When Software Becomes a Sovereignty Problem
European governments are beginning to treat software as strategic infrastructure, not just another procurement choice. As concern grows around US tech dependence, cloud dominance and data control, software sovereignty is becoming a practical issue for public-sector buyers and a commercial opportunity for European software companies.
When software becomes a sovereignty problem
European governments are rethinking their dependence on US technology as software becomes strategic infrastructure, not just another procurement choice.
Written by Peter Franks
Government software used to be easy to ignore. It sat behind counters, forms and internal systems, noticed mainly by the people who had to use it every day. When the public did hear about it, the story was usually familiar: a failed IT programme, an over-budget contract, or a service that collapsed under pressure.
That view now feels dated. Software is no longer just the administrative layer beneath government. It shapes how departments communicate, how records are searched, how public services operate and how sensitive information is handled. As more of the state becomes digital, the tools used to run it start to look less like office equipment and more like infrastructure.
This is why software sovereignty has become harder to dismiss. The question is not whether every foreign supplier is a threat, or whether European governments can simply remove American platforms from public life. They cannot, not in the short term, at least. The more serious issue is dependence. A state can own its data, write strict contracts and choose European cloud regions, while still relying on external companies for the systems that organise, protect and interpret that information.
That dependence is not always dramatic. It often builds slowly, through renewals, integrations and everyday convenience. A product works well, teams become familiar with it, a procurement cycle rolls forward, and another layer of public administration becomes tied to a platform that was never really chosen as a strategic asset. Only later does the wider question become obvious: who controls the software that the state now depends on?
The awkwardness of dependence
Europe has lived with this awkwardness for years. Many of the tools used by large organisations were built by American technology companies, and they became embedded for understandable reasons. They were mature, reliable, familiar and well supported. In the public sector, where failed technology projects can become political scandals, the established platform often looked like the safer choice.
That calculation is now changing. Concerns around legal jurisdiction, cloud concentration, vendor lock-in and critical infrastructure have moved from the background into procurement teams, ministries and boardrooms. The issue is not usually as simple as an American company having automatic access to European public data. The concern is more practical and more difficult: where a supplier is incorporated, which laws can apply to it, who operates the service, and what happens when commercial, legal and political pressures no longer point in the same direction.
For governments, unresolved questions can become a risk of their own. Sensitive systems do not need a dramatic backdoor to become uncomfortable. A public buyer only needs to feel that too much operational knowledge, too much technical control, or too much future flexibility sits outside the state’s reach.
This is the point at which software stops looking neutral. A collaboration suite, analytics platform or cloud service may still be a good product. It may still be secure, useful and economically sensible. But it is no longer judged only as software. It becomes part of a larger question about exposure.
France as a warning flare
France is one of the clearest places to watch this shift. Its interest in digital sovereignty is not new, but recent developments suggest that the discussion is becoming more practical. Reports that parts of the French state are moving away from Microsoft Windows towards Linux-based systems sit within a broader attempt to reduce reliance on US technology where public functions feel especially exposed.
The same theme runs through the Palantir story. France’s domestic intelligence agency, the DGSI, has used Palantir’s software for sensitive data-analysis work. A move towards ChapsVision, a French provider, is politically significant because the work is sensitive, the supplier is controversial and the replacement has an explicitly domestic dimension.

It also shows why sovereignty is difficult in practice. Palantir was not used by accident. It was embedded because it did something useful. Replacing software that has worked its way into an intelligence workflow is not the same as changing a subscription tool in a small company. It takes time, expertise and a tolerance for disruption.
That gap between political intent and operational reality is where the subject becomes interesting. Europe can want more sovereign software, but desire alone does not create mature products, smooth migrations or satisfied users. The slogan is the easy part. The replacement plan is where the real work begins.
The server is not the whole story
Data residency has sometimes made digital sovereignty sound simpler than it really is. Keep the data in Europe, use a European data centre and write a tighter contract, and the problem appears to shrink.
That logic has value, but it only covers part of the issue. Modern software is not a locked cabinet. It is patched, monitored, authenticated, integrated and upgraded. It connects to identity systems, analytics tools, cloud platforms, AI services and other layers of the organisation. Control sits across the whole service, not just in the physical location of the data.
This is why cloud has become so central to the argument. Cloud platforms are no longer just places where organisations store information. They are the base on which other systems are built. Once a public body builds deeply around one provider’s ecosystem, switching can become painful even when the data technically belongs to the customer.
European scrutiny of the major cloud providers should be understood in that context. Competition policy and sovereignty policy are starting to overlap. High switching costs shape markets, but they also shape the practical freedom of governments and companies to change direction.
For public bodies, this creates an uncomfortable question. A platform may be secure, efficient and cost-effective today, while still making tomorrow’s choices harder. That does not make it the wrong choice. It does mean the full cost of dependence is often larger than the contract price suggests.
A different kind of software buyer
European governments are not about to abandon every American platform. That would be unrealistic and, in many cases, it would be a mistake. US technology companies still provide many of the strongest products in the world. They have scale, deep security teams, broad ecosystems and long experience supporting complex organisations.
What is changing is the buying conversation. Public-sector buyers still care about price, reliability, usability and support. Those things remain essential. But they now sit alongside a more strategic set of questions. How easy is it to leave? How much internal knowledge is being built inside the supplier’s platform? Which laws might apply in a dispute? How much visibility does the buyer really have into the system?
These are uncomfortable questions because they reveal how quietly dependency accumulates. Software stacks are rarely designed in one clean architectural moment. They grow through urgent projects, renewals, departmental decisions and the pull of tools people already know. By the time a dependency becomes visible, it may be wrapped around years of institutional habit.
Procurement starts to change when that risk becomes legible. A tool that is easy to buy today may look less attractive if it makes tomorrow’s exit too expensive. Convenience still matters, but it becomes harder to treat convenience as the whole answer.
The opening for European software companies
For European software companies, this creates a rare opening. It is not a free pass, but it is a stronger market story than many have had before.
A few years ago, competing with a US incumbent often meant fighting on features, price and implementation risk. The buyer would ask whether the European challenger was as polished, scalable and well supported as the established platform. In public-sector environments, that was a difficult argument to win. Nobody wants to be blamed for choosing the brave but weaker option.
Now there is another dimension to the sale. A European provider can talk about local jurisdiction, transparent governance, public-sector alignment, data portability, open-source foundations and reduced geopolitical exposure. In areas such as government, defence, healthcare, education, financial services and critical infrastructure, those points are becoming part of the product’s strategic value.

The trap is obvious. “European” cannot become a polite excuse for mediocre software. Public bodies may accept some friction during a transition, but they will not indefinitely tolerate tools that feel slower, uglier or harder to use. Staff will find workarounds, procurement teams will lose confidence, and the case for sovereignty will begin to feel like a burden rather than an improvement.
The stronger opportunity is to build products where sovereignty and quality reinforce each other. A secure collaboration platform still needs to be pleasant to use. A sovereign cloud still needs to be easy to develop on. A public-sector analytics tool still needs to be powerful enough for the people who rely on it. That is a much harder ambition than selling against US tech on political grounds, but it is also the one that could create lasting companies.
Sovereignty will be uneven
The next phase is likely to be selective rather than absolute. Some systems will remain with global providers because replacing them would be expensive, risky or unnecessary. Others will be judged too sensitive to leave unexamined. Much of the real work will happen in the middle, where governments and large organisations decide which dependencies are acceptable, which need mitigation and which require credible European alternatives.
That middle ground will be messy. Different countries will move at different speeds. Agencies within the same government may disagree. Some projects will be quietly successful; others will become cautionary tales about rushed migration and underpowered alternatives. There will be cases where sovereignty concerns are real, and cases where the language of sovereignty is used to support industrial policy.
Even so, the direction of travel is clear enough. Software is being pulled into the same conversation as energy, defence, semiconductors and critical infrastructure. Europe has learned, often painfully, that dependence can look harmless until the wider political context changes.
Software dependency is less visible than a gas pipeline or a port, but it can be just as sticky. Once a system holds the workflows, permissions, data structures and habits of an organisation, replacing it becomes a political and organisational project as much as a technical one.
The real test
The sovereignty debate can easily drift into abstraction. It is full of large words: resilience, autonomy, jurisdiction, control. The real test will be much more ordinary. Civil servants need to get their work done. Hospitals need safe migrations. Intelligence agencies need systems they can trust. Vendors need to answer the phone, fix the bug, pass the audit and keep improving the product.
That is where this story will be won or lost. European governments may want more control over their software supply chains, but control only becomes attractive when the alternative works. For US tech giants, the challenge is to make European customers feel less exposed. For European software companies, the challenge is to make sovereign software feel credible, useful and modern rather than worthy but painful.
There is a market opening here, but it is not a sentimental one. The winners will not be the companies that simply sound European enough. They will be the ones that make European buyers feel that choosing local control does not mean accepting a worse product.
Play Paradigm
A scenario game where you become a software company owner and navigate the choices around adopting AI.
Play the game



