Cybersecurity in the sovereignty era The uneven confidence across regions points to a broader shift in how nations perceive cyber resilience – from a technical challenge to a question of sovereignty and self-reliance. As nations seek to protect critical infrastructure, many are re-evaluating their dependencies on foreign technology providers and global supply chains. This connection between infrastructure protection and digital autonomy has become a defining feature of modern cybersecurity policy. Over the course of 2025, economic uncertainty and geopolitical instability have become deeply intertwined, amplifying global cyber risk and complicating organizations’ ability to anticipate and mitigate emerging threats. As political tensions and trade disputes reshape alliances and technology dependencies, the world is witnessing growing fragmentation across digital and technological ecosystems. This renewed focus on digital sovereignty reflects an urgent drive by states and organizations to safeguard autonomy, control critical assets and reduce exposure to external shocks. The term “cyber sovereignty” is often used to mean the application of traditional state sovereignty rights and obligations (i.e. control of territory, non-intervention, jurisdiction) to the domain of cyberspace.14 The concept is complicated by the fact that cyberspace doesn’t map neatly onto physical territory (servers, cables, data flows cross jurisdictions), so applying conventional sovereignty (which is territory-based) becomes challenging. At the organizational level, concerns over sovereignty have become increasingly tangible. Governments, public institutions and private enterprises alike are reassessing dependencies on foreign technology providers and global cloud infrastructure, in light of geopolitical tensions and supply chain vulnerabilities. For instance, several European actors – including municipalities such as Copenhagen, in Denmark, and federal agencies in Germany – have begun shifting towards sovereign or regionally managed cloud solutions to ensure compliance with national data-protection mandates and to mitigate perceived risks associated with extraterritorial control of data.15 Similar debates are unfolding elsewhere as organizations weigh the benefits of global interoperability against the imperative of maintaining control over critical digital assets and sensitive information. This trend illuminates a broader recalibration of trust – not only in systems and technologies, but in the geopolitical reliability of the ecosystems that underpin them. The growing attention to sovereignty emphasizes the tension between preserving openness and interoperability and safeguarding national autonomy, control and resilience against external disruptions. As the threat landscape evolves and AI increasingly powers offensive operations in cyberspace, we must step up our work on the resilience of our critical infrastructure and connectivity. The EU stands ready to work with like-minded partners to protect what is today the digital backbone of our economy and society. Looking ahead, our priority is to boost investments in cyber to strengthen Europe’s industrial capabilities and harness deep tech for better detection and anticipation, invest in people to close the cyber skills gap, and deepen intelligence sharing so that we can spot and address vulnerabilities faster. Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy, European Commission Global Cybersecurity Outlook 2026 29