From awareness to action
The question of digital sovereignty has long remained confined to circles of cybersecurity and strategy experts. However, it has imposed itself on the general public in recent years. The Trump administration’s posture acted as a catalyst: commercial restrictions, technological warfare, sanctions against certain companies. These unilateral decisions reminded us that digital infrastructures are not just technical, they are also geopolitical.
This awareness did not create the problem, it highlighted risks that have existed for a long time: dependence on foreign giants, exposure to their regulatory frameworks, fragility of digital continuity in case of rupture. In this context, digital sovereignty has become a major strategic issue, both for states and companies.
The risks of uncontrolled sovereignty
Digital dependence is not a theoretical idea nor a political slogan: it translates into very concrete risks for companies and institutions. Today, a large part of cloud services used in Europe relies on American suppliers. This situation directly exposes organizations to extraterritorial regulations, starting with the Cloud Act, which allows American authorities to request access to data, even when it is hosted outside US territory, as long as it belongs to an American company.
To this technological dependence is added growing regulatory pressure. Operators of Vital Importance (OVI) must guarantee the continuity and security of their critical systems, under penalty of heavy sanctions. The NIST Cybersecurity Framework, although of American origin, now imposes itself as an international reference for risk management. In Europe, the DORA (Digital Operational Resilience Act) regulation imposes new obligations on the financial sector to resist cyberattacks and service interruptions. And of course, GDPR remains a permanent reminder that the localization and protection of personal data are not negotiable.
The consequences of poorly controlled sovereignty are multiple. A company can lose control over strategic data, find itself unable to ensure business continuity if access to its infrastructure is interrupted, or expose itself to legal and financial risks in case of regulatory non-compliance. Beyond operational aspects, competitiveness is also at stake: when a foreign supplier imposes its technological choices, the entire innovation trajectory of the company can be constrained.
Not controlling one’s sovereignty amounts to accepting to place one’s information system under the influence of external factors – political, economic or regulatory – that far exceed the purely technical sphere.
Cloud computing: between American domination and European emergence
Cloud computing has become one of the pillars of digital transformation and, as such, it is at the heart of sovereignty issues. However, the global landscape in this area is deeply unbalanced. American giants – AWS, Microsoft Azure and Google Cloud – occupy a dominant position. Their lead is based on an extremely rich ecosystem, going far beyond simple storage or computing power: artificial intelligence, big data, IoT platforms, managed services covering hundreds of use cases. They combine rapid innovation, massive automation and an investment capacity that few actors can match.
For European companies, this leadership poses a dilemma. Relying on these platforms is often essential to remain competitive, benefit from the latest innovations and accelerate time to market. But this dependence has a price: it directly exposes to extraterritorial regulations, to contractual constraints difficult to circumvent and, ultimately, to a loss of strategic control.
Faced with this observation, Europe is trying to build its own alternatives. Actors like OVHcloud, Scaleway or Deutsche Telekom are developing local offerings, while consortiums such as Numspot or Bleu seek to combine industrial expertise and sovereignty. On a larger scale, the Gaia-X project was launched to federate a European ecosystem of cloud services, even if its operational contours remain unclear and struggle to convince in the field.
The reality is that it will take time for these initiatives to reach the same level of technological maturity, functional richness and economic attractiveness as American hyperscalers. The battle cannot be fought solely on the technology front: it must also concern usage models, the way companies design, govern and operate their information system.
The central question therefore remains: how to reconcile the requirement for innovation and performance with the imperative of digital sovereignty?
Cloud-native as a path to sovereignty (and efficiency)
Rather than opposing American hyperscalers to European sovereign initiatives, another approach emerges: cloud-native. This approach is not limited to a set of technologies; it represents a philosophy of design and operation of information systems, directly inspired by the practices that made digital giants successful.
Cloud-native can be seen as a bridge between innovation and strategic independence. By relying on open standards – Kubernetes for orchestration, OCI-compliant containers, normalized APIs like OpenAPI – it allows building portable and reversible systems. An application designed this way can work equally well with a hyperscaler, on a sovereign cloud or even in a private datacenter. This reversibility capacity is an essential lever to avoid technological lock-in.
But the contribution of cloud-native is not limited to portability. It introduces a logic of standardization and automation that transforms information system governance. Thanks to infrastructure as code, CI/CD pipelines and advanced observability solutions, organizations gain in control, compliance and operational efficiency. In other words, they give themselves the means to manage complex environments without depending on specific proprietary tools.
This approach also strengthens resilience. By facilitating hybrid and multicloud architectures, cloud-native allows intelligent distribution of workloads between several suppliers. A company can then exploit the power of a hyperscaler for certain uses while securing its sensitive data on a sovereign cloud, and switch from one to the other if necessary.
Finally, cloud-native promotes agility. By adopting microservices, rapid development cycles and advanced automation, organizations can innovate at a sustained pace, without losing control over their strategic choices. They thus appropriate the methods that make cloud giants strong, while preserving their freedom of movement.
In short, cloud-native is not just a technological approach: it’s a pragmatic way to articulate performance and sovereignty, giving companies the means to regain control of their digital future.
The core principles of cloud-native
To understand how cloud-native can support digital sovereignty and organizational efficiency, we must return to its foundations.
The first of these is containerization. Wrapping an application in a container makes it portable and reproducible, regardless of the underlying environment. Whether deployed in a private datacenter, on a sovereign cloud or with a hyperscaler, it will behave the same way.
This portability takes full meaning thanks to orchestration, of which Kubernetes has become the global standard. With it, managing thousands of containers is no longer a challenge: scaling, resilience or workload distribution happen automatically, according to rules defined by the company. Kubernetes is not just a tool, it’s a universal language that allows describing how an application should live in the cloud.
Cloud-native also relies on microservices breakdown. Rather than a heavy monolithic application that’s difficult to evolve, companies build independent services, each responsible for a specific function. This model promotes agility: you can update, strengthen or replace a service without disturbing the whole.
To these principles is added infrastructure as code, which transforms the way to manage IT environments. Describing one’s infrastructure in code form not only allows automating deployments, but also guarantees reproducibility and auditability essential to meet regulatory requirements.
This automation is extended by CI/CD (Continuous Integration / Continuous Delivery) practices, which transform software delivery into a fluid, fast and secure process. Teams can test, validate and deploy new features continuously, without disruption, while improving overall application quality.
Finally, cloud-native emphasizes observability. Modern systems don’t just collect logs or metrics: they offer an integrated, real-time vision of application behavior. This ability to detect, understand and anticipate incidents is a pillar of resilience, and therefore of digital sovereignty.
Taken together, these principles don’t form a simple toolkit. They outline a new technological culture: that of an information system that is automated, agile and governed by standards. A culture that brings organizations closer to global best practices, while leaving them the freedom to choose their trajectory.
Conclusion – Towards pragmatic digital sovereignty
Digital sovereignty does not consist in cutting oneself off from the world, but in maintaining control over one’s technological choices. European sovereign clouds constitute a necessary response, but their maturity will still take time.
Meanwhile, the cloud-native approach offers an immediate path: it promotes application portability, standardization and automation, while preparing organizations to migrate more easily to sovereign clouds once mature.
This strategy nevertheless requires real organizational maturity: properly containerized applications and mastery of modern patterns. And while cloud-native solves application portability, infrastructure challenges persist. Fortunately, proven standards like OpenStack or Apache CloudStack already provide normalized foundations that can serve as a base for future sovereign clouds.
Cloud-native therefore fits into a global approach that must articulate the development of European ecosystems, adapted regulatory frameworks and skills development for teams. The objective remains unchanged: give organizations the freedom to choose their suppliers according to their needs, without constraining technological dependence.