Can US tech help solve the EU’s sovereignty conundrum?
“Reconciling different goals is tough and requires balancing,” said Lorelien Hoet, Director Government Affairs, Microsoft – Belgium, introducing the panel How to Reconcile Data Protection, Resilience and Cybersecurity Goals in Today’s Digital World at CPDP 2025.
“What is tech sovereignty? What are the motives behind it? Is it cybersecurity, competition or something else?
At Microsoft, we find it important to have a discussion about these topics.
Microsoft is a US company with a very large and longstanding presence in Europe. This presence extends to physical infrastructure, she said. “It’s anchored in the ground – those data centres won’t move!”
“In the current political climate there will be questions about tech sovereignty, but we’ve adopted commitments which we hope will enhance trust.”
She referred to Microsoft’s European Digital Commitments recently announced by Vice Chair and President Brad Smith, which include the creation of sovereign cloud datacenters, building a European cloud for Europe, the appointment of a Deputy CISO for Europe, and support for European competitiveness through initiatives such as open access to AI.
“We can be a driver for competitiveness,” Hoet told RAID after the panel. “It’s great if the EU is trying to build its own infrastructure, but that should not mean excluding other partners if it’s in their interest. We see regions in the world that have become successful in tech have been adopters – not necessarily inventors but those that scale in Europe.”
Andres Raieste, VP Public sector at Nortal discussed his work on Estonia’s government policy on data sovereignty. “The pragmatic way of thinking is how not to become dependent on a single cloud provider. We need to ensure equal competition between a range of cloud providers, and not to have just one local cloud provider that is owned by the government.
“Innovation is always driven mostly by competition. Countries should have more than one option, even if that one option is a sovereign option.”
Michael Aendenhof, Belgian permanent representation to the EU said: ““Strategic autonomy is about the fact that you’re able to act independently, and that you do not excessively rely on an external actor.
“We should start from a realistic perspective and not aspirations. On cloud, we should have a debate about what we need and what we don’t need. We need to assure the security of certain types of data, but you can’t be sovereign on everything. We are in a cross-border world where international management of datastreams is essential.”
Alexandre Ferreira Gomes of the Clingendael Institute cited research suggesting that people in Europe should be more careful about what they put on US-owned cloud services. “Dependencies started to be viewed as vulnerabilities,” she said, highlighting cross-party consensus in the Netherlands government to find alternatives and move to European clouds.
Chiara Manfredini of Access Now said “When we talk about trust and resilience and security we are not just talking about technical infrastructure, but people’s rights.
“We believe cybersecurity and data protection go hand in hand. Tools like encryption are critical. Data minimisation is a security strategy – the less one collects, the less risk of exposing people to harm.”
Valerie Hoss, Head of European Affairs at Commerzbank said: “Data is at the core of what we do. We’re also in an environment where banks grow and sometime merge – in order to keep customers’ data safe, we need to modernise our infrastructure and make sure that it’s up to standard, secure and complies with the expectations regulators have.
“Moving to the cloud is a big tool we are using. We do this in a context where we are looking at different policy goals. The different policy goals always have trade-offs. We try and find the trade-off that works in a way for us and fulfils most of these policy goals in the best way possible.
“We are risk managers. That’s all we do every single day!”
