Europe in the Sovereignty Triangle: Digital Autonomy Between Market Power and Jurisdiction

Abstract

The EU is fighting three structural dependencies in the digital space: market dominance through tech monopolies (Google, Microsoft, Amazon), technological dependence on US and Chinese supply chains, and jurisdictional risks through extraterritorial law. Author Falk Steiner analyzes how European regulation – such as the Digital Markets Act and the planned Cloud and AI Development Act – offers initial approaches without fully solving structural problems. Central to this is the missing European open-source infrastructure and the inertia in switching to independent systems, which is described as a "self-fulfilling legacy."

People

• Thomas Caspers (Vice President BSI)
• Falk Steiner (Author)

Topics

• Digital Sovereignty
• Vendor Lock-In
• Open-Source Infrastructure
• Regulation (DMA, CADA)
• Jurisdiction and Extraterritorial Law

Clarus Lead

Europe's digital dependencies today are not just an IT security issue, but a strategic state risk area. While the EU Commission responds with sovereignty packages, the article reveals a deeper dilemma: regulation alone cannot break through what is stabilized by network effects, lack of alternatives, and insufficient political will. The opportunity lies in the combination of multiple regulatory instruments – but this would require a change in mentality that the text deems politically unrealistic.

Detailed Summary

The article identifies three interlocking dimensions of dependency. The economic dimension is based on vendor lock-in through network effects: Google became the search engine because user behavior through clicks improved the results – a self-reinforcing system. The same applies to Teams, Facebook, YouTube, and modern language models, which are trained by user data. Competition laws (GWB, Digital Markets Act) have only limited effect here, since digital monopolies function differently than classical ones – once established, only the harmful effects can be contained.

Technological dependency is more insidious: Even large US providers build on open-source components, often from hobby developers or actors outside European legal spaces. This creates hidden risks in the supply chain. The jurisdictional dimension becomes the most acute problem: US sanctions rules and Chinese data access requirements subject foreign companies to competing legal regimes. Law becomes a weapon of geopolitics – under conditions of technological dependence, an existential threat.

Caspers (BSI) praises CADA as a milestone because it uses use cases as an evaluation criterion and thus goes beyond pure IT security. The cloud computing regulatory framework could serve as a blueprint for other areas: the state becomes an anchor customer, accepts marginal efficiency losses for control and business continuity.

But the system is stuck. Schleswig-Holstein is an exception in using independent systems; member states continue to finance proprietary software disproportionately. The EU has no concrete strategy for European open-source development and quality assurance. Users accept dependency out of convenience. DMA interoperability obligations are a start, but are insufficient without simultaneous availability of usable alternatives, data export rights (GDPR, Data Act), and trustworthy target platforms.

Core Statements

• European digital dependence is structurally threefold: market power, technological supply chains, extraterritorial law.
• Regulation without functioning alternatives does not create sovereignty – "moving goods need a destination."
• The self-fulfilling legacy (proprietary systems because there is "no alternative") is not broken politically and economically.
• A combination of multiple instruments (DMA, GDPR, Data Act, CADA) could theoretically work – in practice, the coordinated will is lacking.
• Network effects and convenience stabilize the dependency-generating status quo.

Critical Questions

1. [Evidence/Data Quality] What quantitative data support the thesis that European open-source supply chains are "difficult" to establish – are there studies on cost comparisons or feasibility limits?

2. [Conflicts of Interest] To what extent do national authorities (such as the BSI) themselves profit from proprietary systems and could therefore have conflicts of interest when demanding independence?

3. [Causality] Is the lack of a European alternative primarily technologically impossible, regulatory inhibited, or economically unprofitable – where is the main obstacle?

4. [Alternatives/Counter-Hypotheses] Could more intensive international cooperation (e.g., with Canada, Australia, Japan) be more cost-effective than isolated EU sovereignty?

5. [Feasibility] How realistic is it that users accept comfort losses if the text itself admits that AWS can sometimes be "leaner and faster"?

6. [Causality] The text names Schleswig-Holstein as an exception – where do other federal states specifically fail, and is that a management problem or a system problem?

7. [Conflicts of Interest] To what extent does the CADA model (state as anchor customer) artificially favor European cloud providers and thus create new dependencies?

8. [Feasibility] Can the necessary "combination of multiple instruments" be coordinated at all when the EU, member states, and users have different incentives?

Source Directory

Primary Source: Missing Link: Europe in the Sovereignty Triangle – Heise Online, Author: Falk Steiner
https://www.heise.de/hintergrund/Missing-Link-Europa-im-Souveraenitaetsdreieck-11320648.html

Relevant Legal Acts (mentioned):

• Digital Markets Act (DMA)
• Act Against Restraints on Competition (GWB)
• General Data Protection Regulation (GDPR)
• Data Act (planned)
• Cloud and AI Development Act (CADA)

Verification Status: ✓ Text Analysis 2024

This text was created with the support of an AI model.
Editorial Responsibility: clarus.news | Fact-Check: 2024