What is digital sovereignty?

Digital, cyber, technological, and data sovereignty describe the capacity to govern and manage one’s own digital future, including the data, hardware, and software one uses and produces.

Or, as the Centre for Africa-Europe Relations puts it: the physical layer (infrastructure, technology), the code layer (standards, rules and design) and the data layer (ownership, flows and use).

Countries generally agree on the need to foster homegrown tech industries, particularly where there are potentially significant national security consequences.

However, countries adopt different strategies for governing these technologies and data, and such diverse views on digital sovereignty have intensified geopolitical rivalry among the US, China, and the EU.

Many policymakers view digital sovereignty as a pressing issue, arguing that excessive control rests with a few regions, the technology market offers limited choices, and a small group of tech giants hold vast amounts of user data.

The EU’s General Data Protection Regulation, or GDPR, is one example of how digital sovereignty manifests in everyday life. Its goal is to standardize the protection of personal data online by implementing regulations and enforcing them through potential penalties.

Under the terms of the GDPR, any organization, no matter where it is based, must abide by a set of data management rules if it wants to trade with customers in EU countries. Those rules make it possible for individual citizens to take more control of how their data might be used. It imposes possible penalties of up to $25 million for violations involving data breaches.

In recent years, the European Union has voiced growing worries about the stronghold of the United States and China in innovation and global market rivalry. China’s Digital Silk Road initiative aims to expand digital technologies in developing countries, challenging US dominance and raising security concerns due to the potential for surveillance and data collection.

China’s own digital sovereignty approach is set by a trio of laws: the Cybersecurity Law (CSL), Data Security Law (DSL) and Personal Information Protection Law (PIPL), the equivalent of GDPR, which jointly govern cybersecurity and data protection.

The growing global landscape of AI governance is similarly characterized by divergent approaches, reflecting the geopolitical tensions and competing visions of digital sovereignty. The European Union has taken a proactive stance with its comprehensive regulatory framework, including the AI Act, DMA and DSA.

These regulations emphasize a human rights-oriented approach, mandating conformity assessments for high-risk AI systems and imposing transparency requirements on recommender engines.

By contrast, the United States has traditionally preferred minimal government intervention, leaning on companies to regulate themselves. But under the Biden administration, recent initiatives like the AI Bill of Rights signaled a shift towards more stringent oversight. With the Trump administration set to take office, regulatory approaches may once again change. It is still unclear if Congress will approve the proposed American Privacy Rights Act in 2025.

China, on the other hand, has implemented measures such as the Internet Information Service Algorithmic Recommendation Management Provisions and the National Integrated Circuit Industry Investment Fund, reflecting its state-centric model of AI governance.

These diverse strategies carry major geopolitical consequences, which may result in fragmented technological ecosystems and hinder global collaboration on AI governance.

The EU-US Trade and Technology Council seeks to narrow existing gaps, yet differences in governance approaches among leading AI nations persist. As AI progresses, balancing national priorities with the demand for global collaboration in AI governance remains a defining factor in the geopolitics of digital sovereignty.