by Constantine Kalynovskyi
The final days of 2025 delivered a harsh signal to Europe: the United States imposed visa bans on European figures involved in digital policy leadership over the EU’s Digital Services Act. This was more than a diplomatic dispute; it signaled that technological governance has become active terrain in geopolitical relations. In the weeks that followed, events in Venezuela and renewed public rhetoric from President Trump about the strategic necessity of Greenland underlined a broader pattern: power is increasingly exercised directly, with limited regard for longstanding norms and assumptions about sovereignty. For Europe, this makes the question of digital and infrastructural sovereignty more urgent and not as a slogan about data centers, but as a practical question of who controls the systems that can grant, restrict, or revoke access.
It also exposes an uncomfortable question. If pressure can be applied at the level of policymakers, it is reasonable to ask how similar leverage might operate at the level of infrastructure.
When European policymakers talk about digital sovereignty, the default answer is often data centers—rows of servers physically located in Frankfurt, Paris, or Warsaw. But locating hardware within Europe’s borders is only the first step.
In practice, sovereignty in the digital age is exercised at the control plane: the layer that governs access, enforces policy, and executes compliance decisions.
If that layer is governed outside European jurisdiction, autonomy becomes conditional. Decisions affecting European companies can be executed externally, instantly, and at scale, regardless of where the hardware resides.
A modern cloud environment has two broad layers:
Data Plane is the warehouse where the boxes are stored.
Control Plane is the manager who holds the keys, the inventory list, and the authority to lock the doors. Europe has built the warehouse, but the manager works in Washington..
Ownership of the physical infrastructure — data centers, cables, racks — matters, but sovereignty is determined by who controls the decisions. A cloud account, governance policy, or regulatory action exercised at the control plane can instantly affect access and service availability even if data sits physically in Europe.
This distinction is well recognized by digital infrastructure specialists who note that jurisdiction and legal authority over the control plane determine sovereignty far more than geographic placement of servers. In other words, where servers sit does not equal who controls what the system does. (LinkedIn)
We have real examples that illustrate how control planes — not server locations — determine availability:
In response to rightful and morally correct sanctions against Russia, major U.S. cloud vendors restricted services for Russian organizations following regulatory orders. These restrictions were not dependent on where the physical data was stored but on decision logic controlled through American corporate governance and legal obligations. This demonstrates how an external control plane can impact infrastructure users globally.
Microsoft, for instance, publicly committed to contesting any order to suspend services in Europe, underscoring the recognition that such control decisions matter at policy boundaries. (AP News)
Just a week ago, the United States imposed visa bans on European figures involved in digital policy leadership over the EU’s Digital Services Act — a signal that technological governance and regulatory autonomy are now active terrain in geopolitical relations. European leaders criticized this as an attack on digital sovereignty. (Financial Times)
While this example does not directly involve cloud service suspension, it shows that governance actions tied to digital regulation are already being treated as leverage points with real diplomatic consequences. The next step could plausibly be controls exercised via infrastructures such as cloud control planes.
European companies relying on U.S. cloud providers are subject to overlapping and sometimes conflicting legal obligations. The U.S. CLOUD Act allows American authorities to compel access to data handled by U.S. companies, regardless of where the data physically resides. This means European organizations using U.S. cloud services may be obligated to provide access under U.S. law even if that data is stored in a European data center. (LinkedIn)
This creates a structural risk: the system that governs infrastructure, the control plane is subject to the legal regime of the provider’s home jurisdiction (in this case, U.S. law). Even strong European data residency laws do not negate this dynamic if the infrastructure is operated by an entity legally tied elsewhere.
A growing body of policy analysis reinforces this point: data residency alone is insufficient for true sovereignty when control and legal authority remain external. (VMware Blogs)
European leaders and institutions are increasingly aware of these structural dependencies:
A study claims roughly 90% dependence of European digital infrastructure on U.S. cloud providers, indicating the breadth of exposure. (The Register)
The Dutch parliament passed motions urging a reduction in reliance on U.S. software and favoring EU-controlled cloud platforms. (Reuters)
Swiss data protection authorities explicitly warned against using U.S. cloud services for sensitive data due to extraterritorial legal concerns. (TechRadar)
EU regulators identified major U.S. providers (AWS, Google Cloud, Microsoft) as “critical” third-party tech providers subject to direct supervision under the Digital Operational Resilience Act (DORA). (Reuters)
Broader initiatives such as Gaia-X and EuroStack aim to build federated or independent alternatives to reduce dependency on non-European infrastructure. (Wikipedia)
These developments show that the question of sovereignty is no longer theoretical: it has moved into parliamentary motion, regulatory designation, and strategic infrastructure planning.
Beyond political risk, investing in European control plane technologies offers clear economic benefits:
Job creation and skills development. Building and operating sovereign infrastructure creates technical jobs in infrastructure engineering, data governance, and platform operations.
Capital retention. Rather than transferring cloud spending to non-European vendors, investment circulates within European economies, contributing to GDP growth.
Innovation ecosystems. Sovereign platforms can catalyze new European startups and research initiatives in AI, data analytics, and edge computing, reducing long-term dependency.
Resilience and competition. A diversified infrastructure ecosystem reduces single points of failure and fosters competitive markets, leading to more robust services and lower systemic risk.
Policy initiatives and economic assessments from European think tanks emphasize that technology autonomy isn’t just defensive — it can be a competitiveness enhancer in global markets. (LinkedIn)
It’s important to dispel common misconceptions:
Sovereignty is not merely data residency. Locating servers in Europe does not prevent foreign legal regimes from influencing access or control logic. (VMware Blogs)
Sovereignty is not isolation. Interoperability and cross-border cooperation remain valuable; sovereignty means governed and controlled participation, not withdrawal.
True sovereignty must encompass:
Control plane autonomy — the ability to set and enforce rules under European jurisdiction;
Legal authority — clarity over which laws apply and who can compel action;
Operational independence — capacity to run and manage platforms without undue external influence.
Recent geopolitical tensions — evidenced by visa bans tied to digital policy leadership and anxieties around U.S. legislation — show that digital systems now sit at the intersection of law, infrastructure, and geopolitics. European digital sovereignty cannot rest on server location alone; it must be rooted in control plane governance and legal authority.
Investing in European control plane capabilities is not just a matter of technical efficiency — it is an economic and strategic necessity. By doing so, Europe ensures that critical decisions affecting infrastructure are made under European law, by European institutions, and for European interests.
Only then can digital sovereignty move from abstract rhetoric into durable capacity.