Digital sovereignty is increasingly part of conversations around cybersecurity, compliance, cloud, AI and critical digital services.
Yet for many organisations, the term remains difficult to define. Is it about where data is located? About European technology? About regulation? About cloud dependency? Or about control?
During the Cybersec Europe panel discussion “Digital sovereignty: from ambition to action”, one key message clearly stood out: digital sovereignty is above all about control.
Control over data.
Control over infrastructure.
Control over operations.
Control over technology partners.
And visibility into the dependencies across the full digital stack.
For Datacenter United, that control begins at the infrastructure layer.
More than where data is stored
Digital sovereignty is often reduced to a single question: where data is stored. That matters, but it does not capture the full picture.
It also concerns the jurisdiction data falls under, who can enforce access, who operates the infrastructure, which parties are involved in the operational layer, and how dependent an organisation is on specific technology partners.
In other words, digital sovereignty is not just about location. It is about control.
That matters even more as organisations no longer manage data solely in-house, but increasingly share it with partners, suppliers, platforms and wider ecosystems. In that setting, contractual agreements alone are not enough. Organisations also need the technical and operational ability to control who has access, what can be done with the data, and under which conditions.
Digital sovereignty is therefore not a theoretical policy topic. It is a practical issue for every organisation that relies on digital processes.
You cannot secure what you do not control
Cybersecurity and digital sovereignty are often treated as separate topics. In practice, they are closely connected.
An organisation can only build a strong security strategy when it has clear visibility into its digital environment: where systems are hosted, how data is handled, which dependencies exist and who can access critical components.
What you do not control, you cannot properly secure.
The panel also linked this to resilience. When too many critical services depend on the same external platforms or the same dominant providers, new single points of failure emerge. Digital resilience is therefore not only about technical security, but also about distribution, control and deliberate choices in the technology and infrastructure partners organisations depend on.
For organisations with critical digital processes, this is becoming increasingly important. That includes governments, healthcare institutions, financial organisations, regulated sectors and companies for which continuity, compliance and availability are essential.
Digital sovereignty does not eliminate all risks, but it helps organisations understand those risks more clearly, make dependencies more visible and take more targeted decisions.
From cloud first to cloud smart
The discussion around digital sovereignty is not a call to make everything European or to completely revise existing technology choices.
The reality is hybrid.
Organisations work with different platforms, suppliers and infrastructure layers. For some workloads, scale, flexibility and speed are decisive. For others, control, jurisdiction, auditability, latency, compliance or data sensitivity matter more.
That is why the discussion is increasingly shifting from cloud first to cloud smart.
The question is not: should everything move to the cloud, or should everything remain local?
The question is: which workload requires which level of control, sovereignty, scalability and compliance?
For some critical applications, this may mean that organisations consciously choose European providers or local infrastructure, for example when business continuity, operational control or compliance outweigh maximum standardisation or scale.
Digital sovereignty therefore mainly means making deliberate choices per workload.
European technology as a strategic choice
Choosing European technology and infrastructure is not just a symbolic decision. It is a matter of trust, compliance, and responsibility.
European solutions can help organisations reduce dependencies, manage risk more effectively, and create greater accountability across their digital stack. That accountability is not limited to data. The operational layer matters too: who runs the environment, where the teams are based, which laws apply, and how exposed critical services are to outside factors that could affect availability or control.
There is also a broader, values-driven dimension.
In Europe, privacy, data protection, and clear rules on data use are strongly emphasised. GDPR was often seen as difficult when it was first introduced, but it also helped create a framework that strengthened trust, clarity, and maturity in data processing.
A similar shift can happen around digital sovereignty. Not by treating European technology as an end in itself, but by applying it where it adds strategic value: for workloads where trust, compliance, continuity, and control are essential.
Sovereignty is built layer by layer
A fully sovereign European technology ecosystem will not emerge in one move. The digital reality is too complex for that, and existing dependencies are too significant.
The panel also made clear that full autonomy, from hardware and chips to software and cloud layers, is not a short-term reality. That does not make the ambition less relevant. It mainly means that digital sovereignty has to be built step by step.
Not by replacing everything at once.
Not by starting from one fixed technology choice.
But by determining where control is most essential.
Infrastructure is a logical starting point.
Without reliable, local and controllable infrastructure, it becomes difficult to organise the layers above it, such as cloud, applications, data and AI, in a sovereign way. Organisations that want more control over their digital dependencies need to understand what their digital environment is built on.
Digital sovereignty is built layer by layer. And the first layer is infrastructure.
The biggest obstacles are practical
Many organisations now understand why digital sovereignty matters. Yet the step towards concrete action often remains difficult.
Legacy systems, existing contracts, technical complexity, vendor lock-in and the idea that sovereign choices are by definition more expensive can hold organisations back. Often, there is also no clear starting point.
As a result, digital sovereignty too often remains stuck at policy level, while the real challenge is operational.
Which workloads are critical?
Which dependencies create risk?
Where is more control needed?
Which partners are essential?
And which infrastructure choices help build that control step by step?
Cost also plays a role. Sovereign choices may seem more expensive in the short term. But during the panel, the comparison with cybersecurity was rightly made: cybersecurity was once often seen primarily as a cost, while today it is a natural part of digital maturity.
Digital sovereignty can evolve in the same way: from additional cost to structural investment in trust, continuity and risk management.
Regulation can accelerate, if it remains executable
Regulation plays a dual role.
For organisations, new regulation can feel like an extra layer of complexity. It requires time, resources, interpretation and process changes. At the same time, regulation can also be an important accelerator.
It creates clarity.
It builds trust.
It creates momentum.
And it makes themes such as risk management, dependencies, continuity and control more concrete.
GDPR is an example of this. What was initially seen mainly as a complex obligation helped create clearer rules around data and privacy. For digital sovereignty, regulation can play a similar role, provided it remains practical, coherent and executable.
Because rules alone are not enough. Europe does not only need policy ambition. It also needs speed, pragmatism and execution power.
Europe does not simply need to catch up
The discussion around digital sovereignty is sometimes framed as if Europe mainly needs to catch up.
But perhaps that is not the right way to look at it.
Europe has its own strengths: strong regulation, a high level of maturity around privacy and compliance, a broad industrial ecosystem, critical sectors with high quality requirements and a growing awareness of digital dependencies.
In a changing geopolitical context, Europe can show that digital sovereignty does not have to remain an abstract policy concept, but can become a practically executable model for trust, collaboration and control.
The knowledge, innovation and expertise are present. The challenge is to anchor them more strongly within Europe and to build solutions that organisations can actually use.
Not only faster.
But smarter, more reliable and more controllable.
From ambition to action
Digital sovereignty cannot remain an ambition on paper. It must be translated into concrete choices around infrastructure, technology, partners, investments and collaboration.
That requires further investment in European infrastructure, open and portable solutions, and avoiding unnecessary lock-in. It requires solutions that make sovereignty practical for organisations that need to make decisions today.
No organisation can achieve digital sovereignty alone. Governments, infrastructure providers, technology companies, integrators, cloud providers, security specialists and end users all have a role to play.
For Datacenter United, there is a clear responsibility: to provide Belgian, independent infrastructure as a trusted foundation for organisations seeking more control, compliance and resilience in their digital environment.
Digital sovereignty starts with infrastructure. But it only works if we build it together: layer by layer, workload by workload, with attention to control, execution and collaboration within the European ecosystem.
Trusted infrastructure for secure, sovereign and AI-ready digital services.