The European Union has decided to pursue a structural transformation to reduce its dependence on foreign monopolies in digital infrastructure. Spanning operating systems, cloud services, digital identity and semiconductors, this strategy is no longer a technical preference but a geopolitical reflex.

More than 80% of Europe's digital technologies and infrastructure are imported, while over 70% of global foundational AI models originate in the U.S.

American tech giants control more than 70% of Europe's cloud infrastructure. In Sweden, over half of public digital systems rely on U.S.-based servers, while in Belgium, Microsoft alone holds roughly 70% of the cloud market. This landscape has given rise to a term increasingly used in policy circles: "digital colonialism."

At the core of the debate lies the U.S. CLOUD Act. During a court hearing in June 2025, Microsoft was asked by French authorities whether it could guarantee that European data would never be shared with U.S. institutions. The response was clear: no such guarantee could be given.

Data sovereignty is not simply about storing data in Frankfurt or another European city. True sovereignty requires that data remains subject solely to the legal jurisdiction in which it resides. If a company falls under U.S. law, the data it holds, even if physically located in Europe, remains within the reach of American courts.

Digital sovereignty takes center stage

On Nov. 18, 2025, France and Germany led a European Digital Sovereignty Summit in Berlin, bringing together policymakers to align on a joint action plan covering artificial intelligence, data governance and public digital infrastructure.

A dedicated task force was established to report progress in 2026. Shortly after, on Dec. 5, EU member states formalized their political stance through the "European Digital Sovereignty Declaration." While not legally binding, the document crystallizes a clear strategic direction.

Institutional changes have followed. Under the European Commission formed in December 2024, a new executive vice president role was created with responsibility for "Technological Sovereignty, Security and Democracy." Assigned to Henna Virkkunen, the portfolio spans artificial intelligence, quantum technologies, cloud infrastructure, semiconductors and space systems.

Cloud and AI law takes shape

One of the most critical pillars of the European Commission's 2026 Work Program is the Cloud and AI Development Act (CADA), which has entered the legislative process as of the first quarter of the year.

The law aims to establish standards for "sovereign cloud" infrastructure and directly address Europe's structural dependence on U.S.-based network technologies.

The upcoming European AI and Cloud Summit, scheduled for May 5-7, 2026, in Cologne, is expected to serve as a key event for debating the technical framework of the law ahead of formal deliberations.

Despite ongoing challenges, political momentum appears firm. What was once a niche concept in digital policy, "digital sovereignty," has now moved to the center of the European agenda, championed by leaders from European Commission President Ursula von der Leyen to former European Central Bank (ECB) President Mario Draghi.

For Europe, 2026 will be a decisive year, one that will determine whether this ambition can evolve from policy vision into tangible infrastructure.

Nearly $354B transformation plan

Beyond regulation, calls for structural intervention are gaining traction.

In March 2025, leading European tech companies and industry bodies urged the European Commission leadership to take "radical action" to build a sovereign digital infrastructure.

At the center of this proposal is "EuroStack," a vision for an integrated European technology stack spanning semiconductors, cloud systems, operating systems and digital identity.

The movement also included a proposal to develop a Linux-based EU Operating System, intended to be Europe's own alternative to Windows and macOS.

According to a report led by Bertelsmann Stiftung, the transformation could take a decade and require up to 300 billion euros ($353.5 billion) in investment by 2035.

As an initial step, the creation of a 10 billion euro European Technology Fund has been proposed. The European Parliament's Industry, Research, and Energy (ITRE) Committee endorsed the initiative in June 2025.

Open source and public procurement

One of the central debates in software independence is the restructuring of public procurement. EuroStack advocates call for a shift toward an "open source first" principle, whereby proprietary software would only be used if no viable open-source alternative exists.

Progress is already visible in digital identity. Under the updated eIDAS framework, all EU member states are required to offer at least one certified European Digital Identity Wallet by 2026.

Meanwhile, the forthcoming Quantum Act, expected in the second quarter of 2026, will mirror the structure of the EU Chips Act, introducing funding mechanisms to build a European quantum ecosystem.

The Chips Act remains in force in the background, as the EU maintains its goal of increasing its share in global semiconductor production to 20% by 2030.

Türkiye advances digital sovereignty strategy through domestic innovation

Türk Telekom is reinforcing Türkiye's push for technological independence under its "digital sovereignty" strategy, expanding its nationwide fiber network while prioritizing domestic production in 5G and next-generation technologies.

The company is moving beyond vision statements to build what it describes as a "technology shield," combining locally developed 5G infrastructure with emerging capabilities such as quantum-secure communications. The aim is to ensure that Türkiye's data is protected and managed through domestic resources.

Türk Telekom has accelerated its digital sovereignty drive as it seeks to safeguard the country's data, infrastructure and cyber boundaries. As of 2026, the company has extended its fiber network to cover more than 95% of the country, while placing a "fully independent ecosystem" model at the core of its long-term strategy.

Reducing external dependence

A central pillar of this approach is reducing reliance on global suppliers in critical technologies such as 5G. Through its subsidiaries Argela and Netsia, Türk Telekom is developing internationally competitive patents and solutions.

Technologies engineered by domestic teams are being used to establish "isolated and secure" communication lines for public security institutions and critical industries. Software-defined networking solutions, recognized globally, are laying the groundwork for a hardware-independent communications infrastructure.

Aligned with the core principle that "Türkiye's data should remain in Türkiye," the company is also expanding its investments in cloud computing and data centers.

One of the country's largest cybersecurity facilities employs AI-driven threat hunting systems to detect and prevent cyberattacks before they materialize, serving both public and private sector clients.

Looking ahead, Türk Telekom is also addressing future risks posed by quantum computing.

Through initiatives in Quantum Key Distribution (QKD), the company aims to establish "unbreakable" communication channels between strategic institutions.

Company officials emphasize that digital sovereignty is not only about infrastructure, but also about ensuring that data remains within national borders and is processed through domestically developed software.

Solutions such as satellite-integrated 5G systems and defense-grade cybersecurity packages are especially emerging as tangible outcomes of this broader strategy.

Türkiye steps up digital independence drive with new regulations

Türkiye has crossed a critical threshold in its push for digital independence with the introduction of a comprehensive cybersecurity law. Yet the long-term success of this transition will depend on the sustainability of domestic technology production, private sector alignment and balanced integration with international standards.

In recent years, Türkiye has taken broad steps, both legislative and institutional, to strengthen its position in cybersecurity as part of its wider "digital sovereignty" strategy.

The Cybersecurity Law, which entered into force in 2025 alongside new infrastructure initiatives, stands out as a central pillar of this multi-layered approach.

The law, formally known as Law No. 7545, represents the country's first comprehensive and binding framework in the field. Enacted on March 19, 2025, it expands the scope of cybersecurity from a purely technical issue into a matter of national security and economic stability, covering both public institutions and private sector actors.

Stricter obligations for critical sectors

Under the new regulation, companies operating in critical sectors such as energy, finance, health care and telecommunications face significantly tighter obligations. Mandatory reporting of cyber incidents, regular audits and substantial financial penalties are designed to enhance deterrence and enforce compliance. The introduction of prison sentences for certain data breaches further underscores the law's strict stance.

In parallel, defense industry organizations and critical service providers are increasingly prioritizing domestic solutions, particularly in cloud infrastructure and essential digital services.

One of the most significant aspects of the law is its emphasis on the prioritization of "local and national cybersecurity products."

This provision signals Türkiye's clear intention to reduce external dependence while strengthening its domestic technology ecosystem. It also introduces state oversight mechanisms for the production, sale and merger of cybersecurity companies, ensuring tighter control over strategic technologies.

Reinforcement against cyber threats

Complementing the legal framework is the establishment of the Cybersecurity Directorate in early 2025, operating under the Presidency. The institution plays a central role in protecting critical infrastructure, monitoring national cyber threats and supporting the development of domestic solutions.

Structures formed within the directorate are designed to enable faster and more coordinated responses to cyberattacks.

Digital sovereignty, however, cannot rely solely on defensive measures. It also requires robust production capacity. In this context, Türkiye is scaling up investments in domestic software, artificial intelligence and cybersecurity solutions, with research and development efforts gaining momentum.

The development of local technologies strengthens both the legal and technical foundations of the country's cybersecurity framework.

At the same time, the new law and regulatory architecture have also sparked debate.