What is data sovereignty?
Data sovereignty refers to the ability to make autonomous decisions regarding one’s own data and its use, processing and storage. For the European Union, it is of the utmost importance to retain control over European data and thereby safeguard independence from large foreign corporations and nations, such as the US or China. To safeguard European data sovereignty, technological independence and the economic self-determination of European companies are essential, alongside legal measures.
A lack of data sovereignty threatens the EU and its citizens in several ways: besides losing control over sensitive personal and business data, there is also a risk of geopolitical vulnerability to blackmail in the event of conflicts or IT failures. Economically speaking, technological and financial dependence on non-European providers also poses a major risk. It is therefore not surprising that, for some years now, the European Union has been stepping up measures to (re)establish and safeguard control over its own data.
Legally protecting sovereignty: Current EU measures
At the moment, the European Union is dependent on third countries – primarily the US and China – for more than 80 % of its key digital products, services and infrastructure. European Data Sovereignty is of great importance to the EU in order to safeguard its own economic and geopolitical independence and to restrict the use of European data by international tech giants such as Microsoft, Google and Amazon. Since ultimately, data generated in Europe by citizens or businesses should also be subject to European law.
80 % of the key digital products used by EU citizens originate from outside the EU. This poses a risk to data sovereignty. - Foto: The Six, Pexels.The principles and rights set out in the General Data Protection Regulation (GDPR) and regulations such as the EU Data Act or the European Data Governance Act are intended to contribute to greater data autonomy and to (re)establish control over one’s own data. Furthermore, these legal measures are intended to prevent foreign laws, such as the US CLOUD Act, from granting arbitrary access to European data.
Beyond that, the European Commission is working on further measures to strengthen the EU’s digital autonomy: the European Commission aims to fundamentally transform its use of technology and, to this end, adopted a package of measures on tech sovereignty in early June 2026, for example. This includes legislative proposals relating to cloud computing and AI development, the EU’s open-source strategy, and a roadmap for digitalisation and AI in the energy sector. In addition, dedicated European cloud solutions (e.g. Gaia-X) and payment services (e.g. Wero) are being developed. In this way, Europe is strengthening its competitiveness, resilience and security, and ensuring strategic autonomy in key digital technologies.
Data sovereignty in the European higher education sector
Universities and higher education institutions hold vast amounts of sensitive data and are constantly generating new data through their work in research, teaching and administration. Just like the EU as a whole, higher education institutions are heavily dependent on large, non-European tech companies such as Microsoft and Google. For these reasons, the issue of data sovereignty is of vital importance to the European university and research sector as well.
Own digital solutions, hosted within the EU, are an important alternative for European universities. - Foto: Christina Morilla, Pexels.In addition, the higher education sector faces another challenge: the tension between open science and European requirements regarding data protection and data sovereignty. The EU is calling for a shift towards open science in order to make scientific findings and data freely accessible in accordance with the FAIR principles (Findable, Accessible, Interoperable, Reusable). At the same time, however, universities and higher education institutions must be able to ensure that cutting-edge research (e.g. in the fields of AI, quantum computing or medicine) does not flow out of the EU unchecked or become monopolised by commercial platforms outside Europe.
How higher education institutions demonstrate and promote data sovereignty
For universities and higher education institutions, data sovereignty means academic freedom. After all, only those who have control over their infrastructure and research data can generate knowledge independently and in the public interest.
The pioneering role played by universities and higher education institutions with regard to data sovereignty is evident from the fact that it was recognised at an early stage that European solutions should be promoted and, where possible, given preference over non-European solutions. At EU level, the European Open Science Cloud (EOSC) is a new flagship project: this 100 % European platform is designed to enable researchers to store, publish and analyse data across borders and research disciplines.
At university level, there are numerous European providers who have been supporting administration, teaching and research with software solutions for decades. Campus management systems such as CAMPUSonline or HIS, ID solutions such as Secanda, access management providers such as Salto or ELATEC, and software providers such as Studo are committed to the European higher education sector and European data sovereignty.
