Cybersecurity and digital sovereignty: can Europe regain control?

Published on: 08 12 2025

Author: Pierre-Yves Hentzen

** 3 minutes

EY’s Digital Sovereignty 2025 barometer reveals a significant and growing awareness within organisations of the importance of digital sovereignty: nearly four out of five organisations believe that sovereignty is a key criterion that will become considerably more important in the future. This trend underlines a major change in the perception of the issues involved in gaining control over data, infrastructure and digital technologies.

Digital sovereignty is becoming increasingly important as a result of growing concerns about cybersecurity, data protection and geopolitical tensions. Companies are incorporating this strategic concept into their technological choices (cloud, software, partnerships) to ensure control and autonomy, thereby reducing their dependence on foreign suppliers. This development will have a major impact on the technology market, giving a boost to players who meet these requirements.

Building trust through digital autonomy

Solid digital sovereignty requires the development of solutions that are designed to meet local standards from the outset, ensuring better integration into regulatory contexts such as the NIS2 directive and the Cyber Resilience Act.

There is no trade-off between sovereignty and performance. By relying on cybersecurity solutions that have been assessed or, at the very least, certified by independent authorities such as France’s ANSSI, it is possible to have technologies that are both reliable and effective, while maintaining control over data and infrastructure. These solutions need to be simple to implement, and provide effective protection without hampering productivity, while at the same time contributing to strategic independence.

Choosing a sovereign solution means greater resilience in the face of cyber threats and guarantees data integrity, trust and autonomy in decision-making. To meet these requirements, products must not only be certified – i.e. assessed according to technical security criteria defined by standards – but also qualified by European cybersecurity agencies. Qualification goes beyond certification, because it certifies that the product meets the operational requirements identified by the authorities, that it is reliable over the long term and that it can be used in sensitive environments. If their source code is also subject to independent audits, this will detect any vulnerabilities, whether unintentional (programming errors) or deliberate (backdoors introduced for unauthorised access). This measure strengthens trust and contributes directly to the objectives of digital sovereignty.

Bringing key players together for sovereign cybersecurity

Digital sovereignty is everyone’s business. From public institutions to private companies of all sizes, everyone is affected by these issues, whether the aim is to protect data belonging to employees and citizens, or information sensitive to their activities. This requires a collective commitment to trustworthy cybersecurity solutions that will help ensure a solid and sovereign digital ecosystem. It is also necessary to find consensus between countries whose interests may sometimes diverge, with political systems and visions that differ from the objectives of the European Union.

In a market largely dominated by non-European players, a preference for local alternatives enables us not only to regain control of technologies and data, but also to assert genuine strategic autonomy in security and digital matters.

This technological choice is not just limited to safety: it also contributes to economic dynamism. Developing and adopting European solutions means supporting the digital industry and cybersecurity on a continental scale, and stimulating the creation of skilled jobs. Conversely, continuing to import US technologies on a massive scale is tantamount to indirectly financing the US digital economy, to the detriment of local capabilities.

To achieve these economic objectives and strengthen digital sovereignty, organisations already have access to a number of tools: funding for research projects, cooperation and information sharing between players, the development and adoption of common standards, and a robust regulatory framework. These are all initiatives aimed at consolidating a resilient European digital ecosystem which is capable of meeting the challenge of sovereignty while also promoting collective innovation.

Reducing this dependence also means limiting exposure to extraterritorial legislation. The American Cloud Act, for example, authorises access to data, whether private or public, even when it is stored outside the United States. This legal reality illustrates the risk of a lack of sovereignty: allowing a foreign power to have a right of access to sensitive data, even without the knowledge of its owner.

So, the main task is to create a strong collective movement that brings together all the relevant players, both public and private. Together, they will work for an independent, secure and sustainable digital Europe. Sovereignty cannot depend solely on the decisions of a few stakeholders. It requires a general, coherent and ambitious joint effort. However, the movement is already under way. Public authorities are stepping up initiatives in this direction, and on the ground, companies and their customers are expressing this need for technological independence in increasingly clear terms. By combining these actions and intentions, digital sovereignty can become a practical reality that is beneficial for Europe’s security, economy and future.