With the fast succession of crises and tensions, the issue of digital sovereignty is back in the spotlight, which is also an opportunity for Europeans to realize both their lack of preparation and the limited number of sovereign alternatives to major foreign suppliers, particularly American ones.
I have no desire to engage in speculation on the subject, but this is a good opportunity to try a dystopian approach and imagine one of the possible futures, after having done the same for free Chinese AI (What if China made AI free of charge: chronicle of a global shift) and the disappearance of work caused by AI (2035: AI does everything and there are no more jobs).
In short:
- A series of geopolitical and technological crises has revealed the European institutions’ heavy dependence on foreign technologies, particularly those from the US, reigniting the debate on digital sovereignty.
- From 2025 onwards, concrete measures are taken to limit this dependence: data localization laws, support for national clouds, and migration to open source solutions, despite a wide range of preparedness among states.
- Between 2029 and 2035, digital sovereignty becomes an institutionalized norm, leading to a restructuring of technology markets around regional spheres of influence and a reduction in the dominance of GAFAM.
- The period 2036-2045 sees the emergence of an economy fragmented into regional digital ecosystems, with increased costs for businesses but also better local control over data and infrastructure.
- After 2046, distributed governance of cyberspace is established, based on cooperation between sovereign zones, transforming the internet into a network of interconnected but autonomous systems.
Step 1: Convergence of crises
In the early 2020s, geopolitical tensions, recurring cyberattacks, and growing dependence on foreign digital infrastructure served as a catalyst for a rethinking of globalized integration models, and not just in the digital realm. The SolarWinds hack, disinformation campaigns during elections, supply chain disruptions during the COVID-19 pandemic, and then the war in Ukraine highlighted the weakness that not only interdependencies but also dependencies can represent.
In February 2025, a turning point was reached with the suspension of the Microsoft account of an International Criminal Court (ICC) prosecutor, Karim Khan, after a warrant was issued against senior Israeli officials. The measure was immediately seen as an indirect consequence of US sanctions against him and had the merit of highlighting the dependence of foreign institutions on US technology platforms. This unilateral decision caused an outcry in several European capitals and raised questions about the sovereignty of international institutions based in Europe.
The political reaction was swift. In June 2025, Denmark announced a plan to phase out Microsoft tools in its ministries and local authorities. In the fall, several Danish cities, including Copenhagen and Aarhus, decided to migrate to open-source alternatives such as LibreOffice and Nextcloud, citing budgetary, technical, and geopolitical reasons.
The signal was clear: the continuity of public services should no longer depend on a player subject to foreign interests. Europe, in particular, has finally realized its extreme dependence on American technology.
Its administrations, businesses, and even hospitals relied heavily on American solutions: operating systems, office software, cloud infrastructure, cybersecurity services, search engines, and communication platforms. This situation created a double risk: on the one hand, vulnerability to foreign political decisions and, on the other, an inability to effectively protect sensitive data.
It was in this context that several countries, starting with China, Russia, India, and the European Union, began strategies to regain control of their data and infrastructure. The idea of “digital sovereignty”, previously confined to expert circles, became a topic of public debate.
Stage 2: Initial barriers, initial effects (2025-2028)
The first measures took the form of data localization laws, massive subsidies to build national clouds, and increasing restrictions on foreign investment in sensitive technologies. Large US companies were forced to relocate or segment their services in order to continue operating in certain markets.
The European Union, through initiatives such as Gaia-X and the Digital Markets Act, attempted to reduce its dependence, but with only limited success due to a very uneven level of preparedness among member states, a fragmented digital industrial fabric, and a lack of maturity in managing these issues. Many administrations had neither a precise inventory of their digital service providers nor a continuity plan in the event of disruption. This lack of preparation resulted in delays in implementation and technical choices often dictated by urgency.
For large businesses operating on several continents, digital sovereignty has been a major challenge. They have had to adapt their IT architectures to conflicting regulations, segment their data flows, and audit their subcontractors. Compliance costs have skyrocketed, particularly in the banking, pharmaceutical, and online services sectors.
Groups such as Airbus, Sanofi, and BNP Paribas have had to set up dedicated units to manage “digital fragmentation”. This inward turn has led to an explosion in additional costs and fragmentation of technical standards. Developers have had to adapt their products to increasingly siloed environments.
In education, research, and finance, systems began to diverge between “zones of influence“.
Some European businesses benefited from this redistribution: cybersecurity providers, data centers, and open source software, but in the short term, global competitiveness suffered from this transition.
Stage 3: Mandatory standardization (2029-2035)
Faced with rising cyber threats and fears of “forced disconnection”, governments have gradually institutionalized digital sovereignty as a regulatory or even constitutional norm.
Equivalents of the GDPR have emerged on every continent, with sovereignty as a cardinal principle: auditability of algorithms, control of cross-border data flows, and independence of critical software.
Regional technology alliances have formed by geographical area of influence: ASEAN Tech Bloc, Latin American Digital Alliance, African Digital Pact. These groupings have made it possible to pool certain capabilities while maintaining local control.
The GAFAM, meanwhile, have seen their influence wane. Under growing regulatory pressure, they have had to revise their business models, which were often based on data centralization and platform dominance. Certain markets, such as the public cloud, office automation tools, and authentication systems, have partially escaped them in favor of local players or public-private consortia. In several regions, services equivalent to Google Maps, Gmail, and Azure have been replaced by solutions designed according to the principles of sovereignty and transparency.
To continue to exist in this new environment, GAFAM has had to adapt: creating legally independent subsidiaries to operate locally, opening their architectures to third-party audits, and enforcing data and algorithm localization. Some, such as Microsoft, have attempted to reposition themselves as “sovereign infrastructure providers” for governments, with varying degrees of success depending on the location. Others, such as Meta, have seen a significant decline in their footprint outside North America, as their models are deemed incompatible with the new requirements.
The proliferation of standards and transparency requirements has limited the economies of scale that were the initial strength of these groups. Without going so far as to talk about the advent of a post-GAFAM era (far from it), their central position in the global digital ecosystem has been greatly relativized.
Stage 4: The closed ecosystem economy (2036-2045)
A veritable “digital balkanization” has taken hold. Each zone manages its own cloud, social networks, protocols, and digital identities. The cost of non-interoperability, i.e., the obligation to adapt software, services, and equipment to different standards depending on geographical location, has proved very high, particularly for international businesses. However, this cost has been partially offset by greater control over local value chains, with each region strengthening its capacity to produce, store, and secure its own data, regulate its digital flows, and control its dependencies. This drive for technological autonomy has profoundly transformed the international business world, which has reorganized itself into regional blocs that, while cooperative, remain technologically autonomous.
The economic impacts of this fragmentation have been significant. Multinationals have had to adapt their products and services to standards that are sometimes contradictory and often incompatible. Software engineering costs have risen sharply, as have investments in regulatory compliance. For example, the Siemens group has had to double its legal and technology staff dedicated to compliance, while L’Oréal reported an 18% increase in its IT operating costs between 2032 and 2035 due to the proliferation of local requirements.
The business model based on global economies of scale has given way to a regional cluster approach, with smaller but more secure markets. Amazon Web Services has seen its revenues in Europe decline by 27% over five years, offset in part by the creation of local subsidiaries under European regulation, but at the cost of a significant drop in profitability.
Governments have invested heavily in local infrastructure: regional submarine cables, sovereign clouds, and domestic 5G networks. In France, the “Infra Numérique 2040” plan has mobilized €28 billion over ten years, creating more than 120,000 jobs in data centers, networks, and public digital services. This relocation has boosted certain economies, particularly in the hardware, cybersecurity, and hosting services sectors, but it has also created imbalances: countries without a solid digital industrial base have seen their dependence on dominant regional blocs increase.
SMEs have been particularly affected by the costs of this transition: redesigning information systems, upgrading compliance tools, and training teams. A 2039 study by the European Investment Bank estimates that 41% of European tech SMEs have been forced to merge or join a public-private consortium to remain viable. Conversely, new niches have emerged for businesses capable of developing interoperable or multi-standard solutions. Companies such as NexaCloud and EthicaSec have emerged as leaders in the interoperable regional cloud and open source software audit segments.
Financial markets have reacted in different ways. While some sectors (cloud, open source, cybersecurity, software auditing) have experienced sustained growth, with market capitalizations tripling for several European players such as OVHcloud and Wallix, others have suffered from declining margins and increased regulatory uncertainty. Investors have had to redefine their valuation criteria, incorporating digital resilience and sovereignty as new valuation factors.
Access to innovation has become slower but also more secure. Technology cycles, once characterized by acceleration, have become slower but more stable and sustainable. The priority has shifted from speed to stability, security, and long-term compatibility. Businesses have preferred to invest in more durable architectures capable of withstanding fragmentation of standards and regulatory constraints. This evolution has slowed the pace of technological disruption but has strengthened the reliability and maintainability of the systems deployed. Open source software has experienced a renaissance, driven by the need for transparency and local control. AI, governed by very different legal frameworks, has developed “regional personalities.”
Citizens have gained control over their data, but at the cost of a more fragmented digital experience. Digital technology has become a local public good as well as a vector of power.
Step 5: Towards distributed governance of cyberspace (2046 and beyond)
Over time, mechanisms for inter-sovereign cooperation have emerged, modeled on environmental agreements. Treaties have defined “secure digital corridors”, emergency protocols in the event of an attack, and minimum interoperability systems.
Digital sovereignty is no longer a goal, but a dynamic balance between autonomy and cooperation. Global governance institutions, long marginalized, have regained legitimacy thanks to their role as neutral arbiters.
This new norm has transformed the very nature of the internet, which has become a set of “cooperative networks” rather than a single space. Digital technology has thus reached a form of political maturity: less fast, more resilient, more aware of its externalities.
Bottom line
The institutionalization of digital sovereignty has responded to pressing needs for security, economic justice, and citizen protection, but it has also entailed costs and slowdowns.
This standardization has accelerated the accountability of public and private actors for their technological choices. It has shifted competition from a simple race for innovation to a capacity to build sustainable ecosystems that are locally rooted but intelligently connected to each other.
Digital sovereignty as a norm is not an end in itself, but a shifting point of equilibrium, calling for adaptive governance tailored to political contexts and constant vigilance against protectionist or technocratic excesses.
Image credit: Image generated by artificial intelligence via ChatGPT (OpenAI)
