A brief history of European Digital Sovereignty and how the network became a strategic pillar

Digital sovereignty is the framework that defines how companies should design their networks, their security, and their relationships with technology providers. This is where an infrastructure designed and built in Europe—such as the one proposed by Saima Systems with SAIWALL SD-WAN—transcends a mere marketing claim to become a key component of a company’s digital sovereignty.

The history of European digital sovereignty is the story of an uncomfortable awakening. Starting in 2010, Europe began to realize that simply regulating the market was not enough and that it needed to regain real control over its technologies, data, and infrastructure. This reality accelerated starting in 2013 with the Snowden case and solidified between 2016 and 2018 with the adoption and entry into force of the GDPR, which marked a turning point in data protection.

Starting in 2020, digital sovereignty became a priority in Brussels. It is the response to more than a decade of technological dependence, espionage scandals, and a geopolitical landscape in which whoever controls the digital infrastructure also controls a part of the economic future.

Today, in the new global landscape, control of digital infrastructure has become a strategic asset. Digital sovereignty is built from the network.

In the 1990s and early 2000s, Europe held the upper hand in the telecommunications sector: mobile standards such as GSM/2G and 3G, major network and device manufacturers, and a robust mobile phone industry. However, the shift from “the network” to “platforms”—the Internet, cloud services, digital giants— was led primarily by U.S. companies and, later, Chinese ones.

While the European Union focused on building its Digital Single Market, harmonizing regulations, and ensuring competition, the influence of major platforms, the public cloud, and critical digital services shifted toward non-European players.

Europe retained regulatory capacity but progressively lost control over the infrastructure and software underpinning the digital economy.

The major turning point came in 2013, with Edward Snowden’s revelations about the National Security Agency’s (NSA) mass surveillance programs and those of other intelligence agencies. The leaked documents revealed the extent to which communications and metadata were being intercepted on a global scale, including those of European citizens, companies, and institutions.

Suddenly, issues that had seemed abstract —where data flows, who controls the infrastructure, which laws apply— became a political issue of the highest order. Europe faced a pressing reality: much of its critical digital infrastructure depended on third countries. Governments such as Germany’s began speaking of “defending Europe’s digital sovereignty” against espionage and technological dependence, and data sovereignty took center stage in the public debate.

At the same time, the European Union accelerated its agenda for personal data protection, culminating in 2016–2018 with the GDPR, the General Data Protection Regulation. A first practical pillar of data sovereignty: Europeans’ data is processed under European rules, even when external actors are involved.

The GDPR (2016–2018) marks a first milestone: European citizens’ data must be processed under European rules. But it soon becomes clear that protecting data without controlling the infrastructure is only a partial solution.

Now that the GDPR has been established, the conversation goes further. It is not just about privacy, but about something broader: digital strategic autonomy.

Europe is observing several trends simultaneously:

• The concentration of economic and data power in a small group of large global platforms.
• Exposure to political, regulatory, or judicial decisions by third countries that can directly affect critical services on European soil.
• The risk of dependence on critical technologies: cloud, AI, chips, networks, cybersecurity, 5G/6G.
   

Europe needs to regain control over data, infrastructure, and critical technologies. Without control over digital infrastructure, there is no real sovereignty. And this is beginning to directly affect how companies must design their technological architecture.

Starting in 2020, digital sovereignty has moved beyond being a debate among experts to become an explicit priority for the European Commission. The strategy “A Europe Fit for the Digital Age” and, in particular, the Digital Compass 2030 reinforce this vision.

The Digital Compass 2030 sets four major objectives:

• Equip citizens and professionals with digital skills.
• Deploy secure, efficient, and sustainable digital infrastructures: advanced connectivity, cloud, edge computing, and cybersecurity.
• Accelerate the digitalization of businesses, with a focus on the cloud, data, and artificial intelligence.
• Digitalize public services in a reliable and accessible manner.
   

At the same time, a new regulatory framework is being developed that redefines the functioning of the European digital economy:

• The Digital Services Act (DSA) and the Digital Markets Act (DMA), which impose new rules on large platforms and aim to protect both users and competition.
• The Data Governance Act and the Data Act, which promote the secure exchange of data and limit lock-in with a single provider.
• The NIS2 Directive and the DORA Regulation, which tighten cybersecurity and resilience requirements in critical sectors and infrastructure.
• The AI Act, the Chips Act, and other frameworks designed to ensure Europe’s own capabilities in strategic technologies, including artificial intelligence.
   

All these measures aim to restore Europe’s decision-making power over its digital environment: data, technology, and infrastructure.

As the current decade progresses, digital sovereignty is shifting from a political concept to a technical issue. Digital sovereignty lies in the infrastructure and how it underpins the entire regulatory framework.

For a company or government agency, this translates into very practical decisions:

• What network architecture connects offices, plants, data centers, and clouds.
• Which SD-WAN platform determines where traffic flows and which policies are applied.
• Which security and monitoring solutions inspect communications, store logs, and trigger alerts.
• Which providers are behind these layers and under which jurisdictions they operate.

Digital sovereignty, viewed from this perspective, is not just a question of where the data is located, but of who truly controls the network, the software, and the security that make it all possible. Digital sovereignty ceases to be a theoretical issue and becomes a property of the network.

For a European company, digital sovereignty boils down to questions that end up on the management and CIO’s desks:

• Who really holds the keys to my network and my data?
• What would happen if, tomorrow, my provider changed its terms, faced a penalty, or was affected by a regulatory decision outside the EU? In other words, where is the data processed, and under which laws?
• Can I reconfigure my infrastructure or switch providers without disrupting business operations?
   

Answering these questions involves examining three key dimensions:

• Compliance and regulatory risk. The new European regulatory framework requires traceability, control, and the ability to respond to incidents.
• Resilience and business continuity. Designing networks and services with resilience and reversibility in mind is now a mandatory requirement.
• Ability to shape the digital future. Choosing open technologies, aligned with the European concept of sovereignty, helps avoid becoming locked into a single model or provider.
   

In this context, the network is the layer where control, security, and sovereignty are realized.

In an environment dominated by global platforms, the role of European network software manufacturers such as SAIMA SYSTEMS takes on strategic importance. Infrastructure is defined by the software that governs it: which traffic is prioritized, which routes are chosen, and which security policies are applied. From this perspective, digital sovereignty translates into three key commitments:

• Software designed in Europe. Designing and developing network and security platforms in Europe, with teams and processes aligned with the European regulatory framework and the realities of local businesses.
• True control of the network. Solutions like SAIWALL Secure SD-WAN allow organizations to decide how they connect, secure, and manage their locations, users, and cloud environments, without relying on a single operator or provider.
• Open and adaptable infrastructures. Architectures that make it easy to integrate new services, switch operators, or evolve the network without rebuilding it from scratch.

In practice, this translates to greater capacity to meet European security and traceability requirements, and more flexibility to decide how the company’s digital infrastructure will evolve.