31 March 2023
In a context marked by growing dependence on digital tools and global competition, the strategic issues surrounding digital technology have never been so significant. Faced with the risk of diluting their sovereignty, States seek to assert, in return, their sovereignty over cyberspace. However, how can we enact rules on a territory without clearly identify borders when such area is marked by growing interconnections that complicate state control? How can we define the "digital territory", an essential step to then hope to be able to assert its digital sovereignty? What are the interdependencies between the notions of digital territory and sovereignty? This is precisely the purpose of this article.
Digital sovereignty: definition
The expression "digital sovereignty" was born at the end of 2000 and designates the willingness and the capacity of a State to act in cyberspace and to regulate it, by applying its right both to the Internet infrastructures on which it relies to function, and on the data exchanged on it. The question of digital sovereignty touches strategic issues such as technological dependence and control of users' personal data.
Thinking about digital sovereignty raises questions about the links between the Internet and States. From a technical and historical point of view, the Internet was born in the United States. Its operation, its development and its governance are now mainly provided by private actors. The States only intervene in the second line, and the United States occupies a preponderant place, closely followed by the Chinese actors.
The legal, economic, political and security issues of digital sovereignty
Digital now has an impact on different aspects of society and daily life. It has also become a key element of economic growth, innovation and competitiveness. All of these elements make digital sovereignty a major issue for States, companies and citizens, and expose them to new risks: cybercrime, espionage or disinformation. States therefore seek to define the digital and legal boundaries within cyberspace in order to be able to apply their law there. We speak of “territorialization of cyberspace”.
For a State, asserting its digital sovereignty involves controlling its infrastructures, data and digital technologies in order to protect its economic, political and security interests. In concrete terms, this involves mastering key technologies, ensuring network security and protecting user privacy and data confidentiality.
The fuzzy limits of the digital territory
Originally, “territoriality” referred to a land territory, clearly defined by physical borders. It later extended to other spaces (maritime, air, etc.), and even today to cyberspace. Both an economic and social space, yet, a space of conflict too, the digital territory remains difficult to grasp.
Unlike the geographic boundaries of the physical territory, the boundaries of the digital territory are not clearly defined. They are difficult to establish, fuzzy and shifting, which complicates the regulation and control of the data and information circulating within this space. Defining the borders of this digital territory is nevertheless essential for sovereignty to be exercised there.
The complexity of data management
Big tech companies wield increasing influence over the way data and information are exchanged and stored, which is likely to challenge the digital sovereignty of states. Data centralization and storage in infrastructure cloud encourage digital relocation abroad, mainly to American GAFAMs.
This is done to protect the data that it belongs to, which is however located outside its physical territory, since the EU has changed European legislation. It has set up the General Data Protection Regulation (GDPR), which requires all organizations to comply with European regulations regarding the personal data of European residents. Conversely, the “CLOUD Act” allows US judicial authorities to compel service providers to provide them with electronic data, regardless of their physical location, in the context of criminal proceedings. This text takes precedence over European regulations relating to the protection of privacy.
All these regulations that seek to defend the sovereignty and economic interests of States contribute to “intermingling” European and American digital territories. The emergence of large Chinese technology companies (the BATX, by analogy with the GAFAM, designating Baidu, Alibaba, Tencent and Xiaomi) is not likely to simplify the situation. Russia, on the other hand, has adopted a more direct approach, since it has made it compulsory to store the personal data of its citizens on its national territory. It has thus partially merged its physical territory and its digital territory.
The constant evolution of digital technologies
The rapid and constant evolution of digital technologies makes it all the more important and indispensable for States to assert their digital sovereignty. The development of blockchain and the growing use of AI are the most glaring examples of this, since they pose new and complex challenges regarding the issues of regulation and governance of data and IT systems.
If the best-known uses of the blockchain are in the monetary field, they are far from the only ones. Blockchain technology in particular offers interesting prospects in terms of cybersecurity (since it can guarantee the confidentiality and integrity of exchanges and data), securing transactions or even electronic voting (by guaranteeing the integrity of a ). The development of the blockchain could accelerate the dilution of the sovereignty of States, by calling into question some of their prerogatives. States therefore have every interest in increasing their power on the subject of blockchain technology to preserve their sovereignty.
The current race for AI (artificial intelligence) also raises questions of sovereignty. Solutions based on artificial intelligence often use machine learning models, which are rich in data, and even personal data. With the increase of the use of tools like ChatGPT available to the general public, issues of governance, protection and confidentiality of the data used by AI have become critical.
Establishing digital sovereignty requires investing in research and bringing together actors of all sizes, in order to bring out solutions independent of foreign states. However, this ambition comes up against certain challenges.
Regulatory and legal challenges
When they place themselves in a legal approach to the question of digital sovereignty, States intend to protect citizens in cyberspace, and to act against malicious entities or entities driven solely by commercial interests. However, the issue of “territoriality” is a source of complexity. It makes it difficult for states to act in a number of specific areas, including:
Economic, industrial and technological challenges
The question of digital sovereignty can also be approached from the angle of economic and technological dependence on foreign powers, in a context of technological war between the United States and China.
While Europe remains cautious for the time being and avoids taking sides in this conflict, it is nonetheless seeking to reassert its digital sovereignty by acting in a number of areas, through its planNextGeneration(250 billion euros): legislation on digital services, strengthening Europe's competitiveness and resilience in semiconductor technologies, European data governance, etc.
Security Challenges
The “security” aspect of the question of digital sovereignty also goes beyond the framework of state borders. This question cannot therefore be answered at the level of a State. It is now at European level that it must be tackled.
It is now necessary to continue collaboration between European countries in the field of cyber defence. The revision of the NIS directive, the development of military cooperation between European states in the event of cyberattacks or even the development of an industrial fabric of trust on a European scale are all actions that go in the direction of strengthening European sovereignty in cybersecurity.
The challenges of cooperation between companies and States
Today, it is impossible to hope to develop digital sovereignty on a European scale without going through increased cooperation between players in the public and private sectors.
Both large companies and start-ups need the help of the State (and public authorities as a whole) to break down the barriers and change the regulations that are hindering commercial developments on the European market. It is thanks to this cooperation between companies and States that European champions can emerge offering sovereign solutions.
At the crossroads of regulatory, political, economic and security issues, the desire to assert sovereignty over a digital territory is pushing States, companies and users to rethink their relationship with technology. The ultimate challenge? Take control of their data avoiding any servitude to foreign technologies. A real challenge at the dawn of the mass adoption of Artificial Intelligence.