If you study the history of the British East India Trading Company, it’s astonishing that a company founded in London in 1600 managed to conquer and control large countries half a world away over almost three centuries. Yet, if we look at today’s corporate tech behemoths, they arguably wield an even greater level of influence.
In the 21st century, a few companies could disable the services and computers that control our news, water supplies, and even traffic lights. Sovereignty no longer resides solely in borders, armies, or treaties. It increasingly lives in code, cloud infrastructure, and supply chains that stretch across jurisdictions.
Modern states and our whole lives operate atop a digital substrate we neither fully control nor entirely understand. This shift has created a paradox: the very technologies that promise efficiency and global integration simultaneously erode autonomy.
Many governments today rely on a dense mesh of external vendors for critical infrastructure. From hyperscale cloud providers to proprietary software ecosystems, much of what powers public administration is owned and operated by private entities. In many cases, these operate in foreign jurisdictions. This reliance is not inherently problematic since interdependence has long been an accepted feature—and in many cases a benefit—of globalization. However, the asymmetry of control is stark and ripe for exploitation. A single provider can wield disproportionate influence over data access, service continuity, and security posture.
International organizations such as the International Criminal Court (ICC) face an even harsher version of this challenge. Built on consensus and cooperation, they often lack the mandate or capacity to develop sovereign digital capabilities. Instead, they default to commercial platforms optimized for scale rather than neutrality. This creates a subtle but persistent vulnerability as governance mechanisms designed for geopolitical balance are increasingly mediated by infrastructure governed by commercial entities elsewhere.
The Fragility Beneath the Stack
The modern IT stack is often described as layered, but in practice, it behaves more like a tightly coupled system where failures cascade unpredictably. Dependencies are not merely technical. The internet and the cloud make them geopolitical. A vulnerability in an open-source encryption library, OpenSSL, maintained by a handful of volunteers, triggered global national security concerns. U.S. sanctions following the ICC’s investigation into the Gaza conflict led to the court and individual judges being cut off from U.S. cloud service providers. And a U.S. House of Representatives investigation into E.U. tech regulation exposed Dutch Civil Service emails.
All those examples shine a spotlight on the growing centralization of cloud computing, which can have intended or unintended consequences and can clearly lend itself to weaponizing IT. While it’s true that cloud platforms offer resilience and scalability, they also consolidate risk. Outages in a handful of regions can disrupt essential services across continents. More critically, the legal jurisdiction governing these platforms introduces an additional layer of exposure. Data stored in one country may be subject to the laws of another, creating conflicts that are difficult to reconcile in practice.
Cybersecurity threats and vulnerabilities compound this fragility. Nation states and non-state actors alike exploit supply chain weaknesses, targeting software dependencies and service providers to achieve an outsized impact. The attack surface is no longer confined to an organization’s network. Interconnections and dependency extend them into the global ecosystem of partners, vendors, and shared infrastructure. In this environment, sovereignty is not just about defending borders but about understanding and securing the invisible connections that underpin digital operations.
Strategic Autonomy or Strategic Illusion?
In response, many governments, from Canada and the E.U. to Africa, have begun pursuing digital sovereignty. Their initiatives range from national cloud projects to data localization laws to investments in domestic AI ecosystems. These efforts aim to reclaim control, but they often confront a hard reality: true autonomy in a globally integrated digital economy may be unattainable.
There are several reasons why lofty declarations often run into reality. For one, building sovereign alternatives to entrenched platforms is costly and time-consuming. Even when successful, these initiatives risk creating parallel systems that lack the innovation velocity of global incumbents. Moreover, strict localization requires careful balancing with human rights and free speech. Resilience and openness are pulling in opposite directions, and policymakers must weigh the cost of choosing between them.
Driven too far, centralizing digital infrastructure under national authority can introduce its own risks, including reduced transparency and increased potential for misuse. Strategic autonomy should not become a pretext for digital isolation or authoritarian oversight. Instead, it requires a nuanced approach that balances independence with interoperability.
International organizations in particular must navigate this landscape carefully. Their legitimacy depends on neutrality, yet their operations depend on infrastructure that may be subject to national interests. Developing shared standards, investing in open technologies, and fostering collaborative governance models are potential solutions to escape this dilemma. However, these efforts demand sustained political will and coordination, which are often in short supply.
Toward Resilient Interdependence
If absolute sovereignty is a mirage, perhaps the goal should shift toward something more realistic and attainable: resilient interdependence. This means designing systems that acknowledge and manage dependencies rather than attempting to eliminate them. Transparency becomes a cornerstone in this approach. Nations and organizations need clear visibility into their digital supply chains, including who controls critical components and under what conditions.
Open source plays a pivotal role in this context because it offers the transparency and collective stewardship that proprietary systems often lack. Yet openness alone is insufficient without investment in maintenance, security, and governance. The sustainability of shared digital infrastructure is not merely a technical one. It’s a strategic concern.
Ultimately, digital sovereignty in the modern era is less about control and more about agency. It is the ability to make informed choices, to adapt to disruptions, and to participate in the global digital ecosystem on equitable terms. Achieving this requires a shift in mindset from ownership to stewardship, from isolation to collaboration. In a world defined by interconnected systems, sovereignty is no longer a fortress; it becomes a network that needs to be managed, stress-tested, and future-proofed.
