[CALL FOR PAPERS] The roots of AI rejection
10 June 2024
[POLICY BRIEF] Monetary sovereignty in a digital world, by Jean-Pierre Landau and Sarah Nicole
21 June 2024

[INTERVIEW] How to implement digital sovereignty? By Samuele Fratini

By Luca Lefevre

What are the defining differences between sovereignty in general and digital sovereignty? 

The traditional concept of sovereignty is largely different from how it is used in the fields of digital governance. Traditional sovereignty is a characteristic of internationally recognized states to exercise a supreme authority over a territory, while digital sovereignty is an effective strategy aimed at expanding state authority over the digital infrastructures in a global scenario. Digital sovereignty is more of a strategy rather than a fully owned power of a state.

If we assume sovereignty to be the supreme authority of the state over its territory, the first distinction is that the digital space is not an actual territory but a global infrastructure. Yet, it is increasingly described as a space or a territory to make it available for state control. Secondly, nation-states are not the supreme authority over the digital infrastructure. In the vast majority of cases, especially in the European Union, Russia, and China, digital sovereignty was proposed as a sort of defensive strategy to increase the state authority over the digital infrastructures and especially over the foreign digital technologies, meaning the American ones.

Lastly, digital sovereignty is attached to geopolitical competition; the pursuit of digital sovereignty cannot be disentangled from the existing power balance in the world. It is integral to a moment of de-globalization, where the dynamics existing increasingly challenged in every sector, and the digital sector makes no difference.

What is the difference between the definition of digital sovereignty here in Europe vs. in Russia or China?

They are extremely different models, but they have a thing in common: they emerged as a defensive strategy against a perceived American hegemony in the technological sector. They emerged in different periods by applying different solutions, but they are all put together by the perceived need to be more autonomous in the face of the United States. This is true in different shades but, in my opinion, this is a common trait.

Apart from this point, they all pertain to different models of digital sovereignty. The first characteristic is that these three political entities started pursuing digital sovereignty by mobilizing different labels. They talk, for example, about “technological sovereignty” or “Internet sovereignty” in three different historical moments. In the European Union and Russia, talking about digital sovereignty began at the beginning of the 2010s, while China started doing so at the end of the 90s.

The expansion of the Internet and the World Wide Web in China was regarded as a sort of national security issue from the very beginning. This is partially due to a different model of sovereignty: in China, you cannot see the same distinct boundary between private companies and state authorities, so it is blurry if compared to the European ones, for example. It’s a key difference, as the digital sovereignty strategy in China is not characterized by the need of the state to restate its control over the digital infrastructure because the cyberspace was never imagined as stateless in China. It was always guided and oriented by the Chinese Communist Party. Digital sovereignty was more oriented to the international arena as it was imagined as a national security issue and since China has seen itself as a sort of anti-colonialist power, it manifested the need to be sovereign, especially in front of the expansion of US technology with related US values. From the end of the 90s, we could see a constellation of initiatives such as the Great Firewall or the support for multilateralism in international bodies that characterize the Chinese approach to digital governance as a territorial issue.

Some characteristics of the Chinese model were partially integrated into the Russian one, but we usually tend to forget that the Russian approach to the Internet was quite liberal until the beginning of the 2010s. In 2010, they actually proposed the term “sovereign Internet,” which means that the Internet and cyberspace, in general, are increasingly seen as a sort of battlefield. They started following three directions:

1. A strong content filtering achieved both by direct filtering in digital platforms, especially domestic Russian platforms, and by the direct exclusion of foreign operators.

2. Strong data localization requirements. Foreign companies are obliged to store a large part of their data in Russia and are forced to hand over those data to Russian authorities if they ask for them.

3. Russia also engaged in a continuous campaign of disinformation spreading in many Western countries – the American case is the most famous one, but it’s not the only one, and this is particularly interesting and important before the European elections.

These three trajectories have been increasingly crystallized into an established set of laws. For example, the “Yarovaya Law[1]” and other laws have been putting this strategy into practice. So, this is the Russian strategy more or less.

In the case of the European Union, the debates also started at the beginning of the 2010s, but at the national level. A remarkable example is France because, in 2012, digital sovereignty was already a topic, especially with personalities like Bellanger[2] and others who started talking about implementing digital sovereignty as a sort of attempt to emancipate Europe from America. There was also a kind of debate in Germany, but it was more linked to a radical right-wing brand and not a national strategy welcomed by all the political spectrum. The true turning point was the Snowden revelations. For instance, in terms of Internet governance, we consider that there is a “post-Snowden Internet governance” because Europe started understanding how these technologies were weaponized by the United States. Then digital sovereignty was increasingly described as the ability of Europe to freely and autonomously act in the digital space, and this became the objective behind a lot of European policies such as the GDPR or also the most recent AI act. There is a true willingness to be free to choose its own destiny in the digital space nowadays. As a result, digital sovereignty becomes one strategic component of a larger European grand policy which is strategic autonomy.

What role does the sovereign cloud play in determining digital sovereignty? 

The Russian case is one of the most evident examples, but these attempts take different shapes all over the world. For instance, I might not have mentioned that sovereignty is composed of different components. The trajectory is, of course, to be free to act in the digital space, but this goal is achieved through several components.

For example, the idea of being able to develop your own technology is called technology sovereignty. Another example is the availability of having an educated workforce to manage the technology, which is termed competence sovereignty. One of these components is data sovereignty, which is the ability of a nation-state to exert its control over the ways in which data are collected, stored, and used over the data flow lifecycle.

To achieve this, some political entities, especially Russia, China, and the European Union, have started resorting to traditional governing structures to exert their control. This traditional governance structure is state jurisdiction. The inherent idea is that if you can take that data and store it within your jurisdiction, your laws will apply to that data, allowing you to escape other threatening jurisdictions.

However, it’s important not to restrict and reduce the ability to exert control over data flows solely to the territorial dimension. For instance, the United States exerts a high degree of data sovereignty without resorting to territorial jurisdiction. In 2018, they introduced the USA CLOUD Act, which allowed state authorities to access private databases in national emergencies. Essentially, they weaponize their companies, and the control over data travels through private circuits rather than territorially.

Thus, while the sovereign cloud is important, it is not a total shield against all threats, nor is it the only way to exert control over data. Data sovereignty is not separate from other digital sovereignty components. It can also reveal state weaknesses. For example, the European Union’s GAIA-X project, which aims to develop a sovereign cloud, shows a lack of strategic clarity. Initially, the answer seemed to be that a sovereign cloud should be maintained by only European companies, as Amazon was excluded. However, later, the European subsidiary of Amazon was reincorporated, making the concept of sovereignty unclear.

This situation is also connected with the ability to develop your own digital infrastructures and vulnerability to lobbying. A case in Switzerland in 2022 involved federal authorities trying to establish a sovereign cloud for public administration, which eventually, in 2023, was contracted to five foreign companies—four American and one Chinese. This shows that despite the best intentions, such attempts are subject to the actual ability to develop infrastructure and the influence of foreign lobbying.

So, the important question is: what can we expect from state sovereignty concerning large corporations? Can a solution be found in supporting local companies rather than fighting against American and Chinese firms? On the European side, this is a crucial distinction. Other superpowers like China and the US have followed the strategy of developing their own domestic companies. However, in the European Union, there are some observations to consider.

There is a sort of double movement in the relationship between states and companies. On one hand, there is an increasing exclusion of companies tied to states perceived as threats, like the TikTok case in the US and partially in the EU, or the banning of Western companies in China and Russia. On the other hand, there is an increasing attempt by states to enforce control over domestic companies. The Chinese crackdown on big tech is a famous case where the state tried to strengthen its control over companies, causing economic damage.

In the US, during the Trump and Biden administrations, congressional hearings asked big tech CEOs if their work was functional to US interests. This double movement arises because globalized companies must respond to different countries, making them only partially domestic. Chinese companies, for example, must comply with both Chinese and international requirements.

Regarding Europe, a more powerful private sector with national champions could advance European interests and export European standards. However, the European single market faces barriers that prevent full integration, hindering domestic companies from scaling up and fueling innovation. The Brussels Effect has allowed the EU to export its standards globally because US companies operating in Europe adopted these standards. Therefore, while developing a domestic digital sector with national champions is essential, the risks of excluding US operators should be carefully weighed of excluding US operators, as this could undermine the success of European standards globally.

What can we expect from the sovereignty of states towards big corporations ? Can the solution be found in supporting local companies rather than fighting against the American and Chinese firms? If companies are domestic (especially in the US), what reasons are there for not favoring self-regulation to achieve digital sovereignty?

We usually think of a company as being born in a certain country and headquartered there, with its interests aligned with those of the country. The first point is that it’s not quite right.

The second point is that the degree of penetration of digital technologies into our everyday life has been surging over time. This means that large digital companies now have not only market obligations but also social and political obligations. Both China and the US are concerned with the degree of independence of their private sectors and are trying, in different ways, to reinstate their control over these companies.

This distinguishes the current moment from the initial period of digital technology expansion. We are now in a moment of regulation because digital technologies have already spread and penetrated our everyday lives. There is a sort of unwritten consensus that we are moving towards more stringent regulation.

Isn’t it paradoxical to be simultaneously fighting for digital sovereignty on a global scale, and at the same time seeing a return to regulation?

This makes sense but the point is that since regulation, by definition, is not neutral, some countries have been trying to impose and export their standards. As a result, other states feel the need to counter these foreign standards with their own domestic regulations. This dynamic means that regulation often spurs further regulation.

Wouldn’t a state-based model, if it were European and therefore included respect for fundamental rights, be the optimal solution for the EU? 

Several observations can be made on this point.  The first one is that the models we proposed (ndlr in the article) are, by definition, mutually exclusive. They could have some common characteristics, but they pertain to different dimensions.

For example, the first distinction is that the European Union is not an actual state. Practically speaking, this means that the European Union cannot centralize digital governance in the same way China does without infringing on internal economic competition or other fields. The first observation, therefore, relates to the very structure of the European Union.

The second observation is that the European Union has a large internal single market, but it is only partly integrated due to cultural, linguistic, and legal barriers. It is not even as large as the Chinese market. China, being the state model par excellence, has a large internal market that allows them to develop their own companies internally and then export them globally. A high degree of centralization in digital governance in the European Union would significantly hamper this process.

The final observation is that the European Union differentiates itself by pursuing fundamental rights in the digital space. A state-based solution would not be compatible with the multi-stakeholder model of governance, which is applied differently worldwide. If governance is too centralized in the hands of the state, the interests and competences of other sectors, such as the private sector, academia, and technical experts, would be more easily overlooked. Therefore, the European Union should continue to advance its own sovereign interests in the digital space while remaining democratically representative of each societal group affected by digitalization.

One last point is that the European Union is in a process of continuous integration. Integration advances when faced with global challenges like the pandemic or the digital transition. These and other related challenges, such as the environmental one, require the European Union to advance its identity, not only to orient its strategy but also to construct that identity. If the European Union stopped developing its own model of digital governance, which is the fundamental rights-based model, it would capitulate to other established nation-states like China and the US. Therefore, because this is a matter of European integration, the European Union should advance its own particular model.

[1] The yaroyava laws are a set of federal texts adopted in russia during 2016. The stated aim is to strengthen the state’s capabilities in the fight against terrorism. In particular, the laws allow the FSB internal security service to access online messaging data, including encrypted data.

[2] See for example : Bellanger, Pierre. « De la souveraineté numérique », Le Débat, vol. 170, no. 3, 2012, pp. 149-159.

Samuele Fratini is a Ph.D. candidate in Social Sciences in the Department of Communications, Interaction, and Cultural Constructions at the University of Padova and in the Institute of Media and Journalism at the Università della Svizzera Italiana of Lugano. He published an article with Emmie Hine, Claudio Novelli, Huw Roberts and Luciano Floridi entitled “Digital Sovereignty: A Descriptive Analysis and a Critical Evaluation of Existing Models”, which proposes a classification into four models of how to implement digital sovereignty.