• 05/11/2026
  • Article
  • Automation & digitalization

Digital Sovereignty: How Europe’s Industry Remains Capable of Action in Uncertain Times

In times of deglobalisation and fragile alliances, digital sovereignty determines whether Europe’s manufacturing industry truly controls its own data, processes, and know-how – or remains dependent on external clouds and foreign legal jurisdictions.

Written by Marius Schaub

Photorealistic industrial plant with tanks and pipelines in evening light, above it a cloud symbol within a ring of EU stars and glowing data lines
Companies, states, the European Union: all are striving for digital sovereignty. Achieving it, however, is no simple matter.

Wero launched as a declaration of war: a real-time payment system developed by European banks to enable money transfers within seconds directly from a current account – free from American influence, more sovereign, freer than PayPal, and at least as secure. The catch: at the end of April 2026, it emerged that the payment service’s infrastructure partly relies on AWS – the cloud subsidiary of US giant Amazon.

Aleph Alpha launched as a beacon of hope: a generative AI solution from Germany, available to businesses and the public sector, with a focus on data sovereignty, explainability, and security. Its creators paid particular attention to European data protection guidelines, critical infrastructure, and regulated industries. The catch: at the end of April 2026, the start-up was acquired by Cohere, a company from North America.

Two news items, one underlying theme: Europe is striving for digital sovereignty. Against the backdrop of deglobalisation, increasingly unreliable alliance partners, and the rising power of autocratic regimes, the Union, its member states, and a growing number of European companies are attempting to make not only their physical but also their digital supply chains more resilient – and to anchor services in-house or at least “in-EU”. Yet the path to sovereignty is arduous and fraught with setbacks, as these recent examples from the payments and generative AI sectors demonstrate.

In the short term, companies regard geo-economic confrontations and cybersecurity as particular global risks; in the long term, environmental aspects top the list
Survey respondents at the WEF expect growing geo-economic problems over the next two years. Cybersecurity also features at number 6 among their concerns.

What is Digital Sovereignty?

Digital sovereignty describes a company’s ability to design and control its digital resources in such a way that it remains capable of action in critical situations and can make autonomous technological decisions. Unlike digital autarky, the goal is not necessarily to build everything in-house, but rather to manage dependencies consciously, to retain the ability to switch suppliers, and to keep control over key data and encryption keys.

This challenge therefore affects every link in the value chain – the same links that stand at the heart of POWTECH TECHNOPHARM: from development and processing through to production and packaging. At each stage, operators of manufacturing plant will increasingly need to ensure that core processes, intellectual property, and operational data do not depend on a single cloud provider, proprietary protocols, or opaque software supply chains that could suddenly prove to be a risk in the event of geopolitical tensions, export controls, or regulatory changes. Digital sovereignty therefore encompasses:

  • Technical aspects: architecture, standards, encryption
  • Legal framework conditions: data location, access rights, regulation
  • Organisational questions: governance, roles, skills

All three aspects must work in concert to protect plant and intellectual property over the long term.

In the European context, digital sovereignty is also a question of industrial location: the EU wishes to make its economy more resilient by reducing dependence on non-European IT corporations whilst simultaneously preserving open markets and innovation. For companies, this means that requirements arising from data protection law, cyber regulation, and industrial policy are increasingly coupled with the expectation that they can demonstrate their own sovereignty strategies.

The bar chart shows that 96 per cent of German companies source digital services from abroad
Without digital technologies from abroad, companies cannot produce. This affects hardware above all, but also large parts of software applications.

Status Quo: High Dependencies Shape the Situation in Europe

Studies show that virtually all European companies are heavily dependent on imported digital technologies: according to a Bitkom analysis from 2025, around 96 per cent of German firms import digital technologies and services from abroad, often from a handful of large providers. At the same time, geopolitical tensions and regulatory conflicts are intensifying – making these dependencies politically even more precarious.

The good news: awareness of the issue is growing. Open-source software has achieved widespread adoption; three in four companies are already using it, and 73 per cent explicitly regard it as an instrument for securing digital sovereignty. Nevertheless, around 60 per cent have no documented open-source strategy and no clear processes for systematically harnessing openness and security. The picture regarding data sovereignty is similarly ambivalent: a recent report notes that, in 2025, despite high awareness of regulatory requirements, one in three European companies experienced at least one data sovereignty incident.

Against this backdrop, the 2026 World Economic Forum in Davos explicitly discussed the possibility of a “one-off collapse of the world order” and the need to build a “new, independent Europe” that strengthens its economic and technological capacity to act. The message to industry is clear: digital dependencies have long since ceased to be a purely IT matter – they represent a strategic risk with a direct bearing on security of supply, competitiveness, and political resilience.

The bar chart shows that the country of origin of cloud providers plays a significant role for companies: over 90 per cent would prefer offerings based in the EU
German companies would prefer German cloud providers. In many other European countries, the situation is similar.

How Companies Can Increase Their Digital Sovereignty

A central lever lies in the design of infrastructure and cloud architecture. Sovereignty is achieved when workloads are portable, exit scenarios have been explored contractually and technically, and critical systems are not tied exclusively to a single hyperscaler. Multi-cloud and hybrid scenarios reduce lock-in risks and facilitate responses to political or regulatory changes.

A growing number of companies are deliberately choosing EU-based providers in order to keep data under European jurisdiction and minimise regulatory uncertainty – particularly in connection with US surveillance legislation. It is important that not only the formal data location is correct, but that the company also retains technical key sovereignty in order to enforce exclusive access.

At the application level, open standards and a systematic Software Bill of Materials (SBOM) are decisive. Whether proprietary or open source: for any software in use, companies should be able to trace at any time which components are involved, where they originate, and what security vulnerabilities or licence conditions apply. This is further driven by requirements such as the EU Cyber Resilience Act and is simultaneously a prerequisite for reducing dependencies in a targeted manner.

Identity and access management (IAM) becomes the “sovereign anchor” of a digital architecture. Any organisation that manages all user and machine identities via a single external identity provider runs the risk – in a worst-case scenario – of losing access to its own infrastructure, for instance in the event of sanctions, outages, or contractual disputes. Sovereign approaches rely on hybrid or federated IAM architectures that use open standards and provide local fallback mechanisms.

With the growing use of AI systems, the question of which data flows into which models and who owns the resulting intellectual property becomes a sovereignty issue. Companies should define data classes and binding rules governing which categories may be fed into external AI services – including technical controls such as pseudonymisation, anonymisation, and “private” model services. Data spaces emerging in Europe and initiatives such as Gaia-X enable the secure, standardised exchange of production and plant data between companies without any single actor losing control.

Digital sovereignty cannot be achieved through technology procurement alone; it requires clear structures and responsibilities. Companies need governance models that bring infrastructure, applications, security, procurement, and business units to the same table in order to regularly assess dependencies and set priorities. This includes, for example, a central body for sovereignty matters, defined criteria for the selection of cloud and software providers, sponsorship at board level, and planned exit scenarios.

Interested in this topic? Then come to POWTECH TECHNOPHARM and experience this and many other topics live at the trade fair. Secure your ticket here using the following code: PTTP26Insights

Author

Marius Schaub
Marius Schaub