EuroStack’s Digital Sovereignty Push Risks Excluding People on the Move

The G20 Indian Presidency in 2023 marked the first multilateral effort to establish a consolidated understanding of digital public infrastructure (DPI), including its definition and key features. Since then, the approach has gained global traction due to its potential to leapfrog traditional development cycles. In Europe, for example, the conception is now evolving. A recently published vision for the EuroStack proposes a broader view of DPI—one that extends beyond foundational software elements, such as digital ID, payments, and data exchange, to consider supply chains for chips, raw materials, cloud services, and data architecture.

This comes in the aftermath of the Draghi report, which has served as a wake-up call for European policymakers to rethink what lies ahead for the EU amidst the technological dominance of US Big Tech and China’s state-driven model. Highlighting that 80% of Europe’s digital infrastructure and technologies are imported, the EuroStack is being framed as a strategy to rethink the region’s strategic autonomy. As a part of this effort, the EU is proposing a third way—grounded in the principle of ‘digital sovereignty’—to reimagine the design of their population-scale digital architecture. While this approach draws inspiration from India Stack’s techno-legal standards and emphasizes the need for private sector involvement, it places significantly greater emphasis on a Europe-first policy aimed at preventing the region from becoming a digital colony.

Recent geopolitical shifts arguably validate the EU’s turn toward digital sovereignty. The uncertainty stemming from the flurry of executive orders from the White House, US disengagement from the war in Ukraine, its overtures toward closer ties with Russia, a looming tariff regime, and the threat of a NATO breakup all signal the emergence of newer alliances and a shifting global order. For the first time since World War II, the United States and Europe may be positioned as independent military actors — a change with far-reaching consequences for global trade, security, and the movement of labor and capital. However, in an era marked by the prevalence of powerful AI systems and digital infrastructure, it is important to ask:

1. How can digital infrastructure rooted in digital sovereignty be built for inclusion, particularly for forcibly displaced and stateless populations seeking better living conditions in high-resource destination nations?
2. How will population-scale infrastructure anchored in digital sovereignty intersect with smart digital borders that are meant to uphold state sovereignty?

While states must build digital resilience and protect their citizens from actors with malicious intentions, the push towards digital sovereignty is driven by the idea that individual governments must regain control over parts of the technology supply chain currently owned by US companies. The idea is also evolving to accommodate notions on how state sovereignty can be asserted through digital means, complementing broader objectives on national interest and strategic autonomy.

Unfortunately, this trend fuels techno-nationalist impulses, encouraging states to engage in partnerships under the banner of digital sovereignty selectively. This is reflected in the EuroStack proposal (p. 87), which advocates for strategic ties with the UK and Switzerland to build a competitive quantum ecosystem. Such an approach risks allowing political priorities to shape alliances forged in the digital realm, leading to the formation of digital geopolitical blocs and the further fragmentation of digital ecosystems. Without sufficient safeguards, digital spaces would be weaponized—for example, enabling high-resource destination countries to leverage access to their digital stack as a tool of migration diplomacy.

For the EU, leveraging digital capabilities to impose external limits is not a new practice. Europe has utilized digital tools, such as digital walls, to fortify its borders and restrict the influx of non-EU immigrants. Civil society and migrant rights organizations have highlighted the human rights violations and lack of accountability in refugee management and asylum-seeking processes. Still, allocations for the funding of border surveillance technologies have only increased further—with the Border Management and Visa Instrument (BMVI) boasting a €6.2 billion budget for 2021 – 2027 to fund equipment, personnel, infrastructure, and technology to be used at the EU’s external borders. This type of digital border patrolling has been an explicit method for EU member states to exercise their sovereign right to control the entry of non-nationals into their territory.

With the introduction of the EuroStack, there is a growing risk that state powers over digital borders will extend further. While digital borders are a means to control the movement of people, the EuroStack will result in member states being able to escalate such restrictions into other domains, adding another layer to the digitally fortified state. Through techno-legal standard setting, the EU aims to streamline trade, capital, security, labor, and data flows via a unified, sovereign digital infrastructure. While the vision highlights how citizens moving across borders of EU member states can access services seamlessly in an interoperable manner through the EU Digital Identity (EUDI) wallet, there is a severe lack of clarity on how people flowing in from non-EU countries will be granted access. Currently, strategic policy frameworks exist to promote the long-term integration of beneficiaries of international protection (BIPs) and other third-country nationals (TCNs); however, mechanisms to replicate this approach through the EUDI infrastructure are not clearly outlined. This gap is especially pressing in light of rising immigration, with the number of people arriving from non-EU countries more than doubling—from 2.4 million in 2021 to 5.1 million in 2022.

As highlighted by researchers studying the potential impact of the EUDI wallet contexts (both forced and voluntary), one of the key barriers to accessing the wallet is the need to provide personal identification data (PID)—including the current family name, given name, and date of birth. Currently, no information is available about which institution will be responsible for issuing this credential to migrants. Additionally, the uniform implementation standards for the EUDI wallet across member states would mean that migrants’ home countries will be required to comply with these technical requirements, raising concerns about whether this is a practical model for stateless populations or those who have been forcibly displaced due to conflict and discrimination.

Some may cite the recent success of integrating Diia—Ukraine’s digital wallet equivalent—in the EU. It is estimated that over 14 million people (almost a third of Ukraine’s population) have been displaced after the Russian invasion in 2022, with approximately 3.7 million people displaced internally and 6.5 million seeking refuge globally. As a single point of access to government services and legal documents online, Ukraine’s Ministry of Digital Transformation has been credited with its effectiveness in providing access to 18 million Ukrainians during a period of intense conflict. By recently establishing compatibility with European digital wallets under the eIDAS 2.0 regulation, Ukrainians can verify their identity and e-sign documents in the EU. While this serves as a great example of how digital integration can be enabled between states to facilitate access to essential services for people coming from fragile and conflict-affected regions, it is important to note that, in this case, European sovereign interests were aligned in creating an integrated digital pathway for displaced Ukrainian citizens. However, there’s no guarantee that similar privileges will be extended to other non-EU states that do not serve the national interests of EU member states.

Since the inception of DPI, critics have highlighted the risks of implementing state-led identity systems due to the risks associated with surveillance and the resulting exclusion of marginalized populations. For example, an Aapti Institute research revealed that labor migrants from Nepal initially faced difficulties registering for India’s digital identity system, Aadhaar, due to discrepancies in the recording of age and date of birth. The issue stemmed from the incongruity between the Nepalese calendar, which is based on the Bikram Sambat system, and the Gregorian calendar used in India. While these challenges were rooted in technology design, it was strong diplomatic ties and a friendship treaty that ensured the integration of Nepalese migrants in India, ultimately leading to the issue being addressed.

These instances underscore two critical challenges that must be considered. First, stronger collaboration is essential among states, multilateral institutions, technologists, and civil society organizations to ensure that large-scale digital infrastructure is inclusive by design and not dependent on political will to facilitate access. Including migrant perspectives in the design process will help identify shortcomings and improve the experience of interacting with the broader infrastructure. Second, robust safeguards are needed to protect marginalized communities from being excluded or targeted by state actors driven by political motives. Currently, the push for digital sovereignty is led by a Europe-first policy—exacerbating the risk of state actors misusing digital tools under the pretext of national interest, and enabling infrastructures like EuroStack to perpetuate exclusionary practices which have been commonplace in the EU’s border policies over the years. To counter this, both policy measures and technological safeguards must be implemented to curb the autonomy of EU member states in managing access to the EuroStack.

Despite the far-reaching implications, the impact of digital sovereignty—and initiatives like EuroStack—on people on the move remains largely overlooked. It is imperative to bring these concerns to the forefront of policy debates, alongside ideas of competition and innovation, before exclusion becomes further entrenched in Europe’s digital future.