Blog

International approaches to digital sovereignty

David Patterson headshot
by
David Patterson

Digital sovereignty is a fast-growing concern for education and research – and an emerging topic at TNC26 last week where the international National Research and Education Network (NREN) community has been exchanging perspectives and approaches.

A group of people walking across a bridge in London.

As reliance on global cloud platforms, software and data infrastructure grows, so do questions about control, resilience and long-term choice.

For universities, colleges and research organisations, this is no longer abstract. It affects where their data sits, who controls the systems they depend on and how easily they can adapt if costs rise, rules change or services are disrupted.

As part of a globally connected NREN community, we are closely engaged in these conversations – both contributing to and drawing on sector expertise from across Europe and beyond.

This blog sets out what digital sovereignty means in practice, why it matters now, and how the NREN community is responding.

Understanding digital sovereignty

You may have seen the term digital sovereignty popping up more often in the news and in policy debates. It sounds technical, commercially challenging, even political – but at its heart, it’s about some fundamentals:

  • Knowing where your data is
  • Understanding who controls the systems you use
  • Avoiding being locked into a single supplier or platform

It’s useful to balance what digital sovereignty is, with what it isn’t:

  • It’s not about excluding global technology providers, which will continue to play an important role.
  • It’s not about building everything from scratch, as that would be expensive, slow, and unnecessary.
  • It’s not a single technical solution, because digital sovereignty spans infrastructure, governance, contracts, skills, and collaboration.

The topic is being discussed more because governments and organisations have recognised how dependent they are on a relatively small number of global technology providers for cloud, chips, software, and data infrastructure, creating risks for security, resilience, and control.

Governments and organisations have recognised how dependent they are on a relatively small number of global technology providers.

It’s also gaining prominence because data and digital systems now sit at the centre of essential services for government, research and healthcare. As a result, loss of control is increasingly viewed as a strategic risk to growth and security.

Why it matters to research and education

If a university or college depends heavily on one cloud provider, software company, or country’s technology, how much freedom does it really have if prices rise, rules change, or services are disrupted?

This is a question that affects day‑to‑day operations and shared values:

  • Protecting learners, staff, and research. Institutions hold sensitive personal data and valuable research outputs. Digital sovereignty means understanding where that data is processed, under which legal frameworks, and how easily it can be moved if circumstances change.
  • Supporting academic freedom and choice. Digital platforms increasingly shape how teaching and research are delivered. If systems are rigid, opaque, or difficult to exit, they can limit innovation and academic autonomy.
  • Maintaining continuity of service. When systems are disrupted, teaching and research stop. A sovereign approach focuses on resilience: ensuring services remain available even when suppliers, contracts, or technologies change.

Digital sovereignty is increasingly shaped through infrastructure decisions that affect resilience, security, flexibility and long-term control.

The policy response

Countries are taking different approaches to digital sovereignty. Some have adopted strong legislative or policy positions designed to reduce dependence on large foreign suppliers; others remain more flexible, with limited guidance or no clear national strategy.

In the UK, there is not yet a formal policy or legislative framework for digital sovereignty, but the House of Commons Research Briefing offers a useful indication of how the issue is being considered within government. Digital sovereignty is regularly reported in the news, for example: recent spending announcements on the UK Sovereign AI Fund, and controversy over access to public data by international technology companies.

Countries are taking different approaches to digital sovereignty.

In Canada, the government’s white paper on Data Sovereignty and Public Cloud takes a notably stronger position, explicitly identifying the US legislation as “the primary risk to data sovereignty.”

In the European Union, the recently published Cloud Sovereignty Framework is intended to help public administrations and suppliers strengthen their digital sovereignty posture. It is used to evaluate tenders and to encourage the market to deliver digital solutions that align with EU law and values.

In France, one of the most visible examples of digital sovereignty in practice has been the decision by the Interministerial Directorate for Digital Affairs (DINUM) to reduce reliance on US technology by moving government computers from Windows to Linux.

The NREN response

Across the global NREN community, digital sovereignty is not being treated simply as a concept, but addressed through concrete strategic decisions about infrastructure, data, and risk. These approaches reflect national priorities, public values and differing operational contexts.

A consistent theme emerging from discussions at TNC26 is that digital sovereignty is best understood as resilience through collaboration and choice, rather than isolation from global markets.

SURF, the Dutch NREN, has been particularly active in this space, linking digital sovereignty to public values and strategic autonomy. Its work focuses on identifying viable alternatives and complementary services to major global platforms. For example, its pilot of a Nextcloud collaboration environment explores functionality comparable to widely used commercial tools.

A consistent theme emerging from discussions at TNC26 is that digital sovereignty is best understood as resilience through collaboration and choice, rather than isolation from global markets.

RENU, Uganda’s NREN, shared its approach to sovereign cloud during TNC discussions. Its model is shaped by both cost considerations and infrastructure realities, including power availability. By designing systems that can adapt to intermittent power conditions, it has developed resilience characteristics that can in some circumstances allow continued operation even when large-scale outages affect global providers.

GÉANT continues to support a range of initiatives relevant to digital sovereignty, including connectivity for the EuroHPC Joint Undertaking, federated access to digital wallets through eduGAIN, and the inclusion of practical NREN examples in the TNC programme. Strategically, GÉANT has also established a public affairs presence in Brussels to engage more directly with EU policy development.

Together, these examples highlight the strength of the international NREN community: sharing expertise, learning from different operating environments and collectively strengthening the sector’s ability to respond to emerging challenges.

Closing

Digital sovereignty is not a fixed destination or a single solution. As the discussions at TNC26 have shown, it is an evolving challenge that requires ongoing collaboration, shared learning, and practical action across borders.

For the NREN community, this collective approach is a strength, enabling institutions to respond to global pressures with informed, resilient, and flexible strategies, rather than in isolation.

For education and research, this reinforces the importance of treating digital infrastructure as a strategic capability that underpins resilience, autonomy and long-term choice.

About the author

David Patterson headshot
David Patterson
Head of international, Jisc