On Digital Sovereignty And Strategic Realism

As an IT professional, I like to reflect on specific issues that can have big impacts on organizations and society. This article was first written in French and shared with my professional network on LinkedIn.

Digital sovereignty has, in just a few years, become a central issue for governments, enterprises, and even individuals. Long confined to academic debates, the concept has now become a strategic concern in light of an undeniable reality: our growing dependence on global digital infrastructures.

Recent events illustrate this vulnerability. The rise of the GAFAM giants, the revelations of the Snowden affair, the implications of the U.S. Patriot Act and Cloud Act, and the alleged interference in U.S. elections have all highlighted the risks associated with the concentration of digital power. Added to this are far more concrete technical incidents:

• AWS outage – October 20, 2025 (details)
• Microsoft Azure outage – October 29, 2025 (details)
• Cloudflare outage – November 18, 2025 (details)

Not to mention the problematic CrowdStrike update in July 2024, which crippled critical services in banks and airports (Wikipedia, among other sources).

These events are not anecdotal: they reveal a systemic dependence affecting our organizations and, by extension, individuals. The question is no longer “Should we be concerned?” but rather “How do we prepare?”

Why Digital Sovereignty Is Essential

Digital sovereignty is defined as “the ability of a state, an organization, or an individual to control and manage its data, digital infrastructures, and technologies in order to ensure its strategic autonomy and security in the digital space.” It involves the ability to exercise one’s rights and choices without external constraints.

This autonomy is critical for three key reasons:

Security and resilience: Data is a strategic asset. Exposure to foreign jurisdictions can create legal and operational risks.

Decision-making autonomy: Without control over infrastructures, room for maneuver during crises is severely limited.

Preservation of democracy: As Le Devoir aptly states:

“Digital sovereignty is neither a luxury nor a technological gimmick. It is a pillar of resilience and democracy.”

However, seeking total autonomy is unrealistic. Digital value chains are globalized, and the costs required to develop sovereign solutions—cloud platforms, AI systems, software—are immense. Moreover, an overly protectionist approach could hinder innovation and harm competitiveness.

Pragmatism and Strategies

We must accept a core reality: we will never have full control over our digital destiny. Global interdependence is structural. Rather than pursuing absolute independence, we should take a pragmatic approach focused on reducing risks and diversifying dependencies.

This approach requires concrete strategies, along with significant time, financial investment, human resources, and strong governance. Digital sovereignty is not a quick fix; it is a long-term strategic initiative. And it extends far beyond saying “we’ll choose this local cloud provider for our organizational needs.” It is much deeper and more complex.

Key Measures for a Strategy Aimed at Greater Digital Sovereignty

• Diversify providers to avoid overreliance on a single cloud player. Diversification reduces systemic risk related to outages or contractual disruptions.
• Strengthen contractual clauses to include exit mechanisms and data portability requirements. A clearly defined exit strategy is essential for preserving flexibility.
• Hybridize infrastructures by combining public cloud, private cloud, and on-premises solutions. A hybrid approach allows organizations to retain control over sensitive data while benefiting from the scalability of major providers.
• Invest in skills to operate hybrid and multi-cloud environments. Digital sovereignty depends as much on technology as on the expertise of the teams managing it.
• Adopt open and interoperable standards wherever possible to reduce technological lock-in (the notorious vendor lock-in) and facilitate system and data portability.
• Enhance local cybersecurity by deploying sovereign solutions for critical functions such as authentication and encryption.
• Participate in regional initiatives such as sovereign cloud projects in Europe or Québec to pool efforts and investments.

These measures will not provide total sovereignty, but they significantly reduce vulnerability and increase resilience. They also send an important and necessary signal to major industry players: organizations are not condemned to absolute dependency.

Open Questions for Reflection

Is digital sovereignty an achievable objective, or a strategic mirage? Are we ready to invest heavily to reduce our dependencies? How do we reconcile economic openness with digital autonomy? And above all: what degree of sovereignty is truly necessary to safeguard resilience and democracy?