Europe First: Legislation and Geopolitics as Accelerators of Digital Sovereignty
The first two parts of this series showed how digital sovereignty has become a strategic theme and how AI makes the tension between innovation and control visible. In the first part the focus was on cloud, data location and infrastructure, in the second part on AI and data sovereignty. In this third part, the focus shifts to the context within which organizations must make their choices. European legislation and a geopolitical climate that explicitly politicizes digitalization increasingly determine the scope for action.
The research results show that geopolitics and regulations are no longer mere preconditions, but direct drivers of IT and cloud strategies. Organizations are seeking ways to increase their autonomy within this dynamic without sacrificing their innovative power.
Geopolitics as an IT risk
For a majority of organizations, the geopolitical climate now plays a role in IT decisions. 22% indicate that geopolitics is structurally considered in strategic IT decisions. Another 24% actively monitor geopolitical developments and incorporate them into decision-making where necessary. Only 20% indicate that this currently plays no role.
At the same time, concerns about sovereignty are widespread. 81% are concerned about digital sovereignty in a broader societal sense, for example, due to international tensions and dependence on foreign tech companies. This also translates to the organizational level. 72% indicate they are specifically concerned about digital sovereignty within their own organization.
These figures demonstrate that geopolitics is no longer just a topic for policymakers. It directly impacts decisions about data location, cloud platforms, and vendors. Anyone choosing an infrastructure today also chooses a legal and geopolitical framework.
European standards as a strict boundary condition
In the same survey, 83% of respondents indicated that it is important that IT and cloud solutions comply with European and Dutch standards and legislation. This goes beyond complying with general privacy regulations. Organizations want to prevent critical data from falling under the influence of foreign jurisdictions, such as the US Cloud Act.
This need is in line with the development of European frameworks such as:
- EU Data Act, which regulates the sharing and use of data and should strengthen the position of European parties
- NIS2, which sets stricter requirements for cybersecurity and reporting for vital and important organizations
- EU AI Act, which imposes risk-based requirements on the use of AI
For many organizations, it's a challenge to understand these frameworks in context. At the same time, the direction is clear. Europe is emphatically choosing to take greater control of digital infrastructure, data, and AI.
Digital autonomy firmly on the agenda
The study defines digital autonomy as the ability of organizations to maintain control over their IT environment, data, and infrastructure, including data location, regulatory compliance, and partner selection. Seventy-four percent of organizations indicate that digital autonomy is an explicit part of their IT strategy.
In addition, 78% say they actively want more control over where data is stored and who has access to it. A further 78% aim to be less dependent on foreign cloud providers. Furthermore, 73% indicate they are willing to invest more to house data in a fully sovereign environment, for example, on Dutch or European soil.
This movement is in line with solutions that combine infrastructure on Dutch or European soil with clear agreements on jurisdiction, compliance and access, such as the sovereign cloud solutions from Uniserver.
Obstacles: legislation, dependency and knowledge
While the ambition for greater autonomy is clear, implementation proves complex. The three most frequently cited obstacles in the study are:
- complexity of laws and regulations (32%)
- dependence on existing suppliers or platforms (27%)
- insufficient technical knowledge or capacity within the organization (26%)
In addition, 24% indicate that their internal knowledge regarding data sovereignty and legislation is lacking. This makes it difficult to make informed decisions about data location, cloud architecture, and partner selection. As a result, organizations feel the need for action, but don't always know where to begin.
This is precisely where strategic partnerships become relevant with parties that prioritize sovereignty and help connect legislation, technology, and architecture. In previous content, Uniserver, for example, demonstrated how GDPR-compliant with AI without slowing down innovation.
Legislation as an accelerator of sovereign choices
It's striking that regulations are not only seen as a constraint, but also as a catalyst for change. By 2026, IT decision-makers cite infrastructure modernization (33%), improving information security (32%), and compliance with laws and regulations (30%) as their most important IT goals.
To gain more control over critical data, organizations are taking various measures:
- 29% are investigating how AI can be deployed more safely, for example within their own infrastructure
- 24% are tightening internal policies in the areas of governance and compliance
- 19% consciously choose a multi-cloud or hybrid strategy to spread dependencies
In addition, 18% actively limit the use of foreign software or cloud services. Some consciously choose IT partners with infrastructure on Dutch or European soil, such as Uniserver with its focus on Dutch data centers and hybrid cloud solutionsThis means that legislation becomes not only a compliance requirement, but also an opportunity to structurally reform the IT landscape towards greater sovereignty.
Looking ahead: from framework to concrete architecture
The combination of geopolitics, European legislation, and internal strategic choices leads to one clear conclusion. Digital autonomy will increasingly become the standard against which IT decisions are measured by 2026. The question is no longer whether organizations should adopt data sovereignty, but how quickly and with what architecture.
In the fourth and final blog post in this series, the focus shifts to that architecture. The research insights are translated into a practical roadmap. What steps are organizations taking by 2026 to truly establish sovereignty over their IT environment, data, and AI applications, and what role can a partner like Uniserver play in this?
