A policy playground
The structure of dependence in European technology
Europe enters 2026 regulatorily sovereign and industrially dependent. The conventional narrative of European weakness misses the actual question. It isn't what Europe lacks — it's how the dependencies are structured.
This is a working framework for thinking about that structure: where Europe stands, what alternatives actually exist, who Europe should partner with, what to do contractually and architecturally, and how far regulation alone can go.
The framework
Three types of risk
Adversarial (China), extraterritorial (USA), concentration (no geopolitics). Each requires a different defensive architecture. Confusing them produces strategy that defends against the wrong threat.
Three layers of sovereignty
The bit layer (where data lives), the interpretation layer (the ability to read it without the vendor), and the instrumentation layer (who controls the lifecycle of the tools). Dependencies in each layer have qualitatively different consequences.
Minimum Viable Sovereignty
A pragmatic middle ground between costly autarky and unsustainable total dependency, articulated by Forrester analyst Dario Maisto. The minimum set of contractual, architectural, and operational measures that preserves the right of exit when any single dependency turns into a crisis.
Contents
Where Europe stands: the risk landscape, the dependency map, the layered framework of digital sovereignty.
What Europe actually has: cloud, productivity, identity, AI, and processor architecture.
Whom Europe should invite in: a partnership map for the post-Magdeburg world.
What to do Monday: contractual instruments and a 24-month roadmap.
How far regulation alone can go — and why it needs alternatives to have leverage.