The path to digital sovereignty
Fujitsu / January 6, 2026
Digital sovereignty has become a key topic in recent period, driven by shifts in the geopolitical landscape — from developments in U.S. politics to Europe’s relationship with China and the ongoing war in Ukraine. This topic has now reached IT consultancy firms, and our clients are increasingly asking about it.
At Fujitsu, we organize roundtable discussions where customers can share their perspectives on digital sovereignty. These sessions help us understand their priorities on this topic and ensure that our interpretation of their needs aligns with their expectations.
Digital sovereignty can be complex because it can be approached from different perspectives. From a business perspective: Can we keep our company operational? From a data perspective: Where does it reside, and who can access it? From a legal perspective, which laws apply — U.S. Patriot Act or European legislation? And finally, from a technical perspective: What measures must we take to stay (or get back) in control?
Understanding the landscape
Various industry sources offer guidance. Gartner provides a conceptual view, while cloud providers such as AWS, Microsoft, and Oracle outline their own approaches. The European Commission’s Cloud Sovereignty Framework is particularly insightful, with its sovereignty goals, assurance levels, assessment model, and even a “sovereignty score” for procurement processes. After all this research, here's my take on the matter.
In my view, digital sovereignty isn’t about politics per se — it’s about your architecture. When you analyze the requirements, in many ways, digital sovereignty is an extension of risk management. Geopolitical risks may shift, but the mitigation remains technical: maintaining control over data, networks, and adaptable IT systems to ensure resilience and enable rapid, business- or regulation-driven change.
You can’t buy digital sovereignty, you have to ‘build’ it
As IT capabilities - knowledge, skills and achievements - grow, the organization becomes more resilient and better able to make choices that suit business development. These capabilities span areas such as: software development, security, scalability, availability, licensing strategy, hardware and infrastructure, data residency, and vendor management.
Imagine a ladder: the higher you climb, the more capabilities you gain. At the bottom lies technical debt — outdated systems, limited software-development capacity, rising security risks, manual processes, and proprietary dependencies. In this state, organizations struggle to mitigate even basic risks.
Step 1: Application Modernization
The journey begins with modernizing applications and platforms. By adopting modern development tools and renewing infrastructure, organizations regain the ability to evolve their own software and address operational concerns related to availability, resilience, licensing, and security. Early automation efforts start here.
Step 2: Becoming digital sovereignty “ready”
The next stage brings broader automation and the ability to run workloads across multiple (cloud) platforms. Organizations gain control over data residency, implement multi-site high availability, and reduce vendor lock-in — often by adopting open-source technologies. At this point, the organization can mitigate tactical risks and is effectively prepared to achieve digital sovereignty.
Step 3: Getting back strategic control
At the highest level, organizations control all essential IT capabilities. They intentionally select open-source and containerized solutions, accept dependencies only where necessary, and fully own decisions about data residency. By decoupling functionality from technical implementation, they gain strategic freedom. The risks mitigated here are long-term and geopolitical in nature.
Conclusion
Ultimately, digital sovereignty is the result of climbing the IT-capabilities ladder: moving away from technical debt to getting back strategic control. The higher an organization is on that ladder, the more effectively it can achieve sovereignty. Perhaps the most productive way forward is to shift the discussion: instead of talking about digital sovereignty itself, we should talk about building the IT capabilities that define sovereignty.
Let’s connect and explore how we can support your organization in shaping a secure and sovereign digital future.
Holding a Master’s degree in Organizational Psychology (Utrecht University) and multiple high-level AWS certifications (Solutions Architect Professional, Security Specialty), he combines deep technical expertise (like Linux, networking, AWS and GCP) with strong people-oriented leadership. Currently at Fujitsu, Jan acts as a senior consultant and participates in the sales team. Known as the “glue” in teams and complex projects, Jan excels at translating technical decisions into business strategy, making IT landscapes future-proof, improving security maturity, and helping people and organizations grow. His career spans pioneering open-source solutions, CTO roles, ITIL-based service management, and large-scale migrations for clients.
Jan van der Torn | LinkedIn
You May Like
Editor's Picks
