Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Digital Sovereignty

Warning

 
Are your digital operations sovereign?

Digital Sovereignty

According to The World Economic Forum

Digital sovereignty, cyber sovereignty, technological sovereignty and data sovereignty refer to the ability to have control over your own digital destiny – the data, hardware and software that you rely on and create.

... the physical layer (infrastructure, technology), the code layer (standards, rules and design) and the data layer (ownership, flows and use).

US, Chinese and European Models

US, China & EU Models

Erosion of European Trust in US Tech

Power/Profit—Clarote & AI4Media / Better Images of AI / CC by 4.0

Data Cut & Kill Switch Anxieties

'Kill Switch Shield' & the Recurring Erosion of Trust in US Tech 2025-07-28

In the emerging internet governance era, the focus (of government anxieties) is on data cuts: when governments and companies get cut off from the network, unable to access their information or contacts. ... Trump was threatening EU leaders with tariffs if they did not align with his Make America Great Again agenda. The risk that US sanctions could trigger loss of access to critical digital infrastructure should spark widespread concerns about the degree of US control over key information platforms, including the potential for President Trump to weaponize the private US corporations that governments, such as the EU, rely upon.

Case Study: Stargate—The Crown Jewel of Panic Lock-In

Big AI, Big Tech, and the U.S. Government Are Afraid of Digital Sovereignty—Very Afraid, Dion Wiggins, 2025-08-27

OpenAI’s Stargate initiative is the ultimate expression of the new digital empire.

  • Sold as “trusted AI infrastructure for nations,” it’s marketed with the language of partnership, localization, and shared innovation.
  • The reality: every layer is controlled by U.S. firms—Oracle owns the cloud, NVIDIA controls the chips and drivers, OpenAI governs the models, and the U.S. government holds the legal override through the CLOUD Act and export restrictions.
  • Local deployments are a mirage: there’s no right to audit, no right to fork, no escape from the legal and operational perimeter set in Washington.

Primary Source Excerpt:

"All services provided under this agreement are subject to United States export control laws and regulations. The provider reserves the right to terminate access, modify service, or revoke licenses in compliance with such regulations." — Standard SaaS/Cloud T&Cs, 2024

Stargate is not a partnership. It is a velvet-wrapped cage—once you enter, there is no exit.

Technological Sovereignty Vs. Digital Colonialism TheTechCoup-Book

Marietje Schaake, the author of The Tech Coup, in Beware America’s AI colonialism 2025-08-20, issues a timely warning about the dangerous conundrum American AI poses to other states.

The choice facing world leaders is not between US or Chinese AI dominance but between technological sovereignty and digital colonialism. Each trade confrontation should teach potential partners that today’s commercial relationships can become tomorrow’s coercive leverage.

Some key quotes are as follows:

President Donald Trump’s trade wars are teaching the world a harsh lesson: dependencies get weaponised. In the White House’s view, international trade is zero-sum. With his AI Action Plan promising “unchallenged” technological dominance a further ambition is clear. Will the rest of the world recognise that embracing US artificial intelligence offers Trump an even more potent tool for coercion?

More than previous technologies, AI systems create uniquely vulnerable dependencies. Algorithms are not transparent and can be manipulated to bias outputs — whether challenging antitrust rules or supporting protectionism. With a significant set of US tech chief executives pledging allegiance to this administration, the synergy between political and corporate agendas is clear. AI companies have even deployed team members in the US armed forces.

The weaponisation possibilities are extensive. Take the Cloud Act, which forces the disclosure of foreign data by domestic cloud providers, whose services dominate worldwide.

It is easy to see how tech can become an even greater bargaining chip in US foreign policy. As with steel or pharmaceuticals, Trump’s White House can simply impose a tariff on AI services or critical elements of the supply chain. The administration is already pushing the EU to weaken its Digital Services Act and considered leveraging tariffs to force a change to the UK’s online safety laws earlier this year.

The Trump administration frames the AI race as a competition between democratic and authoritarian models. Yet this obscures a troubling reality: the gap between US and Chinese approaches to technological control is narrowing. Governance grows more authoritarian by the day in Trump’s America, with political interventions reaching individual company levels.

Two Recent violations

1: Microsoft admits it 'cannot guarantee' data sovereignty 2025-07-25

Microsoft says it "cannot guarantee" data sovereignty to customers in France – and by implication the wider European Union – should the Trump administration demand access to customer information held on its servers.

2: The US is sanctioning judges from the ICC

The International Criminal Court (ICC) deplores the additional designations for sanctions which were announced today by the United States of four judges of the Court: Second Vice-President Reine Adelaide Sophie Alapini Gansou (Benin), Judge Solomy Balungi Bossa (Uganda), Judge Luz del Carmen Ibáñez Carranza (Peru) and Judge Beti Hohler (Slovenia). These additional designations follow the earlier designation of Prosecutor Karim A.A. Khan KC.

These measures are a clear attempt to undermine the independence of an international judicial institution which operates under the mandate from 125 States Parties from all corners of the globe. The ICC provides justice and hope to millions of victims of unimaginable atrocities, in strict adherence to the Rome Statute, and maintains the highest standards in protecting the rights of suspects and the victims.

For more examples of violations to natural, corporate and governmental entities see Digital Sovereignty Revoked: Infrastructure as a Weapon in Big AI, Big Tech, and the U.S. Government Are Afraid of Digital Sovereignty—Very Afraid, Dion Wiggins, 2025-08-27.

More Examples

Digital Sovereignty Revoked: Infrastructure as a Weapon

The June 5, 2025 sanctions on four ICC judges marked the moment the mask slipped. Under Executive Order 14203, U.S. companies were barred from providing “services”—including cloud, email, authentication, and collaboration platforms. It wasn’t a cyberattack or breach. It was lawful revocation, silently executed by vendors like Microsoft and Google under compulsion. A global tribunal risked being digitally locked out for doing its job. The message was clear: infrastructure is no longer neutral. It is jurisdictional, weaponized, and conditional on foreign alignment.

The ICC wasn’t the first warning. Türkiye nearly lost its entire education system in 2024 when Microsoft threatened to pull licenses for 18 million students—triggered not by malice, but by an automated program retirement. In April 2025, Sun Yat-sen University in China lost its Microsoft 365 environment in 48 hours due to U.S. export control spillover—treating a research campus like a sanctioned arms dealer. In Europe, Telekom Deutschland was forced into a legal trap: violate EU law by obeying U.S. sanctions, or lose access to U.S. markets. In each case, sovereignty was less about systems than about who writes the rules—and who can flip the switch.

The same fragility extends to individuals. A Windows 11 user lost 30 years of personal data when BitLocker keys were trapped inside a suspended OneDrive account. A San Francisco father was permanently locked out of Gmail, business records, and his child’s medical files after Google’s AI flagged a telemedicine photo. Even my own Blogger account was erased for replying “too quickly,” with access to Gmail, Drive, and identity services revoked instantly. These aren’t anomalies. They are systemic failures showing how fragile digital life becomes when authentication, storage, and identity are fused under foreign terms of service.

The pattern is consistent: one license email in Türkiye, one compliance notice in Guangzhou, one sanctions designation in The Hague, one AI flag in San Francisco—and entire systems collapse. This isn’t about cloud strategy or cost efficiency. It’s about governance, leverage, and survival. If your infrastructure is subject to someone else’s law, you don’t own your systems. You lease them. And leases end the moment you become politically inconvenient.

In the age of digital bloc lock-in, neutrality will be treated as compliance — and compliance as surrender.

The question for every government, university, enterprise, and citizen is brutally simple: if your cloud provider revoked access tomorrow, could you still function? If the answer is no, you are not sovereign—you’re operational on borrowed terms. For deeper analysis and real-world case studies, see my companion reports: Sovereignty Revoked: One Email, One Algorithm, and Everything Dies and Digital Sovereignty Revoked: How Cloud Infrastructure Became a Weapon of Foreign Policy.

USA PATRIOT Act & US Gov Access

USA PATRIOT Act vs SecNumCloud: Which Model for the Future?

The USA PATRIOT Act was passed in 2001 after the September 11 attacks to expand government agencies' powers in surveillance and counterterrorism. In practice, it grants U.S. authorities broad surveillance capabilities, allowing access to data from companies under American jurisdiction, regardless of where it is stored.

Increase in trans-Atlantic mistrust after the Snowden revelations in 2013 of US mass surveillance programs. Read Permanent Record by Edward Snowden, 2019-09-17 for details.

The adoption of the US CLOUD Act in 2018 further strengthened this authority. It requires American companies to provide data upon request, even if the data is stored on servers located in Europe.

The extraterritorial nature of these laws forces American companies to hand over data to U.S. authorities, including data stored in Europe. This creates a direct conflict with the GDPR. For European businesses using American cloud services, it opens the door to potential surveillance of their strategic and sensitive data.

Beyond confidentiality concerns, this situation raises a real challenge to digital sovereignty, as it questions Europe’s ability to manage its own data independently and securely.

SecNumCloud for Digital Sovereignty

USA PATRIOT Act vs SecNumCloud: Which Model for the Future?

In response to these challenges, France developed SecNumCloud, a cybersecurity certification issued by ANSSI (the National Cybersecurity Agency in France). It ensures that cloud providers adhere to strict security and data sovereignty standards.

SecNumCloud-certified providers must meet strict requirements to safeguard data integrity and sovereignty against foreign interference. First, cloud infrastructure and operations must remain entirely under European control, ensuring no external influence — particularly from the United States or other third countries — can be exerted.

Additionally, no American company can hold a stake or exert decision-making power over data management, preventing any legal obligation to transfer data to foreign authorities under the CLOUD Act.

Just as importantly, clients retain full control over access to their data. They are guaranteed that their data cannot be used or transferred without their explicit consent.

With these measures, SecNumCloud prevents foreign interference and ensures a sovereign cloud under European control, fully compliant with the GDPR. This allows European businesses and institutions to store and process their data securely, without the risk of being subject to extraterritorial laws like the CLOUD Act.

SecNumCloud ensures strengthened digital sovereignty by keeping data under exclusive European jurisdiction, shielding it from extraterritorial laws like the CLOUD Act. This certification is essential for strategic sectors such as public services, healthcare, defense, and Operators of Vital Importance (OIVs), thanks to its compliance with the GDPR and European regulations.

ANSSI designed SecNumCloud as a sovereign response to the CLOUD Act. Today, several French cloud providers, including Outscale, OVHcloud, and S3NS, have adopted this certification.

SecNumCloud could serve as a blueprint for the EUCS (European Cybersecurity Certification Scheme for Cloud Services), which seeks to create a unified European standard for a sovereign and secure cloud.

US-owned "Sovereign EU Clouds"

Regardless of Amazon's data sovereignty pledge, the parent company remains under American ownership, and may still be subject to the Cloud Act, which requires US companies to turn over data to law enforcement authorities with the proper warrants, no matter where that data is stored.

As Frank Karlitschek, CEO of Germany-based Nextcloud, told us in March: "The Cloud Act grants US authorities access to cloud data hosted by US companies. It does not matter if that data is located in the US, Europe, or anywhere else."

GPU Sovereignty in China

GPU Sovereignty Shift

GPU Sovereignty Shift: How China’s “Big AI” Are Powering AI Without Nvidia, Dion Wiggins, 2025-08-19

This is a forensic deep-dive into the collapse of Nvidia’s dominance in China and the rise of a fully sovereign AI hardware-software stack that is now being exported globally. Washington’s sanctions, intended to cripple China’s AI ambitions, instead forced the world’s largest AI market to accelerate domestic innovation, flipping dependency into deterrence in less than two years. The result: Chinese players like Huawei, ByteDance, Tencent, Alibaba, Baidu, and a new generation of hardware startups have restructured their entire AI infrastructure around sovereign GPUs, breaking the U.S. chokehold on advanced compute.

Take-home: Digital Sovereignty is Anti-Dependence

Digital Sovereignty means Anti-Dependence

No, Digital Sovereignty Doesn’t Mean You’re Anti-America or Pro-China: It’s Anti-Dependence, Dion Wiggins, 2025-05-28

Talking about digital sovereignty shouldn’t make you look like a traitor. But today, it does.

  • Say you want alternatives to U.S. tech? You’re accused of being anti-American.

  • Mention China’s progress in AI? You’re branded pro-authoritarian.

  • Advocate for local infrastructure? Now you’re undermining allies.

This framing is toxic. And it’s designed to shut down the one conversation that actually matters:

Who owns your nations or organization's digital future?

This article dismantles the trap we’ve all been forced into.

We need to be able to talk openly—about the risks, the challenges, and the benefits of digital sovereignty—without being labeled anti-American, pro-China, or anything else.

Because digital sovereignty isn’t about picking sides. It’s about having the right to choose your own system—without permission, without gatekeepers, and without apology.

Let us actually peruse through this article by Dion Wiggins now!

Deep Dive Yourself