Back in March 2021, leaders of four European countries wrote a joint letter to European Commission President Ursula von der Leyen making proposals for the accelerated achievement of European ‘digital sovereignty’.
“Now is the time for Europe to be digitally sovereign,” then German Chancellor Angela Merkel, Danish Prime Minister Mette Frederiksen, former Estonian Prime Minister Kaja Kallas, and former Finnish Prime Minister Sanna Marin wrote.
“We have to foster the Digital Single Market in all its dimensions where innovation can thrive and data flow freely. We need to effectively safeguard competition and market access in a data-driven world. Critical infrastructures and technologies need to become resilient and secure. It is time for the digitization of governments in order to build trust and foster digital innovation.”
Since then, the EU has established the Digital Markets Act (DMA), the Digital Services Act (DSA) and the Artificial Intelligence Act (AI Act), which collectively aim to regulate the digital economy and emerging technologies within the bloc.
Digital sovereignty goes beyond regulation to include fostering entrepreneurship and funding innovation – but the different approaches countries take are increasing competition.
What is digital sovereignty?
Digital sovereignty, cyber sovereignty, technological sovereignty and data sovereignty refer to the ability to have control over your own digital destiny – the data, hardware and software that you rely on and create.
Or, as the Centre for Africa-Europe Relations puts it: the physical layer (infrastructure, technology), the code layer (standards, rules and design) and the data layer (ownership, flows and use).
Countries generally agree on the need to foster homegrown tech industries, particularly where there are potentially significant national security consequences.
But there different approaches around the governance of these technologies and data. These varied approaches to digital sovereignty have deepened geopolitical competition between the US, China and the EU.
Digital sovereignty has become a concern for many policymakers who feel there is too much control ceded to too few places, too little choice in the tech market, and too much power in the hands of a small number of tech companies, who control massive amounts of data about their users.
Digital sovereignty in action
The EU’s General Data Protection Regulation, or GDPR, is one example of how digital sovereignty manifests in everyday life. It seeks to unify how personal data is looked after online through rules and regulations and with the threat of punitive sanctions.
Under the terms of the GDPR, any organization, no matter where it is based, must abide by a set of data management rules if it wants to trade with customers in EU countries. Those rules make it possible for individual citizens to take more control of how their data might be used. It also sets potential fines of almost $25 million for data breaches.
In more recent years, there has been growing concern in the EU around the dominance of China and the US in terms of both innovation and competition. China’s Digital Silk Road initiative aims to expand digital technologies in developing countries, challenging US dominance and raising security concerns due to the potential for surveillance and data collection.
China’s own digital sovereignty approach is set by a trio of laws: the Cybersecurity Law (CSL), Data Security Law (DSL) and Personal Information Protection Law (PIPL), the equivalent of GDPR, which jointly govern cybersecurity and data protection.
