Why we should care for Digital Sovereignty, Hackerspace Brussels Software Freedom Day 2025

25 Sep 2025

Software Freedom Day 2025 at Hackerspace Brussels: Why we need Digital Sovereignty (and where it comes from)

The debate surrounding technological or digital sovereignty has been ongoing for a while, but recently gained traction particularly with Trump back in office. Beyond decreasing dependencies in Europe, and investing in Open Source, one fundamental goal of digital sovereignty must be to protect fundamental rights. Sebastian’s presentation will trace the debate back to the industrial espionage that was revealed in the 2013 Snowden disclosures, data protection, and other fundamental rights in the digital age.

On Saturday, 20 September 2025, I had the opportunity of speaking at Hackerspace Brussels on the occasion of Software Freedom Day 2025. Here you can find my presentation with notes. Feel free to reach out.

Watch the live recording now!

(Update 2025-11-05: You can watch the recording on PeerTube now!)

Why we need Digital Sovereignty

(and where it comes from)

Sebastian Raible

Sebastian is a political consultant, representing Open Source businesses and their interests towards the EU institutions. He was previously a policy advisor and assistant to two Members of the European Parliament (2015-2024).

contact info

sebastian at raible.be · raible.be

Mastodon: @sraible@eupolicy.social

Bluesky: @sebastianraible.bsky.social

disclaimer

I am a lobbyist for APELL – The European Open Source Software Business Association. While I am here in my personal capacity, some of my views overlap with that of the business interests I represent.

state of digital sovereignty

digital sovereignty

digital and technological sovereignty

data sovereignty

goals: agency, control, skill

Notes: digital sovereignty definition

I see the terms “technological sovereignty” and “digital sovereignty” used interchangeably in the Euro bubble. People¹ differentiate it into smaller categories, but for the purposes of this talk, I think it makes sense to talk about

technological sovereignty where it comes to software, hardware, services,

data sovereignty where it comes to data, and

operational sovereignty where it comes to capabilities and skills. The goals are mainly to gain, or sometimes regain,

influence over the design and functioning of $tech (regulation (setting of rules) and oversight, but also access, documentation, skill enabling us to change the design and parameters of a $tech),

control whether the rules are complied with (monitoring, testing, enforcement),

accountability of producers,

sustainability (ecological, but mostly economically: savings and long-term sustainability of public investments),

competitiveness and, implied as a result: prosperity.

see also

Achieving digital sovereignty: When every product already says “sovereign“ (Archive); Sean Fleming at the World Economic Forum uses digital, cyber, technological and data sovereignty more or less as synonyms: What is digital sovereignty and how are countries approaching it?

A plate of sandwich and Cheetos|20%

Notes: Cheetos next to a sandwich (for no reason.)

Dependence on technology has been used as a means to put pressure on the EU in international trade negotiations. (After such pressure has historically been and continues to be used to exploit other regions of the world by Europeans and the “West”.)

state of digital sovereignty

Quote: German EU Presidency programme (July 2020) … Europe must achieve sovereignty in the digital domain in order to remain capable of action on its own also in the future.

Notes: German presidency: digital sovereignty goal, motivated in particular by dependencies that became more obvious during the pandemic, like for the production of critical medicines, hardware, software and services, etc.

state of digital sovereignty

Euronews (17/09/2024): '… Henna Virkkunen will become the Executive Vice President for Tech Sovereignty…'|450

Notes: In 2024, the new European Commission came into office with the vice-president Henna Virkkunen’s job title literally including “tech sovereignty”.

state of digital sovereignty

Nextcloud 'Digital Sovereignty Index'|850

Notes: several initiatives exist that try to map the state of digital sovereignty, showing the level of dependency on products and services

state of digital sovereignty

Jurgen Gaeremyn's European Critical Dependencies Map|750

Notes: Including, of course, Jurgen Gaeremyn’s European Critical Dependencies Map that points out the reliance on extra-European mail infrastructure in public authorities

Why we need Digital Sovereignty

Notes: title of the talk!

Why we ~need~ should care for Digital Sovereignty

Notes: Actually: Why should we care for digital sovereignty?

[!tldr] digital sovereignty archives: Snowden

5 June 2013: first publications of NSA documents

mass-surveillance of individuals

industrial espionage implied

6 October 2015: CJEU rules Safe Harbour EU-US data transfer framework invalid (“Schrems I”)

14 April 2016: GDPR is adopted (entry into force 25 May 2018)

Notes: first publication on 5/June, attribution to Edward Snowden on 9/June

global mass-surveillance, mostly metadata, some communication data

July 2013: monitoring of EU Commission, network infiltrations revealed (Belgacom)

secret cooperation between international intelligence services

major email, cloud storage, telco operators and other services intercepted

secret courts and limited democratic oversight (FISA) in the US

October 2013: major heads of state targeted, Merkel famously says “spying among friends is not acceptable”, later it is revealed that her mobile phone might have been tapped since 2002

see also

Wikipedia (EN): Edward Snowden Surveillance Disclosures

Wikipedia (EN): 2010s global surveillance disclosures

Disclaimer on Snowden who continues to live in Russia, and has called rumours of the coming attack on Ukraine as conspiracy theories before the fact. Now apparently has citizenship and I haven’t bothered to try to find out more, but he seems to be silent.

[!tldr] digital sovereignty archives: Schrems II

16 July 2020: CJEU rules the Privacy Shield EU-US data transfer framework invalid (“Schrems II”)

October 2022: Biden administration signs executive order to implement Data Privacy Framework %% as future basis for EU-US data transfers %%

10 July 2023: Commission adopts Data Privacy Framework adequacy decision

Notes: in large part on the basis of the Snowden leaks, the CJEU comes to the conclusion that personal data transfers to the US do not provide adequate safeguards to guarantee the protection of personal data granted by the Charter of Fundamental Rights. GDPR is in part as strong as it is because of the political discussions at the time, and as a result of Snowden

A plate of sandwich and Cheetos|20%

Notes: no notes.

“EU competitiveness”

Draghi report

Notes: sigh. Draghi report, one year ago

Draghi calls for “radical cuts” to the GDPR

Result is reform of GDPR is no longer out of the question

deregulation in the name of competitiveness

Draghi likens regulations to tariffs

[!info] data sovereignty

protection of trade secrets

protection of personal data

Notes: digital sovereignty is not only about industry, trade, and business fundamental rights protections more important than ever

“digital colony”

Notes: I digress: “digital colony”

dependencies on non-EU providers of digital products and services

“lock-in” to incumbent providers (e.g. because of pervasiveness, incompatibility with alternatives, or lack of comparable alternatives)

dependencies can (and previously have been) be used as means to put pressure on Europe in trade disputes and international relations

additional concerns exist regarding the confidentiality and security of data and trade secrets, with possible backdoors in hardware, software and services

some EU efforts to reduce dependencies are underway but could be more concrete, efforts to increase (or achieve) digital/technological “sovereignty”

(sovereignty itself can be problematic as it connects well with nationalist narratives but is now widely used outside of those contexts)

some private initiatives, notably “Euro-Stack” have gained traction, strong campaign with demands to “buy European” (similarly problematic) or at least shift investments to more European products and services

“digital colony” narrative claims Europe is a colony to (usually) the US

building on a general feeling of having been left behind, exploitation, victimisation by powerful international corporations

“digital colony” ignores historic dimension of exploitation, genocide and systemic racism, **de-values and conceals intersectional and critical

digital colonialism

Notes: digital colonialism digression (contd.)

narrative is not only problematic, but easily deconstructed: dependencies have been created willingly, by buying products and services in a free market economy, so not useful to moderates

See also:

“digital colonialism” book (so far only in German, “Digitaler Kolonialismus” by Ingo Dachwitz and Sven Hilbig, https://www.chbeck.de/dachwitz-hilbig-digitaler-kolonialismus/product/37000393)

Kahinde Andrews: The New Age of Empire

conclusion

==TODO==

Notes:

Open Source

run your own platforms and services

needs political will

do not weaken data protection, as that would also weaken

our argument

trade secret protection

our society

more positively: tech is widely available, affordable as never before

copyright restrictions to content becoming more obvious again as the platforms are being enshittified to make (more) profit

open culture

photo credit

Cheetos.jpg: Scott Erhardt (PD)
Screenshot Euronews (17/09/2024): These Commissioners will be in charge of EU tech policy
Screenshot Nextcloud Digital Sovereignty Index
Screenshot Jurgen Gaeremyn’s Map of European Critical dependencies

DeLoitte defines a “Sovereignty Framework” of “4+1 dimensions”: ↩