.png){kind=logo}
Feb 2026
This article was originally published in Decoding, our monthly briefing on the latest trends in government technology. Sign up here to receive future editions directly in your inbox.
.png){kind=logo}
In January, at the World Economic Forum in Davos, Canadian Prime Minister Mark Carney described today’s geopolitical moment as a rupture in the global order. A month later at the Munich Security Conference, German Chancellor Friedrich Merz declared that the decades-old world order “no longer exists,” while US Secretary of State Marco Rubio signalled a more openly interest-driven approach to international relations.
The gathering in Munich reinforced the message from Davos: future policy cannot be built on the expectation that the past geopolitical order will return.
This shift goes beyond defence and trade. It affects the digital systems underpinning European states, exposing dependencies on non-European technology providers. In a hyper-connected society, resilience is no longer just technical – it is about sovereignty and democratic continuity.
Digital sovereignty is therefore not an abstract ambition but a practical question of whether public services can function amid disruption. This month, we explore how governments can secure digital public infrastructure while maintaining accountability and public trust.
In this edition, you’ll read about:
Europe’s future will depend on strengthening its industrial and technological sovereignty, reducing reliance on US tech providers, and building greater internal capacity.
Digital infrastructure must be treated as critically as ports, roads, and power grids. Full digital independence is neither realistic nor necessary, but Europe must ensure its digital systems remain accessible and resilient in times of crisis.
The internet is the backbone of modern society, but its fragility is increasingly evident. Technical failures, cyber-attacks, and geopolitical tensions can disrupt cloud services, leaving governments, businesses, and citizens vulnerable.
A small number of US-headquartered technology companies dominate global cloud computing infrastructure, i.e. the global network of remote servers that store, manage, and process all our apps and data. Providers such as Amazon Web Services, Microsoft Azure, and Google Cloud are estimated to account for around 70% of the European cloud market, while European-based providers account for only 15%.
Incidents such as the AWS outage in October 2025 and the Cloudflare disruption underscore the urgency of preparing for digital blackouts. EU President Ursula von der Leyen has emphasised the need for Europe to reduce its reliance on non-EU digital infrastructure, and the EU is investing in open-source alternatives and sovereign cloud solutions.
For public administrations, these risks have practical implications for procurement design, business continuity planning, and contractual oversight, particularly when using services that involve cross-border data processing or vendor lock-in.
The geopolitical rhetoric is now translating into legislative planning. The European Commission’s 2026 work programme, titled Europe’s Independence Moment, includes plans for a forthcoming Cloud and AI Development Act, expected to address digital infrastructure resilience and strengthen Europe’s technological capacity.
→ Read more about the Cloud and AI Development Act here.
In November 2025, all EU member states adopted the Declaration for European Digital Sovereignty, framing dependency on a narrow set of international providers as a strategic vulnerability. The declaration links sovereignty not only to competitiveness, but to Europe’s capacity to safeguard democratic institutions and values in times of crisis.
→ Read the full declaration here.
While Brussels sets the strategic direction, national governments are translating sovereignty into procurement reform and infrastructure planning.
In Denmark, a recent report commissioned by the Ministry of Digital Affairs, Digital sovereignty in the Danish public sector, outlines Denmark’s efforts to reduce reliance on foreign tech providers by increasing control over digital infrastructure. Based on interviews with Danish and international authorities and companies, the report identifies four core challenges:
The report presents a range of potential solutions to these challenges, along with a complementary case catalogue featuring 15 examples of national and international experiences. Taken together, these challenges reflect a shift from efficiency-driven procurement to resilience-oriented governance.
→ Read the full report (in Danish) here.
These themes are echoed in a strategic roadmap to digital sovereignty published by Danish Industry. The roadmap argues that Europe imports over 80% of its digital infrastructure from non-European countries, creating vulnerabilities and limiting strategic autonomy. Denmark’s strength, according to the report, lies in European collaboration and in building on European solutions, standards, and capacities rather than on national models. Its three focus areas are:
→ Read the full report (in Danish) here.
On 29 January 2026, the Danish Data Protection Agency (DPA) issued serious criticism and warnings to 51 Danish municipalities for their use of Google’s Chromebooks and Workspace for Education in primary schools. The decision, rooted in the General Data Protection Regulation (GDPR), highlights the complexities of digital sovereignty, third-country data transfers, and the responsibilities of public institutions as data controllers.
The case follows an October 2024 opinion from the European Data Protection Board clarifying obligations of data controllers when using data processors and sub-processors, particularly when personal data is transferred outside the EU/EEA.
Key implications from the DPA decision:
The ruling signals stricter enforcement in areas where users, including children, have limited choice over data processing. It reinforces a central lesson: operational convenience does not override data controller accountability.
For public institutions, GDPR compliance is not a one-off assessment but an ongoing governance obligation. The case illustrates how digital sovereignty debates materialise through procurement design, contractual clarity and regulatory enforcement.
→ Read more (in Danish) here.
🇪🇺 AI restrictions on government devices in the EU: The European Parliament has disabled certain built-in AI features on employee devices due to cybersecurity and data-protection concerns. Officials are reviewing data flows and cloud-processing dependencies before determining whether AI functionality can be safely reintroduced. The move reflects the EU’s cautious approach to workplace AI deployment.
🇺🇸 US diplomats instructed to oppose foreign data sovereignty initiatives: The Trump administration has instructed US diplomats to push back against foreign data sovereignty and localisation measures that could restrict how US tech companies process and transfer data abroad. In an internal diplomatic cable signed by US Secretary of State Marco Rubio, such measures are described as potentially disruptive to AI development, cloud services, and global digital trade. The directive reflects the US's more confrontational approach to international data governance, and it explicitly references the EU’s GDPR as an example of what it considers imposes burdensome restrictions on data processing. The development points to continued transatlantic divergence on data governance, with implications for EU–US digital cooperation.
🇸🇪 Sweden: New procurement system for digital solutions: The Swedish government is preparing a new state procurement system for digital services to strengthen market access and digital sovereignty. The initiative aims to make public-sector purchasing more efficient while lowering barriers for smaller Swedish and European technology providers, supporting competition and innovation. The proposal includes exploring a dynamic procurement model that allows qualified suppliers to join continuously as long as they meet technical and legal requirements.
🇫🇷 🇸🇪 Mistral AI invests €1.2 billion in first infrastructure project outside France: Mistral AI and Swedish EcoDataCenter are building an AI data centre in Borlänge, Sweden. Opening in 2027, the facility will host next-generation AI models using NVIDIA’s Vera Rubin GPUs and renewable-powered infrastructure, reinforcing Europe’s AI autonomy. The partnership aims to create a fully European AI stack that enhances localised data processing and digital competitiveness.
🇩🇪 German state replaces Microsoft with open source: The administration of Schleswig-Holstein is shifting public administration systems toward open-source software to reduce dependence on US technology providers. The Ministry for Digital Transformation reports annual licence cost savings of over €15 million following the migration of most workplaces from Microsoft to LibreOffice, an open-source alternative. Officials frame the transition as both a security measure and a financially efficient approach to digital sovereignty.
🇳🇱 The Netherlands rethinks its US tech reliance: In the Netherlands, growing concern over dependence on foreign digital infrastructure is driving policy debate around critical public services such as the national identity system. The potential acquisition of a Dutch cloud provider linked to the digital ID platform has intensified scrutiny of supply-chain security and data jurisdiction risks, particularly under US legislation affecting overseas data. The discussion reflects broader European concerns about the concentration risks posed by platforms such as Microsoft services.
🇮🇳 Global AI Declaration signed in New Delhi: The largest AI Summit to date and the first in the Global South was held in New Delhi on 18-19 February. The Summit resulted in the New Delhi Declaration on AI, endorsed by over 80 countries and organisations, including the European Union. The declaration emphasises inclusive innovation, human capital, and energy-efficient AI systems rather than binding international regulation.
For questions, comments, or suggestions regarding this article, please contact Emilia Lindén Guíñez.
Enjoyed this edition of Decoding? Subscribe here to receive future insights on digital public services directly in your inbox.
.png){kind=logo}
