Digital Independence: EU Plans Strict Access to State IT Structures | heise online

heise+ entdecken

SuchenAbo

Suchen

Alle Magazine im Browser lesen<br>Newsletter<br>heise-Bot<br>Push-Nachrichten

${lead}

${lead}

${content}

${content}

${content}

${content}

Advertisement

Advertisement

Brussels is making a major move to reduce dependence on non-European tech giants. After years of reacting, the EU Commission has outlined the transition to a proactive digital strategy. On Wednesday, it presented its repeatedly postponed package for technological sovereignty. A communiqué and accompanying legislative initiatives make it clear: it wants to intervene more forcefully and directly in the IT structures and software procurement of EU countries.

Continue after ad

Commission President Ursula von der Leyen emphasized that Europe cannot afford to be dependent on others for critical technologies for hospitals, energy grids, and security services. According to the responsible Vice-President Henna Virkkunen, the package marks a historic systemic shift away from a mere consumer role towards a shaping role.

At the heart of the initiative is the attempt to establish a uniform definition of technological sovereignty. The Commission understands this to mean Europe's concrete ability to independently develop, control, and scale critical technologies, infrastructures, services, and data that form the foundation for the economy, society, and security. Geopolitics and technology are now inextricably linked, which is why Europe must regain control over its supply chains and data.

Departure from Dependencies without Protectionism

The EU Commission emphasizes that this step is not to be equated with digital protectionism or isolation of the European market. Rather, sovereignty is to be based on openness, fair competition, and a human-centered approach that leaves the market open to like-minded partners. To achieve this, it relies on an ecosystem approach that spans the entire value chain, investing in skills, supporting startups, and ensuring the long-term maintenance and security of the open-source infrastructure. This is intended to generate its own European demand to avoid risky dependencies on individual, non-like-minded countries.

A core component of the package is the Cloud and AI Development Act (CADA) as a central element of the "Action Plan for an AI Continent." The regulation is intended to oblige member states to conduct a systematic sovereignty risk assessment for their administrative software. This involves an analysis of which applications in authorities require which levels of sovereignty. The specified four levels assess control over the digital service itself, the underlying supply chain, the extent of AI inference data processing, the physical location of the infrastructure, and the general level of cybersecurity.

Videos by heise

mehr Videos

c't 3003

heise & ct

Peertube

Fighting Sovereignty Washing

Continue after ad

With this classification, the Commission aims to strengthen the resilience of the public sector, promote European alternatives, and put an end to sovereignty washing, where foreign cloud providers market their services as supposedly independent through European intermediaries. Furthermore, CADA provides for a principle whereby open-source solutions must be preferred when public administrations procure cloud and AI software.

In particularly sensitive areas such as defense or critical infrastructures, authorities could in future be effectively forced to rely exclusively on European software and hardware. Services worth around 180 million euros are to be specifically channeled to reliable EU partners.

The CADA draft also provides for the designation of certain "acceleration zones" where highly sustainable data centers can be established quickly and in a structured manner. This is intended to help triple Europe's data capacity in the next five to seven years.

A new open-source strategy has been integrated by the Commission directly into the sovereignty package in the form of guidelines for open digital ecosystems. In addition to increased use in authorities, it aims to promote the interoperability of digital systems in the public sphere. Examples of successful open ecosystems cited in the paper include the EUDI Wallet for electronic identification and decentralized social media like Mastodon. Their development is to be actively promoted in the future to counteract the discrepancy that the EU currently spends 264 billion euros annually on non-European, proprietary software.

Chips Act 2.0: Demand Boom and Emergency Powers

In parallel, the Commission plans a new edition of its semiconductor program with the Chips Act 2.0. While the predecessor primarily regulated supply, the new version aims to stimulate demand and reduce bureaucracy. Through procurement communities and "demand accelerators," a stable market for European alternatives in AI chips is to be created, which are expected to...