As Cambridge researchers have discussed in relation to the UK, it requires the strategic capacity to shape how digital and emerging technologies are developed and used, balancing domestic capability-building and competitiveness with international partnerships, necessary dependencies, and access to global innovation. European initiatives such as InvestAI nod in this direction. Attempts to fully exclude US tech giants—who together service nearly 70% of Europe’s cloud market—from European digital infrastructure may prove distracting.
As Europe confronts the prospect of near-term conflict and accelerating technological competition, it must move beyond control as its organising principle for digital policy. The ability to make strategic digital choices is a building block for broader economic, social, and climate resilience that, as we argue elsewhere, must be designed and financed, in concert and at speed, as part of the full triad underpinning modern resilience: advanced digital technologies; low-carbon energy systems and industrial capacity; and defence-related innovation.
The Baltic states—facing the most acute threat of Russian aggression—have been the earliest in Europe to put into practice this integrated approach; their successful navigation of disconnection from the Russian and Belarusian grids this year, underpinned by innovative grid management and cybersecurity, is one example of how Europe can integrate cybersecurity capabilities, digital tools, regulatory alignment, and geoeconomic strategy into a single resilience agenda. The approach requires considerable policy coordination (if not re-organisation) and a vision of collective resilience combining technology, policy, cultural, and behavioural choices. Elsewhere in Europe the need has been acknowledged but the path to operationalisation looks long.
The Digital Sovereignty Taskforce, launched at the Franco-German Summit to develop and promote clearer definitions, should keep in mind that if Europe is to thrive in an era of geopolitical risk and technological upheaval, digital sovereignty can neither stand as an end in itself nor be developed at a distance from the demands of strategic economic sectors. Any useful interpretation of European digital sovereignty must understand it as in service of regional resilience and hence a safer world.
The views and opinions expressed in this post are those of the author(s) and not necessarily those of the Bennett Institute for Public Policy.
