Sovereignty Is an Architectural Property
A structural analysis of Europe’s missing layer in the digital stack
Europe speaks increasingly loudly about digital sovereignty. In policy papers, keynote speeches and regulatory frameworks, the ambition is clear: to regain strategic autonomy in a world shaped by American and Asian technology platforms. Yet behind this language lies a structural contradiction. Europe possesses rules, but lacks executional authority over its own digital infrastructure.
That contradiction becomes visible when European telecom operators deploy networks physically located on European soil, while the decision-making logic — the software, orchestration layers and update mechanisms — is governed elsewhere. Fibre, radios and data centres may be European. The will of the network increasingly is not.
This is not a moral failure or a policy oversight. It is an architectural choice — or more precisely, the absence of one.
“Europe’s sovereignty demands a tech leap: build EuroStack now. We are importing technologies that undermine our autonomy and values.”
— Francesca Bria, Professor at University College London and co-author of the EuroStack report
The wrong question
Public debate tends to ask the same question: Why does Europe not have its own Google, its own cloud, its own AI model?
The frustration is understandable — but the question is misleading.
The decisive issue is not who owns the application, but who controls system behaviour under pressure — during crises, energy shortages, cyber incidents or geopolitical escalation. In modern digital infrastructure, that power does not sit with legislators. It sits with the system architect.
Control over:
- orchestration software
- update pipelines
- security patching
- AI-driven routing and energy management
constitutes what can only be described as executive power.
The three layers of digital sovereignty
To clarify this, sovereignty must be analysed technically rather than politically.
Layer 1 — Hardware: ownership without agency
Europe remains comparatively strong at this level. Companies such as Nokia and Ericsson supply critical components of global telecom infrastructure. Europe builds the physical substrate of the digital economy.
But hardware is inert. It decides nothing on its own.
Layer 2 — Software: the silent shift of power
Network intelligence — from slicing and security to AI optimisation — increasingly resides in proprietary software stacks. These are often governed under non-European jurisdictions, including legislation such as the Clarifying Lawful Overseas Use of Data Act.
This does not imply systematic abuse or malicious intent. It implies something more structural — and more consequential: Europe lacks autonomous intervention capacity within its own networks without external consent.
Layer 3 — Update sovereignty: where control actually lives
This is the least discussed, yet most decisive layer.
Digital infrastructure is no longer delivered and left untouched. It is continuously rewritten — through patches, model updates, energy optimisation rules and security overrides. Whoever controls the update pipeline controls the system.
This is where the concept of an Architectural Veto becomes unavoidable.
In AI-native 6G networks, decisions on prioritisation, throttling, resilience and energy distribution are taken in milliseconds. If the codebase and update authority are external, then so is the veto power over how European networks behave in moments of stress.
Sovereignty, in this context, is ownership of that veto.
The compliance trap
Europe’s instinctive response has been regulation. GDPR, the AI Act, DMA and DSA are globally influential and norm-setting.
Yet they reveal a structural misunderstanding.
Regulation defines what systems should do.
Architecture determines whether this can be enforced at all.
Without access to source code and update logic, policymakers may demand security — but they cannot verify, intervene or repair without the cooperation of the code owner.
As one Korean policymaker once put it: Europe specifies how thick the vault door must be; others build the vault.
“Sovereignty is not bought, it is built.”
— Thierry Breton, Former European Commissioner for the Internal Market
Why Europe did not build its own codebase
Not due to lack of ambition — but due to structure.
- Economic fragmentation
Dispersed capital markets, national R&D programmes and divergent industrial strategies prevent scale. - A regulatory-first mindset
Europe corrects technology after deployment; others design conditions beforehand. - Absence of shared infrastructure logic
Sovereignty is too expensive for individual operators, yet was never organised collectively.
That final point is decisive.
The Airbus lesson for software
Europe did not challenge Boeing with 27 national aircraft projects. It succeeded only when engineering, capital and governance were consolidated into a single shared architecture: Airbus.
The EuroStack represents the same logic applied to software.
Not as a “European Google”.
Not as a protectionist response.
But as an Industrial Commons: a shared, open-source foundation for critical network functions, governed in Europe, upon which commercial innovation can occur.
“Building a sovereign European digital ecosystem is a team sport.”
— Christel Heydemann, CEO Orange Group
This implies:
- open core modules
- European escrow structures for critical code
- local authority over updates
- jointly funded 6G reference architectures
Why Korea acts differently
South Korea treats digital infrastructure as strategic capability. Chips, radios, software and standards are developed in coordinated fashion, with state-backed industrial alignment.
Europe, by contrast, retains champions — but lacks a shared architectural backbone.
That leaves European actors exposed in a world where standards, software and geopolitics increasingly converge.
“Europe’s industrial future increasingly depends on its ability to shape the digital arena rather than merely adapt to it.”
— Andrea Renda, Director of Research, Centre for European Policy Studies (CEPS)
EuroStack as mandate, not aspiration
EuroStack is not a vision statement. It is a minimum technical requirement:
- European control over critical network code
- Auditability by default
- Update sovereignty as policy objective
- Market access tied to technical transparency
Not to exclude others — but to regain decision authority.
Conclusion: sovereignty as a design choice
Europe does not need to build everything itself. But it must decide who intervenes when systems fail.
Sovereignty is not a legal status.
It is not a declaration.
It is an architectural property.
Those who do not control the code do not control the network. And those who do not control the network govern their future only by permission.
Visual: Altair Media — EuroStack framework
Once you see sovereignty as a layered system, you realise it’s no longer a debate — it’s a checklist.
