People rarely think of “Word” as a political tool. Or of “PowerPoint” as a channel for transmitting and distributing power. Yet every letter, every number in “Excel” is not just important data but also the route it travels. And routes in the digital world are a matter of subordination and control.
In German municipalities, as across Europe, they still work on “Microsoft.” “Outlook” is the state email. “Windows” is the digital face of European bureaucracy. At the level of convenience and habit, this is almost imperceptible. But in legal and geopolitical terms, it is a gaping hole. Because everything that happens in these systems is potentially accessible to a third party—under laws Europe did not write and, consequently, cannot change.
The American “CLOUD Act” obliges all U.S. technology companies—including “Microsoft,” “Amazon,” and “Google”—to provide access to data upon request by U.S. intelligence agencies, regardless of where that data is physically stored. In other words: European correspondence created in Berlin, Vienna, or Budapest can legally be read in Washington. Without permission, without notification, and without the ability to object. This is how the architecture of subordination is constructed.
Real Dependency: The Invisible Framework of the Digital Environment
“Microsoft” has long been a symbol of Europe’s digital dependency—a convenient assistant, a recognizable logo, an obvious American jurisdiction. But if you think about it, this is just the tip of the iceberg. The problem is much deeper and subtler: dependency is encoded in the very architecture of the digital environment, in its invisible framework—APIs, compilers, libraries, cloud protocols, and developer tools.
Even if Europe abandons “Microsoft Office,” it won’t change the fact that almost the entire infrastructure for developing and running digital services is built on components controlled outside the EU. Digital infrastructure will continue to run on chips with “ARM” architecture, licensed in the U.S. and UK. It will use clouds like “Amazon Web Services” (AWS), “Google Cloud,” or “Microsoft Azure”—the three largest players that, according to OECD data, handle over 90% of European cloud data. In 2023, it was revealed that 90% of the cloud infrastructure for Germany’s automotive industry—”VW,” “BMW,” “Daimler”—is hosted on AWS, while research data from several EU universities resides in “Google Cloud.”
Development happens on “GitHub” (owned by “Microsoft”), automation through “Docker” and “Kubernetes” (based on U.S. software). Visualization and cross-platform solutions rely on “React,” “TensorFlow,” and “Flutter.” These are all entry points for foreign legal frameworks and external technological logic—impossible to abandon without destroying one’s own ecosystems. The EU will have no digital sovereignty as long as even the most basic tools—from SDKs and system libraries to mobile OSes—are controlled by companies answerable not to Brussels but to Washington or Mountain View. No wonder Europe’s largest messengers and email clients—from “WhatsApp” to “Gmail”—are not only American but also technically opaque. Their security, encryption, updates, and routing logic are a black box for a continent that claims to aspire to strategic autonomy.
This dependency also has a fiscal dimension. The platforms underpinning Europe’s economy barely contribute to the societies from which they profit. “Google,” “Meta,” and “Amazon” have for years funneled revenues through Ireland and Bermuda, avoiding real taxes in the countries where economic activity occurs. According to the European Court of Auditors, in 2021, “Google” paid an average of less than 0.1% of its total EU turnover in taxes—dozens of times less than local companies in the same sector. In 2022, France demanded a €500 million back payment from “Google” after a tax audit, while Italian authorities claimed €300 million on similar grounds. Yet even these sums seem like a drop in the bucket compared to the profits siphoned offshore.
This highlights Europe’s dual dependency: technological—on the platforms themselves—and fiscal—on their refusal to play by common rules. The European continent not only outsources its infrastructure but also pays for it from its own budget, while digital giants grow rich on it, unwilling to take on obligations or responsibility.
In theoretical terms, this situation is described as “platform dependency”—a concept developed by Nick Srnicek [1] and Shoshana Zuboff [2]. It’s not just about the dominance of technological platforms but also about the shift of sovereignty: when design, standardization, licensing, and data storage are removed from the EU’s political and legal jurisdiction. Europe has effectively lost architectural control over its own digital reality, continuing to play at “regulation” while failing to notice there’s nothing left to regulate—everything has been decided behind its back.
To this technological and fiscal dependency, we must add “cultural” dependency. By using American tools, Europe unwittingly absorbs and reproduces the U.S. ideology of technological development, based on venture capital, rapid monetization, and global platforms. This model often clashes with Europe’s social model, which prioritizes long-term planning, social responsibility, and data protection. As a result, even when European startups succeed, they are often sold to American giants, leading to a “sovereignty leak” and loss of control over innovation.
Further evidence of this trend is that many successful European startups, upon reaching a certain level, either relocate to the U.S. or are acquired by American tech giants. This results in a constant “brain drain” and capital flight, as well as a loss of control over innovations that could have formed the basis of European digital sovereignty. Moreover, the share of European software in the corporate solutions market remains negligible compared to the dominance of American companies, further underscoring structural dependency.
Sovereignty Without Institutions: A Chronicle of Failures
Digital sovereignty is a buzzword in Brussels. It’s discussed at summits, written into strategies, and given dedicated panels at forums. But behind the grand political declarations lies an organizational void. Who exactly is supposed to implement this sovereignty? The European Commission, unable to coordinate even cloud services? National governments locked in perpetual competition with each other? Private contractors whose interests are tied to patents, licenses, and foreign markets?
Judging by recent failures, Europe suffers from a lack of functional institutions. The “GAIA-X” project, conceived as a European alternative to “Amazon” and “Microsoft Azure,” is stuck in endless negotiations—largely because its architecture initially depended on the very corporations it was meant to replace. The “European Processor Initiative,” launched with fanfare as a flagship of European chip design, has fragmented among academic centers and companies with divergent interests—lacking unified management, pace, or strategic direction.
Even attempts to build a European cloud (“European Cloud Federation”) resemble shadow play: many initiatives, none turning into infrastructural reality. Everything ends at the document stage—with technical parameters no one implements and roadmaps no one follows. A digital “Stuttgart 21,” nothing more.
Symptomatically, in 2024, the European Commission’s Directorate-General for Communications Networks, Content and Technology (DG CONNECT) signed a contract to develop a cloud platform for public services… on “Azure.” Health agencies in France, Germany, and Italy, amid pandemic reforms, also placed key services on “Google Cloud” and “Oracle” infrastructure—citing “scalability and reliability.” Such technical choices can only be characterized as geopolitical decisions made without long-term strategy.
The EU finds itself in the position of a shareholder without a controlling stake in its own digital reality. Even in strategic sectors—cybersecurity, judicial registries, healthcare, critical infrastructure—the final say belongs to the platform provider. And that provider is almost always non-European.
A striking example of Europe’s paradoxical approach is the “GDPR.” This regulation—a symbol of Europe’s “regulatory power”—demonstrates its ability to set global data protection standards. Yet in practice, “GDPR” principles are often enforced on infrastructure that undermines its very foundations. Data on European citizens, protected by “GDPR,” is stored on American servers subject to the “CLOUD Act.” Thus, even Europe’s most ambitious regulatory act is powerless against the extraterritorial reach of U.S. law, highlighting the gap between proclaimed “data sovereignty” and actual “data localization” without real control over processing.
The “Airbus” story shows that technological consortia are possible (Germany and France), but they require decades of political compromise and relinquishing national ego. In the digital sphere, such maturity is absent. France plays at digital patriotism, Germany still bets on industrial neutrality, Scandinavia moves toward American platforms with idealistic naivety. Southern countries focus on subsidies and outsourcing. Eastern Europe is technologically dependent on the West but without real access to governance.
No “digital Airbus” will emerge in the EU until a supranational body is created with a mandate for technological planning—real budget, coordination rights, and technical independence from the U.S. and China. What we’ll keep seeing in the EU is a “project showcase”: startups speaking French, servers in Germany, but licenses owned by Silicon Valley.
What About Germany?
Germany, nominally still the EU’s largest economy and industrial policy driver, remains a digitally developing country. Federal institutions still run outdated IT systems, often lacking basic cybersecurity or even shared “Wi-Fi” access. According to the 2024 “Digital Economy and Society Index” (DESI), Germany ranks 18th in the EU for digital public services—below Estonia, Finland, and even Portugal. The “Digitalpakt Schule” (Digital School Pact), aimed at integrating IT into education, has been stalled since 2019 due to a lack of infrastructure and local expertise.
There is no centralized cloud hosting for ministries—various agencies use commercial solutions from “Amazon” and “Microsoft,” even in sensitive areas like healthcare and justice. Meanwhile, nearly all attempts to create national cloud or communication alternatives—be it “GAIA-X” or the federal messenger “Wire”—collapse halfway due to bureaucracy, fragmentation, and lack of political drive. Germany is a mirror of the EU: economically (still) powerful, technologically competent, but institutionally paralyzed.
Lessons from China: When Dependency Becomes a Stimulus
The most serious blind spot in Europe’s digital policy is its inability to see itself as a geo-economic player in the U.S.-China-EU triangle. After all, it is China that, under sanctions, has been systematically building its own stack—from “Loongson” and “Phytium” processors to “Huawei’s” closed clouds and national software.
China’s digital independence is a deliberate political project, born not from surplus economic strength or technological capability but from recognizing its own vulnerability: externally integrated, economically powerful, but internally strategically dependent on foreign protocols, operating systems, and licenses. This dissonance between industrial potential and architectural subordination became the starting point for the 21st century’s largest technological desatellization project.
Since the 2000s, China has embedded itself in global digital chains: manufacturing “iPhones,” installing “Windows,” importing chips from “Intel,” “Qualcomm,” and “AMD.” But by the early 2010s, Chinese elites increasingly understood: none of the key layers of digital sovereignty were in their hands. “ARM” architecture, AWS servers, “GPS” navigation, mobile OSes—all controlled from outside. Even source code supplied by Western companies remained partially closed and legally insulated from Chinese interference.
The turning point came in 2013. Edward Snowden’s documents, exposing the scale of NSA global surveillance, triggered political sobering in Beijing. China’s technological successes began to be seen not as achievements but as vulnerabilities: millions of devices built to foreign standards became potential channels for data leaks and shutdowns.
The response was gradual but systematic movement toward its own digital architecture. This was not a market project but a state one, involving dozens of ministries, state banks, universities, and tech corporations since 2015. By 2018, the U.S. began using technological infrastructure as geopolitical leverage. Sanctions against “Huawei,” bans on “Android,” blocked “ARM” supplies, revoked “Microsoft” licenses—this wasn’t market competition but a demonstration that in the digital economy, to disconnect is to defeat.
In response, China activated a series of programs:
- “HarmonyOS”—a national mobile OS (replacing “Android”), now running on hundreds of millions of devices;
- “SMIC” and “YMTC”—expanding domestic chip production despite export restrictions;
- “Loongson” and “Phytium”—creating alternatives to Western architectures;
- “Beidou”—a full-fledged satellite navigation system replacing “GPS”;
- “Alibaba Cloud,” “Huawei Cloud,” “Tencent Cloud”—deploying national data centers;
- National policies for source code control and “Data Localization Laws”—all government data must be stored domestically.
China’s model isn’t perfect—it’s centralized—but it demonstrates technological independence where there is political will and strategic planning. China realized in time that globalization is fine as long as the rules remain universal. But once they stop being so, those with their own protocols, clouds, and digital systems win. And China started building its own. Something to think about.
Against this backdrop, the EU’s “Digital Compass 2030” strategy (2021), hailed as a historic step, looks more like words written in air. The document is strategic but lacks legal force. It outlines goals: a dual digital and green transition, increasing Europe’s chip share to 20%, creating independent clouds. But unlike China, Europe has no sovereign coordination mechanisms, no budgetary “enforcement” tools, no European implementation institutions. Everything remains declarations, scattered across directorates and subordinate structures without strategic core.
The EU prefers regulating what others create—through standards, “GDPR,” and taxes. Even AI. But it doesn’t design its own contours of the future. There’s no “Eurovision” of architecture, only correction and mitigation. As Belarusian-American researcher Evgeny Morozov [3] puts it, Europe has become a “platform for digital feudalism”—retaining a normative shell but losing control over algorithms, code, and infrastructure.
From this perspective, Europe’s digital weakness is a structural symptom. In critical theory, this condition is described as “regulatory peripheralization”: when a subject retains a normative shell (standards, rules, declarations) but loses control over the material basis—in this case, techno-infrastructure, data architecture, and communication channels.
This aligns with the logic of American political scientist Benjamin Bratton [4], who in his theory “The Stack” (2016) describes how geopolitical agency shifts from territories to technological platforms—and those who don’t control digital architecture lose political form. In other words, Bratton argues that the modern world is no longer governed solely through nation-states, institutions, or international law. Instead, global order is increasingly shaped by digital platforms, protocols, interfaces, operating systems, and cloud infrastructures—what he calls “The Stack.” And these digital platforms belong to others.
Sovereignty Begins with Recognizing Its Absence
In this new phase of digital militarization, dependency becomes military vulnerability. Strategic autonomy is impossible if an army’s digital logistics—from clouds to communications—run on foreign protocols. It’s already known that much of Europe’s air defense and defense contract management systems rely on infrastructure partially integrated with American or British platforms. Commercial OSes in military use, the absence of autonomous data centers, and reliance on satellite services and navigation systems make any attempt at strategic sovereignty without a digital base paradoxical.
The “Huawei” and 5G saga is a prime example. Under U.S. pressure, the EU rejected Chinese equipment but didn’t create a European alternative—just replaced it with “Ericsson,” “Nokia,” and American solutions. This wasn’t a fight for sovereignty but a redistribution of dependency.
In the late 2010s, “Huawei” led 5G deployment in Europe, offering cheap, scalable, and competitive equipment. Germany, Austria, Hungary, and others actively purchased it, having no domestic producers of comparable caliber. But after Trump’s sharp policy turn and NATO/G7 pressure on allies, a campaign to expel “Huawei” and “ZTE” from European telecoms began. Under the pretext of security risks (data transfer to the Chinese state), the EU faced a choice: cost savings and dependency on Beijing, or strategic realignment with the West. The result? Germany effectively banned “Huawei” from critical 5G elements in 2023, France and Denmark rejected Chinese components earlier, and the European Commission in 2023 officially labeled Chinese suppliers “high-risk,” calling for their phased removal. Yet this wasn’t an act of technological sovereignty, as the EU offered no European alternative to “Huawei.” Suppliers were simply replaced with “Ericsson” (Sweden), “Nokia” (Finland), and partly American solutions. Thus, Europe’s “technological independence” from China was reactive, partial, and lacked its own technological core.
Today, Europe is an arbiter without code, a judge without a server, a player in others’ protocols. Real sovereignty begins where you can sever dependency, and everything keeps working. It begins with the uncomfortable admission of non-sovereignty. Only then can real policy start—not managing deficits but designing integrity. The EU in its current state isn’t ready for this.
Thus, the key issue for Europe isn’t just “data localization”—storing data on its territory—but achieving true “data sovereignty,” meaning full control over processing architecture, algorithms, and infrastructure, regardless of jurisdiction. Without this distinction, all EU efforts toward digital sovereignty will remain an imitation of control.
References:
[1] Srnicek, N. (2017). Platform Capitalism. Polity Press.
[2] Zuboff, S. (2019). The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. PublicAffairs.
[3] Morozov, E. (2013). To Save Everything, Click Here: The Folly of Technological Solutionism. PublicAffairs.
[4] Bratton, B. H. (2016). The Stack: On Software and Sovereignty. MIT Press.
