Digital Sovereignty Requires More Than Just European Tech

When European leaders make exclusive announcements on X, do they consider what would happen if Elon Musk decided to delete them? Nothing prevents him from doing so.

As the US continues to pressure allies and enemies alike to protect its tech industry, the response should be a resounding yes. From social media to cloud services, AI compute power and microchips, governments around the world are waking up to how dependent they are on American tech. As a response, the principle of digital sovereignty is rapidly gaining momentum.

Europe, in particular, on the back of years of increasingly ambitious tech legislation, is ripe for discussion and home to a flurry of proposals. A prominent one is the Eurostack, a European values-driven project. While this analysis is accurate, the strategies identified to enact the EU’s digital sovereignty often seem focused on imitating the success of the US tech sector.

Yet in the area of services, building digital sovereignty requires more than independence. The EU must consider how to make its offering not only competitive, but also unique and attractive to the rest of the world. Its vision must be centred on people, and empower them to shape the landscape to their needs. Without this, the project risks repeating the same problems created by US companies. Power concentration, data grabbing, profit-driven innovation, disregard for individual freedoms, and amplification of disinformation. Europe cannot hope these problems will magically disappear thanks to a vague notion of "European values.” The goal cannot be to breed toxic monopolies made in Europe.

Building a different paradigm for internet services must rely on concrete features that technically enforce values and set guardrails against abuses, namely interoperability between services and user empowerment. Together, these elements can enable the re-wilding of the internet through democratic and rights-led technologies.

Interoperability is what allows you to send a message to an email address hosted by Google from another email provider, such as Proton or Tuta. It's a design choice that creates bridges between similar services. Services like WhatsApp, Instagram, Messenger, TikTok, or LinkedIn are not interoperable, i.e., you cannot connect with people on these platforms without first creating an account. Interoperability is a door in the wall of the silos that Big Tech companies have built. With it, you could message people on WhatsApp from another app like Signal, or follow your government's Facebook account and read their posts from a different platform.

A priority for users is to leave services without losing the social network they built. Openness by design, through interoperability, bears this promise and is a considerable competition driver. It greatly weakens the network effects enjoyed by dominant platforms. It would enable people to move to different services without being entirely cut from their social network and content available on other platforms.

With those bridges built, Europe must then be equipped with the means to move between services. Such means already exist in the EU, notably through data portability rights, which allow users to transfer their data to a different service. That said, implementation and enforcement are lacking. Users who flew from Twitter to Mastodon and Bluesky, for example, had to rely on external tools and efforts to succeed.

Proper data portability makes migration costless and straightforward for users. It provides a robust way to escape an abusive platform and regain agency without sacrificing the time invested in producing content and building one's social network. Empowering people with the ability to control their data and migrate easily to other services gives users the means to contest and challenge practices they disagree with, whether it's moderation policies or business models based on the exploitation of their privacy to generate profits.

To operationalize interoperability and data portability, the EU must follow three steps: first, it must enforce the Digital Markets Act (DMA) and the General Data Protection Regulation's (GDPR) obligations on interoperability and data portability. Interoperability of number-independent interpersonal communications services (NI-ICS) as mandated by DMA Article 7 paves the way to demonstrate that interoperability between services is feasible, even when technically complex, given that NI-ICS must continue to offer end-to-end encryption (interoperability between social media platforms would comparatively be much easier). Enforcing gatekeepers' obligation to provide "continuous and real-time access" to data for data portability purposes mandated by Article 6(9) also offers an opportunity to strengthen the rights set by GDPR and make a step towards more interoperable systems where users can decide to have their data continuously flowing from one service to another. This should be accompanied by stronger enforcement of existing GDPR rights on data portability, empowering individuals to mandate NGOs to pursue legal actions against toxic monopolies.

Second, the EU must design policies to encourage and financially support the development and adoption of technologies and services interoperable by design. Making interoperability and data portability a requirement for public-funded projects, particularly in the context of sovereign tech funds and digital public infrastructure, would further disseminate the principle of data mobility and establish these practices as the default. Mandating the adoption of interoperable technologies and services in public procurement, inspired by experiments in adopting open-source software (as done in France), would also enable credible exit strategies and prevent vendor lock-in, laying the foundations for an open and interoperable ecosystem.

Finally, the EU must develop its legal framework to embed interoperability and data portability obligations more deeply. Starting with the DMA, the interoperability obligation should extend to more core platform services, including online social networking services, video-sharing platform services, online search engines and AI assistants. Not only would this put additional pressure on gatekeepers to offer an exit path to their users, but it would also strongly encourage competition, providing a trusted means for alternative service providers to develop interoperable services without fear of having data hoses randomly closed, as has been the case with APIs. Even more important than creating additional obligations on gatekeepers, the EU has to consider broadening these obligations to all tech service providers at some point. While this should happen when gatekeepers' monopolies are already feeling the effect of competition law, it should not happen too late if Europe wants to avoid the risk of seeing toxic European monopolies emerge and mimic the successful strategies of Big Tech.

Digital sovereignty cannot be imagined without digital self-determination, the ability for people to decide how they exist online, and at what cost. Efforts to develop new digital infrastructure must be pursued with the interests of individuals and communities at heart, rather than those of governments and investors. An ecosystem of services that enables digital mobility and choice is fundamental to unlock the promises of the digital economy. Interoperability and data portability are needed to make that possible.