In March, Iranian drone attacks on Amazon data centers in the United Arab Emirates and Bahrain set a precedent: critical digital infrastructure became a military target. Yet the resilience of U.S. networks prevented a total collapse.
Meanwhile, debates over digital independence are intensifying across the European Union.
In early 2026, Miguel De Bruycker, director of Belgium's Centre for Cybersecurity, warned that Europe had effectively "lost the internet." U.S. companies dominate cloud computing, AI platforms, operating systems and much of the digital infrastructure underpinning Europe's cybersecurity, leaving the continent heavily dependent.
In 2024, Europe’s cloud market reached €61 billion, but European providers held only around 15%. Amazon, Microsoft and Google accounted for roughly 70%.
The European Commission is aware of the gap. Its AI Continent Action Plan and proposed Cloud and AI Development Act aim to triple EU data center capacity within the next 5 or 7 years and support sovereign clouds that keep sensitive data under national or regional control.
Yet Europe must face reality: it lacks the decades of technological development and trillions of dollars in investment needed to replace American technologies without sacrificing competitiveness or security.
Europe's digital sovereignty dilemma
According to the Centre for European Policy Analysis, achieving full digital sovereignty would conservatively cost €3.6 trillion over the next decade — roughly 20% of the EU's annual gross domestic product. The estimate includes semiconductor facilities, software and hardware development, digital services and the recruitment of a skilled workforce.
However, modern sovereignty is not about autarky; it is about control.
Even France, in its 2026-2030 National Cybersecurity Strategy, chose "selective interdependence" over isolation. Cyprus echoed this logic during its Council Presidency of the EU with the slogan: "An Autonomous Union. Open to the World."
The pursuit of full digital autonomy is not only unrealistic for Europe but also potentially dangerous.
Isolated systems remain vulnerable to physical attacks and technological failures. Building a fully independent digital ecosystem would require resources Europe currently lacks, especially amid rising defense spending in response to Russian aggression.
Ukraine's experience during Russia's full-scale invasion demonstrates why distributed systems matter.
In early 2022, Ukraine allowed critical state data to be stored in foreign cloud environments. This reduced the risk of a single attack disabling the entire system and helped keep government operations running even if local infrastructure was destroyed.
Estonia adopted a similar approach after the 2007 cyberattacks. In 2017, it established the world's first "data embassy" in Luxembourg — a secure facility storing backups of essential national registries under protections such as diplomatic immunity.
Toward a technological alliance
These examples show that Europe's cybersecurity interests are better served by resilience than by absolute independence. Shared infrastructure distributes costs and risks more effectively.
That is why Europe should pursue sovereign interdependence rather than technological isolation.
Such a strategy would include both EU member states and non-EU partners, such as the U.S., the U.K., Canada and Australia. The goal is to create a trusted network of allies sharing technologies, infrastructure and security responsibilities.
Crucially, this model would work both ways.
Europe would continue to rely in part on American cloud and AI technologies, while the U.S. and other allies would draw on critical European strengths in semiconductor manufacturing equipment, such as extreme ultraviolet lithography, as well as cybersecurity, regulatory frameworks and industrial capacity.
Ukraine's planned shift to European 5G technologies, moving away from Chinese suppliers, already illustrates this interdependence.
This approach requires three safeguards. First, Europe needs rigorous screening of vendors, investors and supply chains.
Second, it should expand hybrid architecture — sovereign clouds, regional hubs and data embassies — so critical systems are not concentrated in one place.
Third, EU rules such as the General Data Protection Regulation and the AI Act should protect rights and security without blocking safe cross-border data flows.
Digital sovereignty can strengthen Europe only if approached pragmatically.
Leveraging global alliances while retaining control over critical elements can transform digital vulnerability into strategic strength, ensuring stability and autonomy in an interconnected world.
Sign up to The Parliament's weekly newsletter
Every Friday our editorial team goes behind the headlines to offer insight and analysis on the key stories driving the EU agenda. Subscribe for free here.