Despite growing regulatory momentum - from GDPR to NIS2 - and political ambition, Europe’s digital sovereignty efforts are being met with skepticism on the ground. In our recent survey of 273 decision-makers across public, private, and tech sectors in Europe and beyond, only 15.8% expressed high optimism that the region will achieve digital sovereignty within the next five years.
That’s a signal worth listening to.
While sovereign tech and regulation have advanced, the day-to-day reality for IT leaders, CISOs, and policymakers is much murkier, with adoption friction, awareness gaps, and dependency on U.S. vendors holding things back.
Key Takeaways:
While digital sovereignty is often framed in technical or compliance terms, our survey revealed that strategic and political motivations are driving urgency in 2025. The top reasons respondents gave weren’t abstract ideals, they were deeply pragmatic concerns rooted in Europe’s current technological dependency.
Respondents overwhelmingly pointed to Europe’s structural dependence on foreign powers, particularly the U.S., as a core risk. Sovereignty, in their view, is about autonomy: Europe must ensure its digital backbone isn’t at the mercy of shifting geopolitical tides or extraterritorial laws like the CLOUD Act. This isn’t just policy, it’s about operational control in an age of uncertainty.
Major platforms from Microsoft to Zoom dominate critical infrastructure. Respondents flagged the risk of long-term lock-in, opaque pricing models, and growing exposure to legal and ethical conflicts tied to non-European jurisdictions. Sovereignty means choice and right now, too many organizations feel they have none.
Sovereignty is more than compliance, it’s architecture. EU leaders want communication and collaboration tools that are provably secure, fully auditable, and controllable within EU borders. Open source, self-hosting options, and modern encryption standards (like MLS) are seen as key enablers, not for privacy alone, but for true independence from foreign influence.
When evaluating secure collaboration platforms, end-to-end encryption (84.2%), ease of use (47.4%), and EU data hosting (36.8%) emerged as the most valued features.
Yet paradoxically, most respondents continue using Teams, Zoom, and Slack, platforms that don’t meet their own stated standards for sovereignty.
This disconnect isn’t due to apathy. It’s the result of friction across four dimensions. What’s Blocking the Switch to Sovereign Tools?
When asked about the role of open-source software in their organization’s sovereignty strategy, the message was clear: it matters. Nearly half of respondents (47.4%) called it critical, and another 26.3% labeled it as important. Only one respondent said it wasn’t important - a striking show of consensus in a survey otherwise marked by nuance and caution.
This strong support reinforces a powerful idea: sovereignty and transparency are inseparable. Unlike proprietary tools, open-source solutions allow organizations to verify what’s under the hood: how data is processed, where security gaps may exist, and whether external control is possible. In a landscape where trust must be earned technically, open source offers the visibility and autonomy that many IT and compliance leaders demand.
In short, open source is no longer seen as an alternative, it’s increasingly regarded as a foundational enabler of sovereignty-first strategies.
Regulatory frameworks like NIS2, GDPR, and DORA were seen as supportive but insufficient:
Why? Because regulation without execution creates compliance theatre — rules are followed, but nothing changes at the infrastructure level.
Final Takeaways
Until sovereign alternatives become more usable, visible, and integrated, regulation alone won’t be enough. This report is just the beginning. Over the coming weeks, we’ll be publishing a series of deep dives unpacking the biggest blockers to sovereignty adoption, from user friction to integration complexity. Our goal: to turn insights into action, and help European organizations move from intent to implementation.