Digital sovereignty becomes a matter of resilience for Europe

In this Help Net Security interview, Benjamin Schilz, CEO of Wire, discusses Europe’s push for digital sovereignty through initiatives like Gaia-X and the EU AI Act. As the continent redefines its technological future, the focus shifts from regulation to building resilient, European-owned digital infrastructure.

Schilz also discusses how open-source and decentralized technologies are key to securing Europe’s strategic autonomy.

Europe has made bold moves toward digital sovereignty with Gaia-X, the EU AI Act, and support for open-source infrastructure. Are these efforts gaining meaningful traction, or are they still largely aspirational?

Despite GDPR and Schrems II rulings, data continues to flow across the Atlantic under fragile legal mechanisms, many of which remain vulnerable to executive overreach under laws like the US Clarifying Lawful Overseas Use of Data (CLOUD) Act. The rise of initiatives like Gaia-X, which aims to create a federated, transparent cloud ecosystem, signals a move towards building indigenous alternatives to foreign-dominated infrastructure. While several Gaia-X services are now operational since its 2019 launch, the project remains very much in its early stages of implementation.

Further strides towards digital independence include the EU AI act. Despite pushback from industry players like Meta, the initiative is moving forward, with companies like OpenAI already demonstrating compliance. Europe has demonstrated its ability to regulate, but now it’s time to build a future that isn’t shaped by foreign powers. In other words, digital sovereignty, once framed as a stance on privacy, is now a matter of resilience.

How do open-source and decentralized technologies contribute to Europe’s strategic autonomy, and what role should public investment play in accelerating their adoption?

Open-source and decentralized technologies are essential to advancing Europe’s strategic autonomy. Across cybersecurity, communications, and foundational AI, we’re seeing growing support for open-source infrastructure, now treated with the same strategic importance once reserved for energy, water and transportation. The long-term goal is becoming clear: not to sever global ties, but to reduce dependencies by building credible, European-owned alternatives to foreign-dominated systems.

Open-source is a cornerstone of this effort. It empowers European developers and companies to innovate quickly and transparently, with full visibility and control, essential for trust and sovereignty. Decentralized systems complement this by increasing resilience against cyber threats, monopolistic practices and commercial overreach by “big tech”.

While public investment is important, what Europe needs most is a more “risk-on” tech environment, one that rewards ambition, accelerated growth and enables European players to scale and compete globally. Strategic autonomy won’t be achieved by funding alone, but by creating the right innovation and investment climate for open technologies to thrive.

Many sovereign platforms emphasize end-to-end encryption, data residency, and open standards. Are these enough to ensure trust, or is more needed to truly protect digital independence?

Sovereign platforms can be marketing buzzwords, or they can be a reality when built on solid foundations. Real sovereignty starts with a clear understanding of the legal framework being adopted. Which laws will be followed? If, as in the case with Microsoft, there is no guarantee that the vendor will commit to working within the framework of EU law then any claims of sovereignty are just marketing hype.

Can you share examples of successful deployments of collaborative platforms in the public sector that have led to measurable improvements in efficiency or transparency?

We’ve seen secure and sovereign collaboration platforms make a significant difference to government agencies across Europe. Many German ministries use the messaging service Wire for internal communication, including the Federal Ministry of the Interior (BMI), Education and Research (BMBF) and Health (BMG).

In many cases, the true impact isn’t only about improving efficiency or transparency, it’s about enabling critical use cases that insecure or non-sovereign solutions simply can’t support. This includes managing highly sensitive communications of personal information, security and defence agencies as well as facilitating secure collaboration between different levels of government, whether federal to regional, or across borders with foreign partners.

As AI capabilities begin to integrate into collaborative platforms, what safeguards are essential to keep these tools compliant, secure, and aligned with public interest values?

To ensure digital sovereignty and long-term resilience, AI systems deployed in Europe should adhere to key principles: they must be hosted within the EU, support end-to-end encryption to protect sensitive data, leverage open-source models to enhance transparency and auditability, and avoid reliance on software or services that fall outside EU legal jurisdiction. These measures are critical for maintaining control, trust, and compliance in an increasingly complex threat landscape.