Closing the technological governance gap: tech sovereignty as a democratic project

The European Commission's recent Tech Sovereignty Package marks a major step forward in the EU's efforts to strengthen its digital and physical security and autonomy. In doing so, the EU has recognized that technological sovereignty is essential to its capacity to shape its own political, social, and economic future.

This policy stems from growing geopolitical fragmentation and a realization that dependencies in critical digital infrastructure-such as cloud services, semiconductors, and AI infrastructure-and supply-chains now pose heightened security risks.

The drive for technological sovereignty also reflects a continuation of the EU's efforts to check the power of private tech companies and mitigate their negative effects on democratic society. Addressing these challenges requires more than regulating digital markets or reshoring critical technologies. It raises a broader question about how the underlying architecture of the digital sphere should be designed and governed.

The EU's response should be to embed democratic principles at all levels of the technology stack.

Tech sovereignty beyond strategic autonomy

The EU is right to pursue technological sovereignty, but sovereignty should be understood not merely as control over digital infrastructure. A democratic conception of technological sovereignty requires shaping the design principles, standards, and governance structures of the digital sphere itself. The EU can best achieve this by embedding democratic values throughout the technology stack while preserving openness and interoperability. In practice this may look like treating critical digital systems as digital public infrastructure (DPI). Doing so has the potential to increase the legitimacy and trustworthiness of digital systems, making them more attractive for adoption by governments, public institutions, and citizens both within and beyond the EU. Wider adoption of democratic, interoperable systems would in turn strengthen the EU's capacity to shape standards and governance norms in the digital sphere. In other words, the EU should not treat tech sovereignty as an end, but as a means and opportunity to redesign and govern the tech stack in ways that protect users' rights and advance democratic values such as accountability, participation, transparency, and the rule of law.

The EU has already done extensive work to clarify its conception of technological sovereignty. The EU Commission's Interoperable Europe Initiative defines it as "the EU capacity to exercise its independence in the digital domain while remaining open and connected to global networks. It focuses on the ability to decide, invest, and innovate according to European values of democracy, openness, and the rule of law" (Di Marco et al. 2025). This definition lays out the central challenge of technological sovereignty: how to mitigate dependencies and assert effective authority over digital infrastructures and services without sliding into digital isolationism.

In its recent Tech Sovereignty Package, the EU is clearly weighing how to walk this tightrope between sovereignty and openness, repeatedly emphasizing that tech sovereignty "does not mean isolation, protectionism, or tech decoupling" (European Commission 2026). The overwhelming majority of the Package's actual policy proposals, however, are oriented towards securing strategic autonomy, control, and industrial capacity "in the global race for geoeconomic power" (European Commission 2026). This is particularly true with its Chips Act 2.0, the Cloud and AI Development Act, and its Strategic Roadmap for Digitalisation and AI in Energy. Even its Open Source Strategy, which has real potential to embed values of transparency and user choice in the tech stack, is first and foremost framed in the Communication on European Tech Sovereignty as a means to "reinforce Europe's autonomy across the entire technology stack" (European Commission 2026).

What remains less developed is a vision for how critical digital systems should be governed.

The governance gap: Democratic deficits and dependence

Much of the digital sphere's structural power rests with private tech companies and digital service providers, whose corporate incentives prioritize market dominance and profit over the public good. They operate largely without mechanisms of accountability, transparency, or checks and balances, and any alignment with democratic interests is typically incidental. Even if inadvertent, without sufficient consideration of democratic norms and values at every step of the design, implementation, and governance of digital products and services, democratic harms, such as rights infringements, quickly become not just a bug but a regular feature of the industry.

To bring private tech companies under the EU's regulatory framework and curb their growing dominance, the EU has made substantial progress through landmark regulation such as the General Data Protection Regulation (GDPR), the Artificial Intelligence Act and the Digital Services Act (DSA). While the intention behind these regulatory actions is the right one and may provide a significant benefit-for example in the areas of privacy and data rights, competition, and platform accountability-they are still not capable of fully addressing the fundamental tension: that the interests of private tech companies and democratic governments are often misaligned.

This is not necessarily an issue by itself (the interests of business and government are always different) but becomes one when these private tech companies become the digital infrastructure that mediates access to essential public functions, including communication, basic social services, information access, identity systems, and political discourse. Therefore, in the current construction of the digital sphere, private tech companies possess the governing power of states, but without any of the democratic foundations. This is especially troubling, since the decisions made by these companies affect more lives than even the biggest democracies.

Within this context, digital platforms optimized for engagement and growth have become vectors for the spread of domestic and foreign mis- and disinformation, heavily contributing to a sharp rise in polarization, the erosion of trust in institutions, and global democratic backsliding.

Furthermore, as the geopolitical landscape shifts rapidly-particularly as the United States becomes a less predictable strategic partner-and concerns about weaponized interdependence intensify (i.e. the use of access to critical resources and services as a hybrid threat), the fact that many dominant technology companies and their strategic infrastructure have non-EU ownership and global supply chains only amplifies the immediacy of both the digital governance and sovereignty issues. Technologies that were once seen as drivers of global integration are now increasingly understood as channels of domestic and foreign interference facilitated by undemocratically governed companies and foreign states.

Together, these reveal the two dimensions of the technological governance gap: (1) essential digital systems are designed and governed according to commercial incentives rather than democratic priorities and (2) dependence on externally controlled technologies creates strategic vulnerabilities that can be exploited by foreign powers.

The key is that the two lessons are connected. The same digital infrastructures that create geopolitical dependencies also shape public life, meaning that questions of sovereignty, technological design, and democratic outcomes cannot be addressed independently. It is imperative that the EU expands its technological power and secures its tech stack against geopolitical risks. But this is just the first step. Technological autonomy does not automatically produce democratic technology. Focusing solely on control risks contributing to digital fragmentation and accelerating the transformation of digital technologies into instruments of geopolitical competition. More fundamentally, it leaves unresolved the deeper questions of how digital systems are designed, governed, and integrated into democratic society. The EU clearly recognizes the urgency of both lessons, but its recent Technological Sovereignty package does little to acknowledge the interrelationship between building sovereignty and addressing the democratic harms of technology.

Drawing on its legitimacy as a democratic leader, the EU should therefore adopt an expanded view of technological sovereignty, one that moves beyond control to consider how critical technology should be designed to make it conducive to democratic society. Since this kind of fundamental approach would require significant public authority, it remains import to expand control of critical technologies where strategically necessary. Beyond reshoring, though, sovereignty is also about exercising effective public authority over the design and governance of digital systems. As Konstantinos Komaitis argues, for the EU to build this standard-setting influence within the EU and beyond it must "design systems others rely on" (Komaitis 2026). This requires building systems that are functionally excellent, open, interoperable, as well as trustworthy and legitimate, creating an opportunity to embed democratic principles directly into the architecture of the digital sphere. One framework for doing so is the Democracy Stack.

How a democracy-enhancing tech stack could look

A practical way of reconciling technological sovereignty with democratic design is the framework of a Democracy Stack, a technology stack for DPI that strengthens democracy and provides a foundation of "resilience and agency for countries seeking greater digital sovereignty, so as to buffer the impact of political and commercial dynamics on national digital systems" (Rodriguez 2026). The Democracy Stack proposes that every layer of digital public infrastructure-from its foundational values and the design process all the way to the technology itself-be grounded in democratic principles oriented toward the public interest.

In practice, this applies to core DPI building blocks such as digital identity systems, payment infrastructures, and data exchange frameworks, which increasingly mediate access to essential services and civic participation. Each layer should therefore focus on advancing four key democratic indicators: the categories of Rights, Rule of Law, Representation, and Participation. In doing so, the framework addresses both dimensions of the governance gap identified above: it reduces reliance on privately governed (and often foreign) digital infrastructures while ensuring that critical systems are designed around democratic rather than purely commercial incentives. By prioritizing user agency, inclusion, transparency, and control over personal data, DPI can become an asset rather than a democratic vulnerability. Crucially, this requires embedding robust safeguards, including transparency, accountability mechanisms, inclusive governance, and privacy protections, directly into system design and operations, rather than relying solely on regulation.

A common critique of such efforts is that they would stifle innovation. This perspective rests on an assumption that interventions to protect users necessarily come at the expense of technological progress. In the case of genuinely democratic DPI, however, the EU could pursue both objectives simultaneously. A Democracy Stack could combine the innovation-enabling norms already present in open-source communities-particularly transparency, interoperability, collaboration, and adaptability-with democratic governance principles designed to protect users and mitigate harm. In doing so, it would not constrain innovation but redirect it toward public-interest outcomes. The EU's Open Source Strategy provides a useful foundation for this approach, particularly because its emphasis on transparency, interoperability, and collaboration aligns closely with the principles of democratic DPI.

Overall, the EU's pursuit of digital sovereignty cannot simply be a project of strategic technological independence, industrial competitiveness, or geopolitical resilience. Important as these goals are, they must be anchored in a broader conception of tech sovereignty as a democratic project. This entails moving beyond a strategy that relies primarily on regulating harms after they emerge or reducing dependencies through reshoring alone. Instead, the EU should pursue a more integrated approach that simultaneously advances both its strategic and democratic interests.

The Democracy Stack offers a way to do this by embedding democratic principles into the design, operation, and governance of digital systems, thereby aligning digital public infrastructure with rights, rule of law, representation, and participation, while preserving openness and interoperability. By creating systems that are trustworthy, interoperable, and, crucially, aligned with democratic values, the EU would not only strengthen its own resilience but also increase the likelihood that others adopt them. The pursuit of digital sovereignty should therefore not be understood as a retreat into digital isolationism, but an opportunity to shape digital systems so that others choose to adopt them-systems that are open, trustworthy, and democratic by design.

About the authors