We need European Software Sovereignty combined with Data Security at the country level
1. Software Sovereignty: Maintaining a Quality Tech Stack (Eurostack)
The first question is: how do we give all companies, governments, research labs and startups in Europe access to a catalog of top-of-the-line libraries, software, and components that are made in Europe?
That means supporting the essential software components and bricks needed to run telecom, software, defense, infrastructure, and everything else — and supporting the individuals and companies who create and maintain them.
Supporting a European software stack should be a top-priority European project.
And to everyone who believes Europe is incapable of that, we should remember that many of these bricks were invented in Europe: Linux, Python, the Web, MySQL. Even video and streaming technologies (FFmpeg) have strong European roots. Chrome and Safari are derived from a French-German browser for Linux (Konqueror and KJS).
So the real question we should ask ourselves is:
How is it possible that Europe, with all its money and talent, has failed to sustain a developer-friendly open source ecosystem?
The answer is that consultants and compliance professionals control the tech ecosystem, and they do not promote those who build.
They optimize the European economy for compliance, not for code. In contrast, the U.S. never stops building. That’s the Silicon Valley mindset. As Marc Andreessen put it: “It’s time to build.” He didn’t say “It’s time to buy or use.”
Today, the best developers want to build where they feel the love.
Making Europe that place is a long-term benefit.
It’s essential to note that China has developed its own stack over the last 20 years and is nearing the point of becoming software- and hardware-independent, including chip design (although they still rely on Cadence and Synopsys for this purpose).
2. Data Sovereignty: How Every Country Chooses Its Level of Data and Infrastructure Safety
Besides software, the second key issue is about where data lives and who controls it.
Each country defines the level of security it desires for sensitive domains, including health, government data, defense, and national security. There are European standards, but the final choice is national — whether to host data locally or rely on foreign platforms governed by U.S. laws, such as FISA or the Cloud Act.
France, for example, has created its own standard — SecNumCloud — but it sparks controversy, as S3NS (Thales + Google) and Bleu (Orange + Microsoft), two joint ventures, were created specifically to pass the local certifications.
However, another question that is now arising is: should we host strategic and sensitive data in the cloud or on-premises (local hosting)?
I’ve always advocated for modernized local hosting.
Look at what 37signals did: they moved off the cloud, hired engineers and DevOps, and saved a million dollars in hosting expenses.
But local hosting requires hiring system admins and DevOps skills — the very type of people we fired over the past two decades under the illusion that “cloud means you don’t need tech people.”
With the new geopolitical environment, the additional human cost might become negligible compared to what’s at stake: control, resilience, and cybersecurity.
You should not outsource that.
The Real Need for Sovereignty
Everyone talks about a scenario where the US would shut down selective online services in case of negotiation (like Greenland vs. Denmark).
Even if possible, that risk is still doubtful.
For me, the real risk is economic: Big Tech has spent almost a trillion on AI, and now they need to recoup that money.
Europe is their favorite ATM.
In this coming decade, software sovereignty will not only be a political issue but also a business issue — the ability to negotiate pricing with US platforms, because there are European alternatives.
I believe this is the most critical issue. Think Airbus vs. Boeing.
Software Sovereignty Is as Technical as It Is Political
If you don’t build, you don’t control.
Sovereignty starts with code, infrastructure, and people who know how to operate it.
Europeans as a group, or as countries, only focus on policy — and this is where the problem stands.
We need to bring software building back to the top of the agenda — and also dual-use, as wars are becoming increasingly digitalized.