The Commission's plans include bolstering Europe’s semiconductor industry. metamorworks / ShutterstockEurope is taking decisive steps to strengthen its control over the technology that underpins its societies. It is concerned about the digital infrastructure that sits behind everything from energy grids and water supplies to public transport, healthcare and the apps in people’s phones.The European Commission has now published its package of measures for “tech sovereignty”, with the aim of building up its capabilities in digital technology.The proposals rely heavily on private investment and may struggle to match global tech spending.The plans include bolstering Europe’s semiconductor industry, expanding cloud computing, building up capabilities in AI, promoting open source software and setting out a plan for integrating digital technologies into energy systems. This last objective would support a sustainable expansion of data centres.The backdrop is stark. Around 80% of Europe’s digital infrastructure and technology comes from outside the EU. An estimated €264 billion (£228 billion) a year is spent on cloud and software services that are mostly non-European.Europe produces only about 10% of global semiconductors (the technology behind computer chips). In cloud computing, European providers hold roughly 15% of the market, while three US firms account for around 70%.These imbalances were long seen as a natural outcome of globalisation. But in a world of geopolitical tension, they increasingly represent a strategic vulnerability. Export controls, sanctions and political pressure risk rippling through digital supply chains. The recent US ban on foreign access to advanced AI models sends a small yet clear signal.What once looked efficient now looks risky. At the same time, the EU stresses that this is not about isolationism. Finnish politician Henna Virkkunen has been tasked with boosting Europe’s control over strategic technologies. Alexandros Michailidis / Shutterstock Hidden dependenciesA central shift proposed by the European Commission’s digital sovereignty package is to make digital dependencies visible and measurable. Through tools such as sovereignty risk assessments for cloud and AI services, organisations are pushed to look beyond performance and price and at the level of “sovereignty” a service or product provides.Questions of ownership, jurisdiction, supply chains, data location and the ability to switch providers here become central when procuring digital services. The Computer & Communications Industry Association, which represents tech companies such as Amazon, Meta and Google, said the plans would undermine the EU’s goals of bolstering its digital infrastructure. On the other hand, European counterparts say the language in the tech sovereignty plans is soft.This changes the role of buyers – especially in the public sector. Governments would no longer be just customers. Instead, they would start to shape markets. Through procurement and infrastructure investment, they can influence which technologies succeed and how digital ecosystems evolve. The Commission wants to ensure that the expected expansion of data centres is environmentally sustainable. Snehit Photo However, open source software should enable re-use, transparency and compatibility between different IT systems. It provides an alternative to closed, vendor-controlled systems. It allows organisations and governments to collaborate on shared building blocks rather than repeatedly purchasing proprietary solutions from tech companies.Public sector demand for open technologies has been shown to stimulate competition and economic growth. In this sense, the sovereign technology agenda is not just about building alternatives but about reshaping the rules of the digital economy.The EU is trying to give organisations more freedom to switch between different technology providers and negotiate with them. This shifts the control back towards users – helping ensure continuity even in times of crisis. Read more: Europe wants to end its dangerous reliance on US internet technology Ambition faltering?Turning this vision into reality will not be straightforward. Much of the content of the tech sovereignty plan relies on encouragement rather than binding measures, especially around open source software and procurement. This creates a risk that “sovereignty” becomes more of a political label than an operational shift, with uneven implementation across Europe.Nor is this the first attempt at promoting a similar vision of change. Earlier initiatives – in the form of the Tallinn, Berlin and Strasbourg declarations, to more recent EU legislation – have outlined similar ambitions but these have struggled to materialise. Without clearer requirements, there is a risk of repeating this pattern.Another challenge is fragmentation. If member states interpret sovereignty differently, the result could be a patchwork of approaches that weakens impact. Coordinated action is needed to grow both supply and demand across Europe. Public procurement will be central, but not sufficient. Organisations also need capabilities – the knowledge and structures to assess dependencies and act strategically. Current frameworks tend to focus on evaluating technology providers, rather than whether organisations themselves can make and sustain sovereign choices. This is where mechanisms like Open Source Program Offices (OSPOs) matter as promoted by the package. These support the governance and development of open technologies. Strengthening such capabilities may prove as important as policy itself.The Commission’s funding levels for its tech sovereignty package raise further questions. Through an envisaged public-private (mostly the latter) funding model, around €2 billion (£1.7 billion) is calculated for open source over seven years, €120 billion (£103 billion) to semiconductors, €200 billion (£172 billion) to data centres – significant, but modest compared to the money invested in global technology platforms and the digital economy. Practical constraints remain: switching systems is costly, alternatives may lag behind, and shortages in skills and cybersecurity capacity add pressure.National policies reflect these tensions. Sweden’s recent cloud computing strategy, for example, recognises the need to reduce dependencies but remains cautious in how far it goes – illustrating how national differences could limit Europe’s collective impact.Whether the EU’s package of measures can succeed will depend less on ambition and more on implementation, and whether the supply and demand for sovereign tech is able to nudge. Negotiations to follow will show how things fall out.Ultimately, this is not just a European issue, but one for any government or organisation. It is about who controls the digital systems modern societies depend on – and how those systems remain resilient, secure and aligned with public values in an uncertain world.Johan Linåker does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.