A conversation with Tuta on digital sovereignty, encryption backdoors, and the risks of EU chat control.
Why Digital Sovereignty in Europe Is at Risk
Europe is talking about digital sovereignty, but are we acting on it? In our latest Wire Uncut conversation with Hanna Bozakov, COO at Tuta, we dive into the real meaning of European sovereignty in a digital age dominated by U.S. cloud providers, surveillance-based business models, and proposals like EU chat control that risk weakening encryption for all.
Sovereign Clouds Are Not Sovereign
Many tech giants market their platforms as “sovereign” just because data is hosted in Europe. But if the company is American, sovereignty is a myth.
As Bozakov explains: “A sovereign cloud from Microsoft or Google isn’t what you need. You need European services.” Why? Because U.S. laws like the CLOUD Act and FISA 702 allow American companies to share European user data with their government, regardless of server location. “Once it’s in the cloud, it’s not your own anymore.”
Sovereignty requires local control, not just local hosting.
Encryption Backdoors Undermine Everyone
Proposals like chat control aim to scan private messages by installing backdoors in encryption systems. But weakening encryption for law enforcement creates vulnerabilities for everyone.
“A backdoor for the good guys is not possible. Once there’s a backdoor, there’s a backdoor” - says Bozakov. End-to-end encryption is non-negotiable infrastructure for secure digital communication, especially as state-sponsored cyberattacks rise from actors like Russia and China. “Undermining encryption is undermining national security.”
No one, not governments, companies, or users, can be secure if encryption is compromised.
Big Tech’s Business Model Conflicts With European Values
Big Tech companies don’t just build tools. They monetize user data, target ads, and design for surveillance-based engagement.
Tuta’s model is the opposite: “Our stakeholders are our customers. We don’t work for advertisers. We work for the users.” This approach aligns with EU values of privacy, autonomy, and digital ethics. It’s not just a tech decision, it’s a political one.
Privacy-first business models are essential to real digital sovereignty.
Choosing European Tools Is an Act of Sovereignty
Europe doesn’t lack technology, it lacks visibility and political will. As Bozakov notes:“If we want sovereignty in Europe, we need to choose European services.”
This means:
- Adopting open-source, EU-hosted alternatives
- Avoiding long-term vendor lock-in
- Supporting funding and procurement frameworks that prioritize interoperability and data portability
Sovereignty isn’t just policy, it’s procurement, adoption, and infrastructure.
Conclusion: What True Sovereignty Requires
Digital sovereignty isn’t about regulation alone. It’s about infrastructure, encryption, procurement, and values. And it’s about choosing providers - like Tuta or Wire - that don’t just comply, but align with the European vision of trust, autonomy, and rights-based governance. “We don’t build Tuta to sell a product. We build it to protect what matters.”
Related Resources