In a previous article, we addressed the crucial issue of data sovereignty. Today, in the wake of this summer’s major events, notably Microsoft’s massive outage, we feel it’s essential to return to this subject and provide further clarification.
Digital sovereignty is often wrongly perceived as simply a matter of personal data confidentiality, commonly referred to as “data privacy”. This simplistic view has led the European Union to introduce regulations which, while important, are still insufficient to guarantee true citizen sovereignty.
Fortunately, this regulatory framework is evolving, and we need to understand the broader issues at stake.
What is digital sovereignty?
To fully grasp the risks associated with a lack of digital sovereignty, it’s crucial to ask a few fundamental questions:
- What threats must sovereignty counter?
- Is it possible to conceive of effective sovereignty that transcends national borders?
- Are current solutions, such as storing data on European territory, really adapted to all threats?
We can therefore define digital sovereignty as a nation’s ability to control and secure its essential infrastructures and services, beyond the simple protection of personal data. It is crucial to ensuring the resilience and security of modern society in areas such as IT, transport, food, and communications.
Understanding the risk context
The risk we’re talking about here is systemic, and it concerns entire nations. These are threats that can paralyze the vital activities of our modern societies: computer networks, transport, energy distribution, communications, health and food.
Hacking into traffic lights, for example, could bring a country to a virtual standstill. Similarly, the remote control of autonomous cars could, in a matter of hours, bring a major city to a standstill, as demonstrated by the recent autonomous cab bug in San Francisco.
More concretely, the Covid crisis revealed the dramatic consequences of a lack of sovereignty, such as the inability to produce masks or essential medicines.
More recently, the war in Ukraine showed how hyperscalers (large cloud companies) could disrupt the economy of an entire country, in this case Russia, and even plunge entire regions into famine by blocking cross-border grain payments.
These examples clearly illustrate that it’s not just data governance that is at risk, but the services that are essential to our societies.
Lessons learned from the Microsoft incident
Last July, the major Microsoft 365 outage had global repercussions. Critical services such as email, cloud file storage, and collaboration tools like Microsoft Teams were severely disrupted, directly impacting businesses and their operations.
But beyond the financial losses for businesses, this outage also had consequences for citizens, with interruptions to payments and healthcare services.
This incident raises a fundamental question: how can such a risk be managed in the future?
Regulatory responses are a good start, but remain insufficient
The European Union has undertaken to introduce regulations to strengthen digital sovereignty, such as GDPR, the Schrems II ruling, and the NIS2 directive.
However, these measures, while encouraging, remain too focused on the protection of personal data and do not take sufficient account of the services dimension.
Comprehensive training and risk analysis are key
Anyone who is responsible for IT infrastructures must be aware of the real risks to sovereignty. A systematic analysis must be carried out, integrating not only the risks to the company, but also the risks to the nation as a whole.
This is no easy task, as few companies are accustomed to taking into account risks beyond their own perimeter.
Towards a national priority in IT choices
More than ever, we need to steer our IT choices towards solutions that will ultimately guarantee national sovereignty. This means giving preference to vendors based in your home country and, where this is not possible, ensuring the independence of the proposed solutions.
Open source could be an alternative, but it requires greater skills, and therefore additional costs.
It’s clear that digital sovereignty must become a reflex, not only for companies, but also for governments, which must set an example by favoring national choices in the software field.
This is essential to ensure our independence and the security of our essential services. Digital sovereignty is not a luxury, it’s a necessity for the survival of our society.
Discover the new white paper on data governance in action and Axway’s leadership in privacy and security.