Making Cybersecurity the cornerstone of European digital sovereignty

The construction of a digital Europe is under way. Even a few decades ago, such a thing was not possible, because digital transformation was not happening on nearly the scale that it is today. Now, it is gathering momentum as a more proactive European Union (EU) is taking more and more steps towards a digital industrial strategy for its 27 Member States.

The dream of a Europe able to offer its own array of digital products is, however, nothing new. The Unidata consortium, which brought together the International Computing Company (CII, France), Philips (the Netherlands) and Siemens (Germany), was formed in 1970 with the aim of creating a European heavyweight to compete on an industrial dimension with the United States. However, France’s unilateral withdrawal a few years later killed the initiative’s momentum. While this effort generated a number of frustrations, it now sheds light on the future and gives indications of what needs to be accomplished: the forthcoming French Presidency of the Council of the European Union must be characterised by wilfulness tinged with humility.

Half a century later, European ambitions fit into a new strategic context influenced by two digital superpowers, the United States and China. This dynamic risks eventually marginalising the European continent, and yet the latter challenges this duopoly as the world’s second largest economic power. The EU has distinguished itself on the international scene through its regulation of digital technologies (Directive on privacy and electronic communications, eIDAS Regulation, General Data Protection Regulation [GDPR], etc.). Yet, it remains a “colony of the digital world” when it comes to industry, given its destitution in certain technologies that are shaping the digital age, including major platforms, cloud computing and semiconductors, and its inability to develop a European public procurement system capable of competing with the corresponding national systems of the United States and China.

The COVID-19 pandemic has heightened awareness of Europe’s need to evolve from a “regulatory” power to a “creative” one. This pursuit must not lead Europe to pull back on the regulatory front, as evidenced by the forthcoming Digital Markets Act (DMA), Digital Services Act (DSA) and Data Governance Act (DGA). The pandemic has highlighted not only the need for control of geopolitical and economic dependencies, but also the requirement of “digital sovereignty” from the perspective of strategic autonomy. Thus the Commission has named digital among 14 priority “industrial ecosystems” for recreating value chains and supply chains on the single market.

In April 2021, to provide itself with the means to realise its ambitions, the EU allocated a budget of €7.6 billion to its Digital Europe Programme (2021-2027) . This is intended to achieve not only competitiveness and technological sovereignty, but also widespread deployment of digital technologies for the benefit of EU citizens, companies and government entities. This effort is rooted in investments in four priorities, which constitute as many strategic areas: high-performance computing, artificial intelligence, “advanced digital skills” and cybersecurity.

In matters of cybersecurity, the key to Europe’s digital sovereignty, the continent quickly grasped the extent and ever-evolving nature of the risks involved. In 2007, the cyberattack targeting Estonia was a major shock that spurred several Member States to design a dedicated strategy. While the EU looked first at critical infrastructure, then at information networks and systems, the proliferation and sophistication of attacks incited it to go further so as not to become the “weak link in the fight against this global threat.

With this, it passed the Cybersecurity Act (2019), which laid the foundation for a common approach to cybercrime, “the crime of the 21st century.” This designation is all the more accurate in view of cyber conflict, often of State origin or inspiration, that takes advantage of the absence of universally recognised governance.

In December 2020, against this backdrop of uncertainty, the European Commission presented its new Cybersecurity Strategy. This roadmap is meant not only to develop collective resilience against cyber risk, but also to render the digital tools and services available to citizens and businesses in Europe secure and reliable. It will enable the EU to assert itself as a key player in cybersecurity standards and norms as well as afford it a better framework for its international cooperation to promote an “open, stable and secure” cyberspace. This must be based on European values: democracy, rule of law, human rights and fundamental freedoms. Several concrete measures in terms of regulation, investments and actions are planned in this regard.

The European concept of digital transformation must put people back at the heart of debate and action, building on the values shared by European citizens. These citizens must be players in a profound, “historic” transformation of a society influenced by a digital sphere that is now enmeshed in all environments: land, sea, air and space.

Hyperconnection, coupled with artificial intelligence and big data, is growing exponentially, conferring a power unmatched in history on data processing and data use. The expected growth of cloud computing is such that the cloud alone will be the “digital sphere” of the future.

Citizens have high hopes for the progress anticipated. At the same time, they fear becoming slaves of a system that works against their digital self-determination by conditioning them through algorithms, invading their privacy and severely undermining their freedoms of opinion and decision-making with manipulation of information. The semantic layer of the digital sphere will undoubtedly be the centre of gravity, in every sense of the term, of the cybersecurity of tomorrow.

It is, of course, important for the European discourse to focus on uses, technologies (in particular disruptive ones), regulations, and organisations. Above all, however, what we need are actions that are likely to foster trust but also mobilise better informed, better trained Europeans. If Europe aspires to maintain its place in the world, human resources will have to be its greatest assets. The COVID-19 pandemic has disrupted citizens’ daily lives, called once-certain matters into question and spawned doubt, particularly with regard to the capacity of national or European elites to respond to unprecedented seismic shifts in economic and social matters. Digital technologies applied to health have undoubtedly become the most suitable vector for reviving a collective consciousness.

Before thinking about the rest of the world, Europe must act for itself, while refraining from having its 27 Member States work in isolation. The time has come for it to offer a new way forward and use its voice to address the rest of the world and attract the attention of other States that do not wish to enter a new paradigm dominated by two giants. This effort must be directed at countries in other continents—Africa, Latin America and Asia—which share common values and interests. Brazil, India, South Africa, Japan, South Korea and Taiwan, not to mention the Francophonie, are partners with which this strategy can be developed. This should not thwart the transatlantic dialogue but balance it.

From 1 January to 1 July 2022, France will hold the rotating Presidency of the Council of the EU, succeeding Portugal and Slovenia and preceding the Czech Republic. This presidency is part of a collective movement that the 27 Member States have engaged in for several years. It would be pretentious to break with this movement. However, France, a founder of the EU, continues to exert powerful influence both within the Union and elsewhere in the world. Some criticise France, but many want to hear what the country has to say.

France will undoubtedly have to make progress in the collective response to the question of “how”, through ways and means enabling the implementation of decisions that have already been made and the speeding up of the rollout timetable with a stimulating dialogue. However, it must above all contribute to a new impetus, the beginnings of which are emerging, by answering the question of “why”. A strategic vision must be built on the basis of meaning. During the French Presidency of the Council of the EU, France must humbly leverage its capacity for influence to build strong momentum that the Czech Presidency will have to perpetuate. The development of the discourse is a political responsibility, but the content of this discourse will be all the richer if proposals from civil society are taken into consideration.

The International Cybersecurity Forum (FIC) is a forum that, since its origins, has aspired to bring together the digital ecosystem by transcending divisions tied to borders and developing public–private partnerships, with a resolute focus on service to humanity. These things are embedded in the FIC’s DNA.

In this ambitious spirit, the FIC lays out the following proposals. These proposals are not limited to the field of cybersecurity, which cannot be dissociated from a more overarching concept of digital transformation. Cybersecurity allows digital technologies to flourish, and digital technologies contribute to cybersecurity.

Although this is not directly addressed in this reflection, cybersecurity and sustainability are two components of resilience, and a digital Europe cannot be designed without a requirement of sustainability.

The political discourse on digital technology can no longer be reduced to the objective of developing “new uses” and the internal market.

Read the pdf for more details