Europe has found itself in a difficult and dangerous situation.

Last August, Proton’s Europe tech sovereignty report revealed that over 74% of publicly listed European companies depend on US infrastructure for their basic tech services. Whether sending emails or running critical infrastructure in the cloud, Europe places its digital destiny in the hands of a few American service providers and the government they answer to.

That report now seems prescient. Over the last few months, rifts in the North Atlantic alliance emerged over tariffs and territory, culminating in a recent threat from Washington to break apart NATO itself.

As Proton CEO Andy Yen said at a recent tech conference(uusi ikkuna) in France, “If Trump wants to take Greenland, he doesn’t have to use force. All he has to say is, ‘Tomorrow Google, Apple, Microsoft, and Amazon will stop working in your country if you don’t sign a contract and give me Greenland.’ And if that happens, they will sign within the hour.”

Europe’s digital sovereignty seemed irrelevant as long as the post-war order held. Now that those foundations are shaking, governments are switching over to technology and cloud services they can control. The French government is reducing its use of Microsoft Windows(uusi ikkuna), and other European countries are taking similar steps(uusi ikkuna). Our recent survey found that European consumers support these moves. Nearly three-fourths of them told us in a survey that their society was far too dependent on the United States for technology.

But what does this mean for business leaders?

The problem of dependency isn’t just political. When your core systems rely on foreign providers, your critical systems — email, files, infrastructure — can be disrupted by economic and political decisions far away.

That’s why we urge business leaders to treat their tech stack not as a cost, but as an investment in control, resilience, and long-term independence. Retooling your company is as much a practical challenge as it is a mindset shift.

Here are three questions to ask yourself:

Should I be investing?

Corporate managers face a strategic decision about their internal tools.

Big Tech platforms offer convenience: They’re familiar, widely adopted, and easy to justify as the safest choice. “Nobody gets fired for buying IBM,” as the saying goes. But technology isn’t a commodity. Your tech stack shapes how your business operates, who controls your data, and how resilient you are when circumstances change.

Take for instance: In the late 2000s, the Chinese government realized it was too dependent on foreign oil. So it began to invest in the creation of a new domestic electric vehicle industry. Nearly two decades later, Chinese carmakers produce about two out of every three(uusi ikkuna) electric vehicles sold globally.

If Chinese decision makers had viewed automobiles as a cost, they would have purchased reliable gas-fueled cars from Japan or Detroit. Instead, they decided automotive tech was an investment. It paid off in the form of a powerful homegrown industry for China and affordable high-quality cars for everyone.

Your tech procurement decisions deserve deeper reflection and long-term thinking. When weighing your options, it’s worth asking:

  • Do my service providers share my values and vision?
  • Is my business data properly secured and confidential at all times?
  • If geopolitical circumstances change, do I own my data?
  • Will my tech stack be an asset or a liability when seeking new business?

Businesses that take these questions seriously are already turning security into a competitive advantage. Our 2026 SMB Cybersecurity Report found that using secure tech was a competitive advantage for 66% of businesses. And the price you pay for those services may not be so different; indeed, it might even be cheaper to buy local.

Is it digital sovereignty washing?

First there was greenwashing(uusi ikkuna). Then there was privacy washing. Now there’s digital sovereignty washing.

US tech companies know digital sovereignty is important to European businesses. That’s why Google and Microsoft both promote a “Sovereign Cloud” and a European “data boundary” that evokes the idea of local control. “Discover a sovereign cloud without compromise,” Microsoft says.

It’s dangerous marketing because it’s not quite true. And the only thing worse than bad security is a false sense of security.

You don’t gain digital sovereignty just by choosing tech that processes and stores your data locally. You earn it through control — over access, usage, and the laws that ultimately apply to your data. The reality is very different from the marketing spin.

Sovereignty vs. sovereignty washing

Here are five clues to tell the difference:

  • If security updates and product development decisions happen overseas, then it’s sovereignty washing.
    • If those decisions are made within your region, under your legal and operational control, then it’s actually sovereign.
  • If the software is closed source so you can’t independently verify security claims, then it could be sovereignty washing.
    • If the code is open to inspection and backed by independent audits, then it’s actually sovereign.
  • If suppliers are subject to foreign laws such as the CLOUD Act, which allows US government surveillance even on servers physically in Europe, then it’s sovereignty washing.
    • If your data is governed solely by local laws with strong protections, then it’s actually sovereign.
  • If geopolitical pressures could result in downtime or changes to pricing and policies, then it’s sovereignty washing.
    • If your operations aren’t exposed to external political pressure, then it’s actually sovereign.
  • If European capital flows into the US, where it funds further innovation and job creation for Americans, then it’s sovereignty washing.
    • If it strengthens your local economy and creates a cycle of reinvestment in your market, then it’s actually sovereign.

In the worst case, US tech companies could abandon the idea of data boundaries altogether. In April 2026, Microsoft moved precisely in that direction when it announced “flex routing”(uusi ikkuna) would be turned on by default for European customers, enabling offshore data processing.

If your data boundary can be punctured so easily, it’s sovereignty washing.

Are there European alternatives?

Europe has just woken up to the problem of US tech dependence. But that’s not because it’s a new problem. American tech companies have dominated the global business market since the beginning of cloud computing. Until now that has left European industry at a disadvantage.

But over the past 10 years, this has started to change, especially when it comes to enterprise software. From cloud computing(uusi ikkuna) to network security, identity management to AI chat assistants, European providers are reaching feature parity with global competitors.

In some cases, these providers depend on US infrastructure, but not always. For example, Proton’s Lumo AI runs open source models on European servers under European legal jurisdiction. That means your data stays under European control, not just physically, but legally and economically. Ironically, thanks to the GDPR and a privacy-first encryption architecture, Americans can gain more control and data privacy by outsourcing the tech stack to Europe.

By choosing European alternatives and promoting homegrown tech, you’re investing in how much control your business has over its future. The next wave of entrepreneurs and developers might not flock to Silicon Valley and instead choose Paris, Munich, or Geneva. It becomes a virtuous cycle that stimulates European demand for its own products.

That’s how this shift happens: not through a top-down policy, but through a multitude of individual choices by businesses like yours.