Reflections on Digital Sovereignty
by Lokke Moerel and Paul Timmers
The term digital sovereignty is becoming more and more common in the media and has a variety of meanings. In this public advice, the authors take a closer look at the concept of digital sovereignty. They conclude that digital sovereignty is not limited to the control of a state over the use and design of critical digital systems and the data generated and stored therein, but also concerns the broader scope of economy (control over essential economic ecosystems) and society and democracy (trust in the rule of law and quality of democratic decision-making). The authors provide a concrete overview with examples of the reasons why digital sovereignty of the Dutch State is under pressure, including (i) the increasing dependence of government bodies and critical digital infrastructure providers on a limited number of dominant foreign market players; (ii) the increasing cyber threats to our critical infrastructures, including systematic theft of intellectual property from our knowledge intensive industry sectors, digital extortion, targeted misinformation, and systematic infiltration of social media to influence elections and democratic processes; and (iii) the increasing geopolitical tensions leading to extraterritorial claims by foreign powers, such as export control restrictions on technology imposed by foreign powers and access by foreign powers to data of European citizens and businesses.
The authors analyze the policy and constitutional implications of the identified bottlenecks at the global, EU and Dutch levels. Three case studies are discussed where European legislation insufficiently addresses European (and therefore Dutch) digital sovereignty: (i) the European proposals for a European cloud infrastructure; (ii) the EU Network and Information Security Directive; and (iii) the EU Regulation on electronic identification and trust services for electronic transactions, which includes the recognition of electronic means of authentication of citizens (such as the Dutch DigiD). The authors propose solutions that fit within the current framework of international, European and national law. An important observation is that the EU’s mandate to safeguard the necessary form of sovereignty is limited. Digital sovereignty soon touches on the national security of Member States, which under the EU Treaties is the prerogative of the Member States. Where the Member States each can no longer protect their sovereignty, the limited European mandate to safeguard national sovereignty actually undermines national security. Proposals are being made as to how the European legal basis for EU sovereignty can be strengthened. Because the question of sovereignty is affecting more and more areas of the Dutch economy, society and democracy, governance must be centralized. However, the ministries’ departments mainly operate in silos, which entails that the necessary integration of policy is lacking. At present, there is even insufficient insight into the new digital dependencies to be able to conduct an integrated and proactive policy in the areas of research, valorization and industry at all. An obvious first step would be to appoint at least a digital affairs coordinator under the direct management of the office of the prime minister, with its own budget and implementing power. Without central direction and control, our country will find itself on an irreversible path of gradual erosion of our national technological and industrial capacities.