Building European Digital Sovereignty

In November 2025, EU Member States gathered in Berlin for the European Summit on Digital Sovereignty and adopted a Declaration for European Digital Sovereignty. This was a significant moment – not because digital sovereignty is a new concept, but because the declaration makes explicit what has often remained unclear: digital sovereignty is about the ability to act, not about isolation or protectionism. 

For those of us in the Internet industry, this clarity is essential. It confirms that sovereignty should enable companies to innovate, compete, and operate strategically – not restrict them through rigid, one-size-fits-all requirements. In fact, the question is increasingly being raised, whether digital sovereignty is still viable as a concept, or whether it should be broken down into several different aspects.

At eco, we have long engaged with the practical dimensions of digital sovereignty. Our recent information paper, developed through dialogue with industry stakeholders at our Digital Workshop in September 2025, seeks to operationalize this complex concept. What does digital sovereignty mean in practice? How can companies assess it? And what policy frameworks support it without constraining innovation? These are the questions that matter most to businesses navigating today’s digital economy.

From concept to operational framework

The term “digital sovereignty” has evolved considerably over the past decade. In 2013, the German study “Future Paths for Digital Germany 2020” focused primarily on competence in handling IT systems – the ability to use digital media meaningfully and recognize both opportunities and risks. By 2015, the German Federal Ministry for Economic Affairs and Energy (BMWi) shifted toward “the ability to act and make decisions independently in the digital space.” More recently, the German Academy of Science and Engineering (acatech) developed a comprehensive, multi-layered model that captures the depth and diversity of digital sovereignty, defining it as “the ability of individuals, companies and policymakers to freely decide how and according to which priorities the digital transformation should be shaped.”

This progression reflects a growing recognition that digital sovereignty cannot be reduced to a single dimension. It is a framework for strategic decision-making across legal, technological, operational, and supply chain considerations. Building on acatech’s work and informed by discussions within our membership, eco has identified four key dimensions that are particularly relevant for companies assessing and implementing digital sovereignty.

Operationalizing digital sovereignty in companies

Digital sovereignty becomes meaningful when translated into practical, operational terms. These are the four specific dimensions every company should consider:

1. Legal clarity – Companies must understand the jurisdictions they operate in, assess the stability of legal frameworks, and anticipate how authorities might intervene in services or products. This is crucial for strategic decisions around licensing, contracts, and service offerings.
2. Data sovereignty and data usage – Knowing who can access data, where it is stored, and how it is processed is central. This applies to both personal and non-personal data. Questions of redundancy, localization, and access by third parties must be carefully evaluated to protect competitiveness, security, and regulatory compliance.
3. Technology design and expertise – Companies should decide whether they want to merely operate technology or also maintain and develop it. Open standards and interoperable solutions reduce technical lock-ins and allow flexibility, particularly for disruptive technologies such as AI or high-performance computing.
4. Transparent and resilient supply chains – Understanding the origin and availability of hardware and software components is essential for continuity, managing vulnerabilities, and securing business-critical operations.

These dimensions provide a practical framework, turning the abstract idea of sovereignty into actionable guidance across legal, technological, and operational areas.

Balancing flexibility and strategic choice

A key insight for companies is that sovereignty is not about imposing uniform rules. Different industries, business models, and use cases will naturally prioritize these dimensions differently. A municipal service provider may focus on data localization, while a multinational corporation may prioritize cross-border data flows and supply chain transparency.

It is also important to recognize that sovereignty in one area can sometimes conflict with objectives in another. For example, strict data localization requirements might enhance data sovereignty but could restrict operational flexibility for companies that depend on cross-border services. Companies must navigate these trade-offs carefully, based on their priorities, offerings, and strategic goals.

Effectively, digital sovereignty empowers companies to act strategically and responsibly. Policy frameworks should enable flexibility, not restrict choices. Digital sovereignty means that companies can freely select their providers and underlying business model according to their needs and use cases.

EU policy as a facilitator

The EU’s Declaration emphasizes that policy must facilitate innovation rather than constrain it. As Oliver Süme, our Chair of the Board of eco, noted in our international.eco.de: “Europe will only become sovereign if we enable innovation, strategically manage dependencies, and massively strengthen our digital infrastructures.” Investments in digital infrastructures – including data centers, cloud services, cybersecurity, and AI – are crucial. Open-source adoption, technological interoperability, and standardization are all enablers that turn policy principles into operational realities.

The declaration explicitly rejects protectionism and instead emphasizes autonomy through cooperation with global partners. Oliver Süme further explained: “Sovereignty does not arise through building walls, but from strong, competitive offerings from Europe.” I fully share this view: European companies must be free to select, operate, and further develop technologies while leveraging global collaboration.

From a policy perspective, we particularly welcome the planned amendment to Section 128 of the German Act against Restraints of Competition (GWB), which would allow considerations of digital sovereignty to be factored into public procurement decisions on a case-by-case basis. This pragmatic approach enables public authorities to assess sovereignty considerations where they are genuinely relevant, without imposing blanket restrictions.

Practical implications for companies

In practice, digital sovereignty means evaluating trade-offs between autonomy, efficiency, innovation, and compliance. It is not a fixed target but a dynamic space for decision-making. Companies must assess how legal frameworks affect operations and contracts, where and how data should be stored and processed, whether technology should be used or also developed in-house, and how supply chains can be monitored and secured.

By considering these factors, companies can maximize resilience and competitiveness while contributing to a strong, innovative European digital ecosystem.

Conclusion

Digital sovereignty is not a fixed state that can be achieved through regulation alone. It is a strategic space for decision-making – one that empowers companies to manage dependencies and act autonomously in a complex global digital economy.

For businesses, this means evaluating legal frameworks, data handling practices, technology choices, and supply chain risks in light of strategic objectives. For policymakers, it means creating frameworks that enable flexibility, support innovation, and foster a strong European digital ecosystem without imposing unnecessary constraints.

The EU’s Declaration for European Digital Sovereignty is an important step in this direction. By emphasizing capability over isolation, interoperability over lock-in, and strategic autonomy over protectionism, it provides a foundation for policies that genuinely strengthen Europe’s position in the global digital economy. The challenge moving forward will be translating these principles into practical, innovation-friendly policies that reflect the diverse needs of Europe’s digital industries.

Philipp Ehmann was born in 1982 in Stuttgart. He graduated in Political Science from the Free University of Berlin. After that he worked for members of the German Bundestag and business associations. Since 2025, he has been leading the Berlin Office and the Team Politics, Law and Regulation at eco – Association of the Internet Industry.