The EU is charting a course to digital independence with the technological sovereignty package – here’s what you need to know

The European Commission has unveiled a series of measures aimed at strengthening digital sovereignty across the union, in a move that’s sparked mixed reaction from industry stakeholders.

The European technological sovereignty package will bolster the EU’s capabilities across a range of areas, including AI, cloud, open source, and semiconductor manufacturing.

Ursula von der Leyen, president of the European Commission, said the move comes in direct response to concerns over long-running reliance on foreign technology services.

“We cannot afford to depend on others for the technologies that keep our hospitals running, our energy grids stable, and our services secure,” she said.

Latest Videos From

Watch full video here:

“This is about protecting our citizens, defending our interests, and making our own choices. Europe has the talent, the research excellence, the industrial base and the Single Market. Together, we must turn these strengths into technological sovereignty.”

The technological sovereignty package will focus on four key areas, according to the Commission, and includes two legislative proposals – the Chips Act 2.0 and the Cloud and AI Development Act (CADA).

A new Open Source Strategy and a Strategic Roadmap for Digitalisation and AI in Energy is also included in the package.

The first of these is aimed at “securing the semiconductor base for Europe’s AI ambition” and will focus on building capacity for semiconductor manufacturing and investment.

The CADA legislation, meanwhile, will increase investment for research and development and improve support for data center build-outs across the region.

Notably, this legislative package will also introduce a single EU-wide framework to help organizations assess cloud and AI provider sovereignty credentials.

Jaap Templeman, head of digital business practice in the Simmons & Simmons Amsterdam office, said the package represents a “welcome and necessary boost” to the EU and “ward off a long-term technological dependence” on big tech.

“Sadly, geopolitical developments show how vulnerable transatlantic dependence can be. The strict sustainability and security framework around the development of data center, AI, and chips capabilities might appear counterproductive to improving the EU's ability to compete but is of course necessary,” he said.

Concerns over ‘trusted partner’ elements

While industry stakeholders have welcomed moves to bolster European sovereignty efforts, concerns have been raised over certain aspects of the package.

The CADA legislation outlines a series of trust tiers for cloud services used by public sector organizations. These are based on considerations such as ownership and control of infrastructure, data processing and protection, and cybersecurity.

According to the Commission, the four trust levels are:

• Level 1: where data is processed and stored in infrastructure located in the Union
• Level 2: where providers must demonstrate independence from third countries and transparency over their software supply chain
• Level 3: where providers must be owned and controlled from the EU and meet additional criteria, such as personnel citizenship. The Commission can recognize third-country providers
• Level 4: where providers have full transparency and control over their software supply chain and no interference from a third country

Essentially, this aspect of the legislation aims to bolster protection of sensitive public sector and national security-related data. Public sector organizations will be required to use services that meet the requirements of at least Level 1, for example.

More sensitive areas, such as defense, national security, or law enforcement, meanwhile, will require providers that adhere to higher tiers.

Trade groups have warned that there is potential for these requirements to limit access for foreign providers. The Computer & Communications Industry Association (CCIA) described the legislation as a “dangerous recipe for progressive market shutdown”.

“By requiring Member States to assess which use cases demand specific sovereignty levels – levels that non-EU vendors would be unable to meet by default – the CADA relies on an impractical Commission framework that no international provider could possibly satisfy,” the trade group claimed.

Open source focus welcomed

The Commission’s focus on open source is one aspect of the package that has drawn praise. Lawmakers specifically highlighted the region’s burgeoning open source community, which is now home to over three million contributors.

Under the Open Source Strategy, the Commission aims to capitalize on this growing market to accelerate the development of sovereign solutions. The Commission said it plans to “scale up” open source alternatives in areas such as cloud, AI, and cybersecurity.

“The strategy will also support greater use of open source in public administrations through procurement guidelines and practical best practice,” the Commission said. “It will encourage uptake of European solutions and support standards and interoperability, including through initiatives such as the Open Internet Stack.”

Amanda Brock, CEO of OpenUK, said the UK should take note of the Commission’s acknowledgement of open source’s potential.

"It has taken decades of work, which included many from the UK, to get the EU to the position of recognizing the role of open source in today’s strategy,” she said.

“There cannot be digital sovereignty today without open source. As Hugging Face have said, open source is the cornerstone of sovereignty. The UK, despite our policy being 15 years old, is way behind today, and we need to build the infrastructure for this,” Brock added.

“Despite the UK being Europe’s leader in open source software and AI, we still fail to recognize this in our policy.

Before adoption and entry into force, the European Commission said the package and legislative proposals will be negotiated by the European Parliament.

FOLLOW US ON SOCIAL MEDIA

Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.