In a changing geopolitical context, the European Union is increasingly trying to assert its place in the world – especially when it comes to technology and innovation. As this European Commission passes the half-way mark of its mandate, technological sovereignty continues to be the leitmotif of the current EU policy cycle. Some outside of Europe perceive “technological sovereignty” as the EU seeking to limit the use and influence of non-EU technology companies in favour of homegrown innovation.
While some have used technological sovereignty to criticise legitimate initiatives by EU institutions to increase trust in technology, such as the Digital Services Act (DSA) and Digital Markets Act (DMA), we disagree with the argument that the DSA or DMA would be protectionist or “anti-American.”
At IBM, we understand the reasons behind the EU’s push for technological sovereignty stem from legitimate concerns including data privacy, cyber security, and competition. Since the launch of this concept, European member states and EU institutions have not landed on a consensus, but we are starting to see it put it into practice.
Specifically, the introduction of “immunity protections” to non-EU laws with extraterritorial applications. In other words, some countries outside of the EU have laws which may apply in the EU and conflict with EU laws. Furthermore, this logic is increasingly directed at global cloud providers – the backbone of the modern tech industry. For instance, immunity is currently being considered as an eligibility requirement in the Cybersecurity Certification Scheme for Cloud Services (EUCS).
Several EU Member States openly disagree with the approach as they fear that it could bar globally operating cloud service providers from obtaining the certificate, possibly excluding them from offering solutions in cloud market segments. Moreover, European trade associations representing financial entities and industrial companies urge not to politicise technical requirements and conflating legal and cybersecurity considerations. They express concern that it may restrict their choice of selecting the best available technologies available in the market, undermining their own operational resilience and competitiveness in the global market.
IBM is committed to help our clients generate value from their data and to meet the ever-increasing needs for more data security and privacy. We feel it is important to echo concerns expressed by our clients that “immunity requirements” risk jeopardising their ability to select state-of-the-art technologies to meet their business and security imperatives. To that end, we have drafted a short list of recommendations for how technology can help accomplish the goal of a more sovereign EU.
We firmly believe the EU can build a robust and competitive digital economy based on these guiding principles:
1. Choose trusted partners.
Don’t choose partners based on their geographic location. The EU should adopt an open market approach in which it remains open to like-minded partners, strengthens international alliances, and continues to embrace open source technologies as key pillars for sovereignty. The EU should not push requirements that risk reducing the ability for EU-based companies to select the best available technologies.
2. Precision Regulation to achieve trusted innovation.
The EU should continue to strengthen sovereignty that shields off bad actors and addresses risks and harmful use cases of technologies. Not the technologies, or technology providers, themselves. On technical regulations such as the EUCS, we think that the EU should focus on technical measures to strengthen security and resiliency.
3. Make strategic investments to accelerate digital transformation and economic recovery.
Investments should be targeted at technology areas that will shape Europe’s digital and sustainable future such as data and cloud infrastructure, semiconductors, quantum computing, artificial intelligence, cybersecurity technologies such as encryption, and blockchain. Boosting innovation in these fast-growing markets and collaborating with trusted partners should be a priority for the EU.
Making technological sovereignty work for Europe means strengthening local digital capabilities in an open way with trusted partners, without excluding companies based on the location of headquarters. The EU and U.S. should work together to balance regulatory goals and technological innovation, while ensuring open markets. The EU-US Trade & Technology Council (TTC) is a good step in the right direction and should serve as the framework to steer and strengthen technological capabilities on both sides.
IBM has been in Europe for over 100 years and we firmly believe we can make important contributions with our experience and within our ecosystem.
Gerrit Steinfort, Manager, Government and Regulatory Affairs Europe
Share this post:
- More Articles