The sovereignty test: who really owns Europe’s digital future
Europe and Switzerland's digital economy runs on infrastructure it doesn’t control. As AI scales across every industry, the question of sovereignty is no longer legal - it’s strategic. For Boards and executives, the test is simple: can you govern the systems that increasingly govern you?
1. The invisible dependency
Europe’s factories, hospitals, and public agencies are being powered by cloud, data and AI. Yet beneath the growth lies a quiet dependency few acknowledge.
Most of Europe’s digital infrastructure still runs on foreign-owned systems. Even when data sits in Frankfurt, London or Geneva, the code, contracts, and legal authority often sit across the Atlantic.
It’s the paradox of progress: the more Europe digitises, the more it depends on frameworks it doesn’t control. The U.S. CLOUD Act, for example, allows American authorities to demand data from U.S.-based companies, no matter where that data physically resides. The GDPR meanwhile, restricts such transfers unless governed by formal agreement. Between these two systems sits a grey zone of shared jurisdiction and strategic vulnerability.
2. The illusion of control
62% of EU companies adopted Cloud in 2025, and investment in AI infrastructure continues to rise. Governments are pushing for “trusted” or sovereign clouds, designed to keep sensitive data under European law.
According to IDC, 60% of the continent’s cloud capacity is operated by U.S. providers, and four out of five AI workloads run on non-EU infrastructure.
Localisation,storing data within national borders, doesn’t equal sovereignty if the underlying systems, encryption, and contracts remain subject to foreign law. A data centre in Paris may look European; the command chain behind it often isn’t.
3. When control defines competitiveness
Sovereignty isn’t a legal abstraction anymore. It’s becoming a measure of competitiveness.
Who controls the infrastructure controls the innovation cycle - the ability to train models, process insights, and decide how intelligence is used. In the age of AI, that control defines industrial advantage.
- Manufacturers rely on predictive systems trained on data hosted abroad.
- Banks and insurers use AI engines that analyse customer data under mixed jurisdiction.
- Healthcare networks depend on algorithms stored in clouds governed by another country’s law.
These are operating realities. And as AI systems learn, adapt, and decide, jurisdiction determines who accesses knowledge, who shapes it, and who gains from it.
4. The leadership reckoning
For Boards, sovereignty is now a governance issue with strategic, operational, and ethical dimensions.
- Few European Boards have mapped their exposure to extraterritorial data requests.
- Fewer still know which jurisdictions govern their data, AI systems or what contractual clauses apply if foreign authorities seek access.
According to EY’s 2025 Digital Risk Survey, fewer than 15% of Boards have completed a sovereignty audit.
DLA Piper found that only one in ten enterprise contracts limits disclosure under foreign law.
Because in the end, sovereignty isn’t about control over technology, it’s about control over IP, innovation and competitiveness.
The core questions are simple:
1️⃣ Who controls the data?
2️⃣ Who governs the law?
3️⃣ Who profits from the value it creates?
Boards that can’t answer these may one day find themselves governed by the systems they rely on.
5. Signal to action
Europe’s digital sovereignty debate isn’t about independence - it’s about resilience and competitiveness. As the continent invests in AI, quantum, and cloud infrastructure, it must decide not only what to build, but who gets to own the future it enables.
For executives, this begins with visibility. Mapping data flows, reviewing contracts, and aligning technology choices with jurisdictional security are now acts of strategy, not compliance.
Sovereignty begins with visibility. Every organisation runs on infrastructure, but not all of it is under its control.