Share
Facebook Facebook icon Twitter Twitter icon LinkedIn LinkedIn icon Email

Geopolitics

Digital sovereignty is not choosing Washington over Beijing

Published July 3, 2026 in Geopolitics • 5 min read

Digital sovereignty in Europe remains more rhetoric than reality. Closing the gap requires industrial capacity, not just regulation.

When the Netherlands banned ASML from exporting its most advanced chip lithography machines to China, the decision exposed the limits of European digital sovereignty. The contradiction is that the EU depends on technology it does not build, legal standards it did not design, and geopolitical thresholds it does not control.

Europe imports $40bn worth of American AI chips and keeps them out of “destinations of concern,” including China. The problem begins with the concept itself. Digital sovereignty has no binding definition in EU law and no stable operational meaning. Despite its prominence in Commission communications, European Parliament briefings, and political declarations, it remains a political slogan more often than a measurable policy objective.

A working definition should begin with three elements: digital sovereignty is the capacity to freely choose diversified digital technology suppliers, rapidly develop digital capabilities in line with national and European needs, and regulate technology risks through evidence-based assessment rather than nationality-based exclusion. It also requires competition, effective oversight, and the ability to switch providers without excessive cost.

The Chinese equipment debate illustrates the problem.

By that standard, Europe falls short. More than 80% of its digital economy runs on non-EU infrastructure, while non-EU providers dominate every critical tech layer. Replacing one foreign supplier with another may change the jurisdiction of dependence. It does not create sovereignty.

The Chinese equipment debate illustrates the problem. The EU’s Cybersecurity Act 2 was presented as a tool to strengthen digital sovereignty. In practice, it restricts the companies Huawei, ZTE and other Chinese technology suppliers across 18 sectors. It removes one set of foreign providers without creating European alternatives or applying a consistent security standard to all suppliers.

The case for exclusion rests largely on interpretations of China’s 2017 National Intelligence Law, which is often cited as requiring companies to co-operate with state intelligence agencies. Yet Chinese officials and legal experts including US law firm Clifford Chance argue that the law does not authorize backdoors, spyware, or other forms of covert access to telecoms equipment. Other lawyers and tech experts have noted that the law has, however, never been tested in this area.

More importantly, the jump from theoretical risk to outright prohibition requires evidence. But none exists. Six years after the EU’s 5G Cybersecurity Toolbox was introduced, no Western government has publicly documented a case of Chinese telecoms equipment being used for state intelligence operations in a European network. Moreover, technical reviews in the UK and Germany found security flaws but no evidence of state-directed backdoors. The case for exclusion therefore rests on a potential risk rather than demonstrated misuse.

What is more, the US has far-reaching surveillance powers

That may be a legitimate political choice. But it is not a cost-free one. The CCCEU-KPMG assessment projects major losses, including €146bn (approximately $171bn) in direct replacement and reinstallation costs, €81bn ($95bn) in indirect reconstruction costs, €102bn ($119bn) in social disruption costs, and €38bn ($44bn) in legal and compliance costs over five years. These costs would fall unevenly, with Germany facing an estimated €170.8bn ($200bn), far above France at €46.3bn ($54bn) and Italy at €36.5bn ($43bn). A policy presented as European digital sovereignty would therefore widen gaps between member states, while doing little to build European technological depth.

The imbalance is even more stark in digital infrastructure. European governments and corporations run digital operations on American cloud platforms, operating systems, and artificial intelligence infrastructure. These systems are governed by laws the EU did not enact and cannot control.

What is more, the US has far-reaching surveillance powers. Under the CLOUD Act, American authorities can compel US companies to hand over data even when it is stored outside the US. The Foreign Intelligence Surveillance Act extends comparable reach for intelligence purposes. The Snowden disclosures revealed extensive US surveillance of European governments, institutions, and political leaders, including the communications of German Chancellor Angela Merkel. A subsequent investigation by the European Parliament found that these programs affected European citizens, institutions, and governments on a scale that no Chinese technology supplier has ever been accused of.

Recent US pressure makes that dependence even more visible.

The contrast is striking: Europe treats exposure to Chinese jurisdiction as a sovereignty problem, while exposure to American jurisdiction is often managed as an acceptable condition of alliance politics.

The available Western alternatives to Chinese telecoms equipment suppliers, Ericsson and Nokia, are headquartered in NATO member states fully integrated into US-led intelligence-sharing arrangements. Substituting Chinese vendors for these Nordic ones changes the nationality of the exposure, but it does not eliminate it.

Recent US pressure makes that dependence even more visible. In 2025, the US Trade Representative identified parts of Europe’s digital regulatory framework as barriers to American companies. US officials warned that tougher enforcement could affect trade relations. The episode highlighted how Europe is often willing to use regulation to curb Chinese influence but faces greater pressure when the same rules affect American companies. Put plainly, it is a double standard.

So, what is the alternative? A credible digital sovereignty agenda would use supplier diversification as an objective, not as a geopolitical sorting mechanism. Instead, it would apply the same security standards to all suppliers, focusing on performance, transparency, and accountability rather than country of origin. It would reduce dependence on any single provider by promoting interoperability and open standards. And it would ensure that data generated in Europe remains subject to European law.

Above all, it would treat digital sovereignty as an industrial project. Former Italian premier Mario Draghi’s 2024 report identified Europe’s absence of digital industrial capacity as one of its biggest economic vulnerabilities. That weakness reflects two decades during which European policy concentrated on governing what others build rather than building critical systems itself.

Europe will still need access to American and Chinese digital capabilities, including AI systems, cloud services and telecoms infrastructure.

The EuroStack initiative, a proposal to build Europe’s digital capabilities, offers a more coherent approach: using public procurement to support European digital providers, promoting open standards, and investing at the scale needed to build competitive alternatives.

Europe will still need access to American and Chinese digital capabilities, including AI systems, cloud services and telecoms infrastructure. So, its goal should be to manage that dependence on European terms while building domestic capabilities in areas of strategic importance. Regulation can help shape markets and hold suppliers to account. But it cannot, on its own, build cloud infrastructure, semiconductor capacity or advanced communications networks.

Digital sovereignty is ultimately about capability, security, and choice. Yet Europe too often uses the language of sovereignty to exclude suppliers without reducing its underlying dependence. Regulation can set rules, but it cannot build infrastructure. The digital foundations of the next decade will be built regardless. So, the question is whether Europe is a producer or merely a consumer.

Author

Sebastian Contin Trillo-Figueroa

Sebastian Contin Trillo-Figueroa

Geopolitics analyst and consultant

Sebastian Contin Trillo-Figueroa is a geopolitics analyst and consultant specializing in EU–Asia relations, Sino-European affairs, and great power competition. Drawing on more than 20 years of experience in European law, politics, and public policy, he advises public and private sector organizations on geopolitical and strategic issues. His research has appeared in publications including the South China Morning Post, China-US Focus, The Diplomat, and LSE EUROPP. Currently a researcher at the University of Hong Kong, he focuses on the EU’s role in navigating US–China relations. Contin Trillo-Figueroa holds degrees in law, commercial law, and EU law from the College of Europe.

Related

Learn Brain Circuits

Join us for daily exercises focusing on issues from team building to developing an actionable sustainability plan to personal development. Go on - they only take five minutes.
 
Read more 

Explore Leadership

What makes a great leader? Do you need charisma? How do you inspire your team? Our experts offer actionable insights through first-person narratives, behind-the-scenes interviews and The Help Desk.
 
Read more

Join Membership

Log in here to join in the conversation with the I by IMD community. Your subscription grants you access to the quarterly magazine plus daily articles, videos, podcasts and learning exercises.
 
Sign up

Log in or register to enjoy the full experience

Explore first person business intelligence from top minds curated for a global executive audience