2022: ACTIVITY REPORT OF THE CYBER SECURITY COALITION

European policymakers are increasingly focusing on digital sovereignty. This is due to the growing awareness that the European Union is highly dependent on foreign players for digital services, which makes the EU potentially vulnerable to external influences. Consequently, the EU wants to strengthen its own position and become as self-sufficient as possible in terms of digital technology.  

The war in Ukraine brought geopolitical tensions to a head and caused a clear acceleration in this notion last year. As a result, European institutions are pushing even harder to cut down digital connections with foreign – and therefore potentially unreliable – actors.

Legitimate concerns
  
Applied to the world of digital technology, this tendency is particularly evident in European legislation around data protection, with the General Data Protection Regulation (GDPR) being the best-known example. For European companies however, these regulatory initiatives have major implications. For instance, using cloud technology offered by US-based hyperscalers without concern currently entails a GDPR violation, as these companies are not compliant with the European regulation.

Vincent Dock, Senior Strategy Manager for the B2B market at Proximus: "Whilst concerns about Europe’s own digital and technological sovereignty are certainly valid, they create a lot of confusion. Companies are hesitant to migrate their sensitive data to the cloud as they would be violating GDPR regulations. They want to benefit from the advantages this technology offers but are legally not allowed to take the next step. It is like children looking at the shop window of a sweet shop and not being allowed in."

New business opportunities

This tension became evident in 2020, when the so-called Schrems II ruling was pronounced, stating that companies in breach of GDPR legislation could be effectively fined. At the time, this decision showed how technology has increasingly become a major subject of geopolitical tensions.

For European integrators, this context generates new business opportunities. "At Proximus, we are looking for ways to continue to use the public cloud for our data. As a result, we developed extensive internal expertise around using US cloud providers in a GDPR compliant way. We now want to offer this expertise to our customers and help provide a solution to resolve the dilemma that many European companies face today. Our intention is to market these solutions as of 2023."

Clear negative impact

On the downside, Dock emphasises above all the pernicious repercussions of the current situation. "The general consequence is that companies have chosen to go back to developing in-house solutions for their data, thus stopping the migration movement to the cloud. However, this goes against the global trend, and de facto causes a slowdown in technological growth. This is undeniably harmful for our European economy." 

Moreover, Dock fears that the intensification of geopolitical tensions reduces the chances of an adjustment to the current situation. "While it is absolutely right to put sovereignty at the centre of the political debate, Europe is currently confusing this aspiration with technological sovereignty. The European institutions have already indicated that they are keen to resolve the problem, but we feel that the existing structures will struggle to do so,” he concludes.  

In recent years, the European Union has been trying to strengthen its geopolitical profile. One of the concrete examples is the debate on digital and technological sovereignty, which Ursula Von der Leyen, president of the European Commission defined as “the capability that Europe must have to make its own choices, based on its own values, respecting its own rules, specifically in relation to technology.”

There now is a clear ambition to increase the EU’s autonomy in the field of technology. This is reflected in EU policy documents and strategies, but equally in the policy obligations that the Union imposes on member states and foreign actors, such as the Digital Services Act, the Digital Markets Act, the AI Act, and the Chips Act.

“The choice of the concept of sovereignty in the discourse is remarkable because it is intrinsically linked to a statecraft political imaginary, in which territoriality and national sovereignty matter. This shows that it is considered a crucial politics issue in EU circles,” clarifies Raluca Csernatoni. She is a guest professor at VUB and a fellow at Carnegie Europe, a research institute analysing European foreign and security policies, where she specialises in European security and defence as well as emerging disruptive technologies.

Policy ambitions driven by necessity

Europe’s policy ambitions are largely driven by both geo-economic and geostrategic necessity. For example, in the past two years, the EU has been struggling with a clear shortage of chips. Moreover, it is often difficult for the EU to prevent promising start-ups, especially in the scale-up phase, from being taken over by powerful, non-European players.  

By striving towards strategic autonomy in technology, the EU seeks to boost its international reputation and its industrial competitiveness. It also aims to facilitate strategic cooperation with likeminded states and to strengthen the internal innovation drive among member states. Raluca Csernatoni: “The ultimate goal is to mobilise the agendas of all actors involved. This should lead to an ignition of internal investment, boost cyber resilience across Europe and result in a reduced supply chain vulnerability. If we don't do this, the EU risks losing the technology-digital-innovation game on the world stage.” 

Compliance becomes a complex task

In reality, however, policy actions that contribute to this objective are hard to achieve. After all, Europe's clout as a policymaker is mainly focused on the single market. Therefore, instrumentalising European policies for geopolitical purposes is not easy nor self-evident. The increase in European regulations in the coming years risks leading to a legislative overstretch, making it very complex for member states and other commercial stakeholders to comply with all applicable rules.

Nevertheless, Csernatoni expects European policies to deliver results in the coming years. “I predict that this trend will certainly lead to a further build-up of existing capacity around technology, digital and cyber security issues in the coming years, including at the member state level. This stems from the realisation that the infrastructure of our digital lives needs to be further protected.”

To take this step, intermediate organisations can function as the ‘translators’ of these policies. Raluca Csernatoni sees an increasingly crucial role for the Cyber Security Coalition, for example. “After all, these platforms can explain the need for this transformation and translate it into workable products for the general public. At the end of the day, it is not about theoretical concepts, but also about how our everyday lives are shaped,” Csernatoni concludes.