Digital sovereignty is gaining urgency as organisations seek infrastructure that remains secure and reliable under strict regulatory conditions.
Microsoft is expanding its Sovereign Cloud to help public bodies, regulated industries and enterprises maintain control of data and operations even when environments must operate without external connectivity.
The updated portfolio allows customers to choose how each workload is governed, rather than relying on a single deployment model.
Azure Local now supports disconnected operations, keeping mission-critical systems running with full Azure governance within sovereign boundaries. Management, policies and workloads stay entirely on site, so services continue during periods of isolation.
Microsoft 365 Local extends the resilience to the productivity layer by enabling Exchange Server, SharePoint Server and Skype for Business Server to run locally, giving teams secure collaboration within the same protected boundary as their infrastructure.
Support for large multimodal AI models is delivered through Foundry Local, which enables advanced inference on customer-controlled hardware using technology from partners such as NVIDIA.
Such an approach helps organisations bring modern AI capabilities into highly restricted environments while preserving control over data, identities and operational procedures.
Microsoft positions it as a unified stack that works across connected, hybrid and fully disconnected modes without increasing operational complexity.
These additions create a framework designed for governments and regulated industries that regard sovereignty as a strategic priority.
With global availability for qualified customers, the Sovereign Cloud aims to preserve continuity, reinforce governance and expand AI capability while keeping every layer of the environment within local control.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Microsoft has exceeded its 2025 internet access target, reaching over 299 million people globally, including more than 124 million in Africa. The milestone reflects years of partnerships to connect communities lacking reliable digital access.
Efforts are shifting from simple coverage to holistic digital participation, combining connectivity with energy, devices, digital skills, and AI tools.
Microsoft aims to enable meaningful adoption, ensuring communities can fully engage in the growing AI economy. Partnerships focus on scalable, community-based models aligned with national development priorities.
Collaboration with Starlink expands Microsoft’s toolkit to reach rural and hard-to-reach regions. Projects in Kenya pair satellite connectivity with local hubs and training to boost productivity, market access, and AI adoption.
As adoption accelerates, Microsoft plans to expand its approach by integrating financing, energy access, and community-first AI solutions. The initiative highlights the need for long-term, locally led strategies for fair participation in the digital and AI economy.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The expansion into enterprise AI comes with a no-code platform from New Relic that allows companies to build and supervise their own observability agents.
A system that assembles AI-driven monitors designed to detect bugs and performance problems before they affect users, instead of leaving teams to rely on manual tracking.
It also supports the Model Context Protocol so organisations can link external data sources to the agents and integrate them with existing New Relic tools.
The company stresses that the platform is intended to complement other agent systems rather than replace them.
As AI agent software spreads across the market, enterprises are searching for ways to manage risk when giving automated tools access to internal systems.
Industry players such as Salesforce and OpenAI have already introduced their own agent platforms, and assessments from Gartner describe these frameworks as essential infrastructure for wider AI adoption.
New Relic also introduced new tools for the OpenTelemetry framework to remove friction around observability standards.
Its application performance monitoring agents now support OTel data, allowing enterprises to manage these streams in one place instead of operating separate collectors.
The update aims to reduce fragmentation that has slowed OTel deployment across large organisations and to simplify how engineering teams handle diverse observability pipelines.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
AI-driven defences are moving deeper into operational technology as NVIDIA leads a shift toward embedded cybersecurity across critical infrastructure.
The company is partnering with firms such as Akamai Technologies, Forescout, Palo Alto Networks, Siemens and Xage Security to protect energy, manufacturing and transport systems that increasingly operate through cloud-linked environments.
Modernisation has expanded capabilities across these sectors, yet it has widened the gap between evolving threats and ageing industrial defences.
Zero-trust adoption in operational environments is gaining momentum as Forescout and NVIDIA develop real-time verification models tailored to legacy devices and safety-critical processes.
Security workloads run on NVIDIA BlueField hardware to keep protection isolated from industrial systems and avoid any interference with essential operations. That approach enables more precise control over lateral movement across networks without disrupting performance.
Industrial automation is also adapting through Siemens and Palo Alto Networks, which are moving security enforcement closer to workloads at the edge. AI-enabled inspection via BlueField enhances visibility in highly time-sensitive environments, improving reliability and uptime.
Akamai and Xage are extending similar models to energy infrastructure and large-scale operational networks, embedding segmentation and identity-based controls where resilience is most critical.
A coordinated architecture is now emerging in which edge-generated operational data feeds central AI analysis, while enforcement remains local to maintain continuity.
The result is a security model designed to meet the pressures of cyber-physical systems, enabling operators to detect threats faster, reinforce operational stability and protect infrastructure that supports global AI expansion.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The UK faces rising pressure on its electricity system as about 140 new data centre projects could demand more power than the country’s current peak consumption, according to Ofgem.
The regulator said developers are seeking about 50 gigawatts of capacity, a level driven by rapid growth in AI and far beyond earlier forecasts.
Connection requests have surged since late 2024, placing strain on a grid already struggling to support vital renewable projects that are key to national climate targets.
Work needed to connect expanding data centre capacity could delay schemes considered essential for decarbonisation and economic growth, instead of supporting the transition at the required pace.
The growing electricity footprint of AI infrastructure also threatens the aim of creating a virtually carbon-free power system by 2030, particularly as high costs and slow grid integration continue to hinder progress.
A proposed data centre in Lincolnshire has already raised concerns by projecting emissions greater than those of several international airports combined.
Ofgem now warns that speculative grid applications are blocking more viable projects, including those tied to government AI growth zones.
The regulator is considering more stringent financial requirements and new fees for access to grid connections, arguing that developers may need to build their own routes to the network rather than rely entirely on existing infrastructure.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Amazon Web Services has revealed that a Russian-speaking threat actor used commercial AI tools to compromise more than 600 FortiGate firewalls across 55 countries. AWS described the campaign as an AI-powered assembly line for cybercrime.
According to AWS, the attacker relied on exposed management ports and weak single-factor credentials rather than exploiting software vulnerabilities. The campaign targeted FortiGate devices globally and focused on harvesting credentials and configuration data.
AWS said the potentially Russian group appeared unsophisticated but achieved scale through AI-assisted mass scanning and automation. When encountering stronger defences, the attackers reportedly shifted to easier targets rather than persist.
The company advised organisations using FortiGate appliances to secure management interfaces, change default credentials and enforce complex passwords. Amazon said it was not compromised during the campaign.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A major outage on 20 February disrupted global internet traffic after an internal configuration failure at Cloudflare caused the unintended withdrawal of customer BGP routes.
The incident lasted just over six hours and left numerous services unreachable, despite early fears of a cyberattack. An internal update led to the systematic deletion of more than a thousand Bring Your Own IP prefixes, which pushed many connections into BGP path hunting instead of stable routing.
Engineers traced the disruption to an error in the company’s Addressing API, introduced during an automated cleanup task under the Code Orange resilience programme.
A flawed query interpreted an empty value as an instruction to delete all returned prefixes, removing essential bindings for hundreds of customers. Some users restored connectivity through the dashboard, while others required manual reconstruction carried out across the edge network.
An outage that affected a series of core offerings, including content delivery, security layers, dedicated egress and network protection services. Restoration took several hours because the withdrawn prefixes varied in severity, demanding different recovery methods instead of a uniform reinstatement process.
The error triggered widespread timeouts on dependent websites and applications, along with 403 responses on the 1.1.1.1 DNS resolver.
Cloudflare plans to introduce stricter API validation, circuit breakers for abnormal deletion patterns, and improved configuration separation. It has also issued a public apology for a failure that undermined its assurances of network resilience.
An event that reaffirmed the risks posed by internal automation faults when they interact with critical internet infrastructure.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Nokia and KDDI Corporation demonstrated quantum-safe optical transport at Sakai Data Center, supporting advanced AI workloads. The network aims to deliver secure, uninterrupted data transfer while protecting sensitive AI operations.
The demonstration showcases KDDI’s scalable AI-ready infrastructure for real-time training, inference, and analytics. Quantum-safe encryption and resilient transport protect customer data and critical infrastructure across Japan’s distributed data centres.
Using Nokia’s 1830 Photonic Service Switch (PSS) and 1830 Security Management Server (SMS), the partners validated high-capacity, secure optical connectivity. The solution delivers privacy, reliability, and fast quantum-safe encryption for modern AI workloads.
Executives from both companies emphasised the importance of secure, scalable networks in enabling AI-driven services. Nokia and KDDI will continue advancing quantum-safe data centre connectivity, supporting Japan’s digital infrastructure and key enterprise applications.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Scientists from Southwest Research Institute and the National Center for Atmospheric Research, supported by the National Science Foundation, have created an experimental tool that could extend space weather forecasts from hours to several weeks.
Longer lead times would help operators protect satellites, navigation systems, and power infrastructure from solar disturbances. Research focuses on predicting where flare-producing solar active regions form.
By analysing magnetic data captured by the Solar Dynamics Observatory, scientists reconstructed hidden magnetic conditions beneath the Sun’s surface, showing that these regions follow structured magnetic bands rather than appearing randomly.
PINNBARDS, a physics-informed AI model, connects surface observations with deep tachocline dynamics that drive solar magnetic evolution. Better modelling could provide earlier warnings of solar flares and coronal mass ejections, helping protect communications and astronaut safety.
Funding from NASA and Stanford University supported the work. Researchers describe it as a foundation for next-generation forecasting systems capable of anticipating extreme solar activity with greater accuracy.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Derived from the Latin word ‘superanus’, through the French word ‘souveraineté’, sovereignty can be understood as: ‘the ultimate overseer, or authority, in the decision-making process of the state and in the maintenance of order’ – Britannica. Digital sovereignty, specifically European digital sovereignty, refers to ‘Europe’s ability to act independently in the digital world’.
In 2020, the European Parliament already identified the consequences of reliance on non-EU technologies. From the economic and social influence of non-EU technology companies, which can undermine user control over their personal data, to the slow growth of the EU technology companies and a limitation on the enforcement of European laws.
Today, these concerns persist. From Romanian election interference on TikTok’s platform, Microsoft’s interference with the ICC, to the Dutch government authentication platform being acquired by a US firm, and booming American and Chinese LLMs compared to European LLMs. The EU is at a crossroads between international reliance and homegrown adoption.
The issue of the EU digital sovereignty has gained momentum in the context of recent and significant shifts in US foreign policy toward its allies. In this environment, the pursuit of the EU digital sovereignty appears as a justified and proportionate response, one that might previously have been perceived as unnecessarily confrontational.
In light of this, this analysis’s main points will discuss the rationale behind the EU digital sovereignty (including dependency, innovation and effective compliance), recent European-centric technological and platform shifts, the steps the EU is taking to successfully be digitally sovereign and finally, examples of European alternatives
Rationale behind the move
The reasons for digital sovereignty can be summed up in three main areas: (I) less dependency on non-EU tech, (ii) leading and innovating technological solutions, and (iii) ensuring better enforcement and subsequent adherence to data protection laws/fundamental rights.
(i) Less dependency: Global geopolitical tensions between US-China/Russia push Europe towards developing its own digital capabilities and secure its supply chains. Insecure supply chain makes Europe vulnerable to failing energy grids.
More recently, US giant Microsoft threatened the International legal order by revoking US-sanctioned International Criminal Court Chief Prosecutor Karim Khan’s Microsoft software access, preventing the Chief Prosecutor from working on his duties at the ICC. In light of these scenarios, Europeans are turning to developing more European-based solutions to reduce upstream dependencies.
(ii) Leaders & innovators: A common argument is that Americans innovate, the Chinese copy, and the Europeans regulate. If the EU aims to be a digital geopolitical player, it must position itself to be a regulator which promotes innovation. It can achieve this by upskilling its workforce of non-digital trades into digital ones to transform its workforce, have more EU digital infrastructure (data centres, cloud storage and management software), further increase innovation spending and create laws that truly allow for the uptake of EU technological development instead of relying on alternative, cheaper non-EU options.
(iii) Effective compliance: Knowing that fines are more difficult to enforce towards non-EU companies than the EU companies (ex., Clearview AI), EU-based technological organisations would allow for corrective measures, warnings, and fines to be enforced more effectively. Thus, enabling more adherence towards the EU’s digital agenda and respect for fundamental rights.
Can the EU achieve Digital Sovereignty?
The main speed bumps towards the EU digital sovereignty are: i) a lack of digital infrastructure (cloud storage & data centres), ii) (critical) raw material dependency and iii) Legislative initiatives to facilitate the path towards digital sovereignty (innovation procurement and fragmented compliance regime).
i) lack of digital infrastructure: In order for the EU to become digitally sovereign it must have its own sovereign digital infrastructure.
In practice, the EU relies heavily on American data centre providers (i.e. Equinix, Microsoft Azure, Amazon Web Services) hosted in the EU. In this case, even though the data is European and hosted in the EU, the company that hosts it is non-European. This poses reliance and legislative challenges, such as ensuring adequate technical and organisational measures to protect personal data when it is in transit to the US. Given the EU-US DPF, there is a legal basis for transferring EU personal data to the US.
However, if the DPF were to be struck down (perhaps due to the US’ Cloud Act), as it has been in the past (twice with Schrems I and Schrems II) and potentially Schrems III, there would no longer be a legal basis for the transfer of the EU personal data to a US data centre.
Previously, the EU’s 2022 Directive on critical entities resilience allowed for the EU countries to identify critical infrastructure and subsequently ensure they take the technical, security and organisational measures to assure their resilience. Part of this Directive covers digital infrastructure, including providers of cloud computing services and providers of data centres. From this, the EU has recently developed guidelines for member states to identify critical entities. However, these guidelines do not anticipate how to achieve resilience and leave this responsibility with member states.
ii) Raw material dependency: The EU cannot be digitally sovereign until it reduces some of its dependencies on other countries’ raw materials to build the hardware necessary to be technologically sovereign. In 2025, the EU’s goals were to create a new roadmap towards critical raw material (CRM) sovereignty to rely on its own energy sources and build infrastructure.
Thus, the RESourceEU Action Plan was born in December 2025. This plan contains 6 pillars: securing supply through knowledge, accelerating and promoting projects, using the circular economy and fostering innovation (recycling products which contain CRMs), increasing European demand for European projects (stockpiling CRMs), protecting the single market and partnering with third countries for long-lasting diversification. Practically speaking, part of this plan is to match Europe and or global raw material supply with European demand for European projects.
iii) Legislative initiatives to facilitate the path towards digital sovereignty:
Tackling difficult innovation procurement: the argument is to facilitate its uptake of innovation procurement across the EU. In 2026, the EU is set to reform its public procurement framework for innovation. The Innovation Procurement Update (IPU) team has representatives from over 33 countries (predominantly through law firms, Bird & Bird being the most represented), which recommends that innovation procurement reach 20% of all public procurement.
Another recommendation would help more costly innovative solutions to be awarded procurement projects, which in the past were awarded to cheaper procurement bids. In practice, the lowest price of a public procurement bid is preferred, and if it meets the remaining procurement conditions, it wins the bid – but de-prioritising this non-pricing criterion would enable companies with more costly innovative solutions to win public procurement bids.
Alleviating compliance challenges: lowering other compliance burdens whilst maintaining the digital aquis: recently announced at the World Economic Forum by Commission President Ursula von der Leyen, EU.inc would help cross-border business operations scaling up by alleviating company, corporate, insolvency, labour and taxation law compliance burdens. By harmonising these into a single framework, businesses can more easily grow and deploy cross-border solutions that would otherwise face hurdles.
Power through data: another legislative measure to help facilitate the path towards the EU digital sovereignty is unlocking the potential behind European data. In order to research innovative solutions, data is required. This can be achieved through personal or non-personal data. The EU’s GDPR regulates personal data and is currently undergoing amendments. If the proposed changes to the GDPR are approved, i.e. a broadening of its scope, data that used to be considered personal (and thus required GDPR compliance) could be deemed non-personal and used more freely for research purposes. The Data Act regulate the reuse and re-sharing of non-personal data. It aims to simplify and bolster the fair reuse of non-personal data. Overall, both personal and non-personal data can give important insight that research can benefit from in developing European innovative sovereign solutions.
European alternatives
European companies have already built a network of European platforms, services and apps with European values at heart:
Category
Currently Used
EU Alternative
Comments
Social media
TikTok, X, Instagram
Monnet (Luxembourg)
‘W’ (Sweden)
Monnet is a social media app prioritises connections and non-addictive scrolling. Recently announced ‘W’ replaces ‘X’ and is gaining major traction with non-advertising models at its heart.
Email
Microsoft’s Outlook and Google’s gmail
Tuta (mail/calendar), Proton (Germany), Mailbox (Germany), Mailfence (Belgium)
Replace email and calendar apps with a privacy focused business model.
Search engine
Google Search and DuckDuckGo
Qwant (France) and Ecosia (German)
Qwant has focused on privacy since its launch in 2013. Ecosia is an ecofriendly focused business model which helps plant trees when users search
Video conferencing
Microsoft Teams and Slack a
Visio (France), Wire (Switzerland, Mattermost (US but self hosted), Stackfield (Germany), Nextcloud Talk (Germany) and Threema (Switzerland)
These alternatives are end-to-end encrypted. Visio is used by the French Government
Writing tools
Microsoft’s Word & Excel and Google Sheets, Notion
Most of these options provide cloud storage and NexCloud is a recurring alternative across categories.
Finance
Visa and Mastercard
Wero (EU)
Not only will it provide an EU wide digital wallet option, but it will replace existing national options – providing for fast adoption.
LLM
OpenAI, Gemini, DeepSeek’s LLM
Mistral AI (France) and DeepL (Germany)
DeepL is already wildly used and Mistral is more transparent with its partially open-source model and ease of reuse for developers
Hardware
Semi conductors: ASML (Dutch) Data Center: GAIA-X (Belgium)
ASML is a chip powerhouse for the EU and GAIA-X set an example of EU based data centres with it open-source federated data infrastructure.
A dedicated website called ‘European Alternatives’ provides exactly what it says, European Alternatives. A list with over 50 categories and 100 alternatives
Conclusion
In recent years, the Union’s policy goals have shifted towards overt digital sovereignty solutions through diversification of materials and increased innovation spending, combined with a restructuring of the legislative framework to create the necessary path towards European digital infrastructure.
Whilst this analysis does not include all speed bumps, nor avenues towards the road of the EU digital sovereignty, it sheds light on the EU’s most recent major policy developments. Key questions remain regarding data reuse, its impact on data protection fundamental rights and whether this reshaping of the framework will yield the intended results.
Therefore, how will the EU tread whilst it becomes a more coherent sovereign geopolitical player?
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
