Technology

In recent years, digital sovereignty has become a top concern among businesses and governments across EMEA. While much of the conversation focuses on regulatory compliance, Julio Guijarro, Chief Technology Officer for Red Hat in the EMEA region, argues that digital sovereignty is ultimately about autonomy and resilience—far beyond meeting legal mandates.

Guijarro, who has closely observed evolving customer demands in the region, points out that geopolitical instability is one of the core accelerators of interest in digital sovereignty. Ongoing trade wars and sanctions are disrupting operations and underscoring the vulnerability of organizations that rely heavily on non-local digital infrastructures.

From Compliance to Operational Resilience

A stark example came in 2022 when Amsterdam Trade Bank (ATB), a stable Dutch financial institution, was pushed into bankruptcy—not due to financial mismanagement, but as a result of sanctions on its Russian parent company, Alfa Bank. The enforcement of sanctions led cloud service providers to cut off access to ATB's core digital services, including email and banking systems. Despite ATB being fully compliant with Dutch and EU law, the lack of operational autonomy proved fatal.

"This case underscores a critical truth: own compliance does not guarantee sovereignty or survival," Guijarro explains. "Organizations that rely entirely on third-party infrastructure are exposed to external decisions beyond their control."

Another example is from Australia, where a major hyperscaler accidentally deleted superannuation fund UniSuper’s online account. Fortunately, UniSuper had a third-party backup, allowing them to recover quickly. These incidents highlight the importance of contingency planning and infrastructure decentralization.

Sovereignty vs. Autonomy

While digital sovereignty often refers to government-led initiatives like GDPR or data localization mandates, Guijarro stresses the importance of digital autonomy—the ability for an organization to continue operating even amid vendor failures or political disruptions.

The Dutch government has formally distinguished these two concepts: a company can be legally sovereign (regulated by national laws) but lack autonomy if it cannot function independently when service providers pull the plug.

Strategies for True Digital Autonomy

Guijarro outlines a strategic roadmap for achieving digital autonomy:

• Diversify Infrastructure: Eliminate single points of failure through multi-cloud and hybrid cloud models, incorporating on-premise systems to reduce dependency on any one provider.

• Embrace Open Source: Technologies like Red Hat OpenShift enable portability across cloud environments and provide the flexibility, transparency, and privacy required to meet sovereign requirements.

• Utilize Confidential Computing: These technologies protect sensitive data even while using third-party cloud services, offering a bridge between security and efficiency.

• Control Your Exit Strategy: Businesses must prepare for the possibility of needing to migrate systems and data if service providers change their policies or fall under new geopolitical restrictions.

• Invest in Community-Driven Resilience: Global cybersecurity infrastructure, such as the CVE database, has shown the importance of decentralized support systems and the value of international open source collaboration.

The Role of Open Source in Sovereignty

Open source solutions, according to Guijarro, not only provide a neutral and decentralized approach to technology development but also empower nations and organizations to build local capabilities and innovation ecosystems. It offers transparency, control, and a collaborative backbone for future-proofing digital strategies.

"Resilience is not something to be delayed—it is the foundation of a sovereign digital future," says Guijarro. "If we’re only consumers of technology, we risk stagnation. But by contributing to and investing in open source, we ensure innovation, security, and long-term control."

Conclusion

Digital sovereignty is no longer just a regulatory checkbox—it is a strategic necessity. As the examples of ATB and UniSuper demonstrate, organizations that rely solely on compliance and third-party infrastructure are vulnerable. The key takeaway: true digital sovereignty requires proactive investment in resilience, autonomy, and open ecosystems. Businesses must move now to ensure they are prepared for whatever the geopolitical and technological future may hold.

• Tags
• #Business
• #Magazine
• #Lifestyle