Many companies assume that their data is secure as long as it is stored in Europe. Wrong!
It’s not so much the location of the data that matters, but rather who controls the infrastructure, the software, and access to it, says Paul Broekhuizen, Managing Director, Fsas Technologies Benelux (a subsidiary of Fujitsu). Digital sovereignty has become a strategic issue!
°Paul Broekhuizen, you state that corporate data never belongs entirely to the company itself. What do you mean by that?
“This may sound categorical, but most companies rely on essential digital services provided from abroad. In Belgium as well as in the Netherlands, this dependence is structural, even if it manifests itself differently across markets. Belgium ranks among the European leaders in terms of digital adoption by businesses, while the Netherlands is among the most advanced countries in the European Union when it comes to the digital transformation of economic activities. But digital maturity does not necessarily mean digital control. Dependencies are often diffuse, while legal risks are systematically underestimated. Furthermore, IT procurement is still too often driven primarily by price, while its long-term consequences are not sufficiently taken into account.”
° Isn’t it enough to store data in European data centers?
“No. Sovereignty is not just about the location of the data, but above all about control. Infrastructure located in Europe can still be controlled from outside the continent. That is why the supplier’s origin and the software used are just as important as the physical location. A European data center operated by a non-European company may meet location requirements while leaving effective control elsewhere. The fundamental question, therefore, is not only where the data is located, but also who manages it and under what legal framework. »
Exploring Alternatives in Europe
° How can companies identify and reduce their dependencies?
“The first step is to clearly identify vulnerabilities. Which providers do you depend on? To what extent are your systems truly flexible? Where do technological lock-ins already exist? Open standards and modular architectures help reduce this dependency. Companies must also prepare scenarios in the event of sanctions, outages, or sudden policy changes. They must also actively explore available alternatives in Europe or in closely associated jurisdictions that offer robust technical and legal safeguards. For Belgian and Dutch organizations, this means moving beyond a short-term perspective and further strengthening local control and expertise.”
° How important are hybrid IT architectures and European alternatives to the cloud?
“Hybrid models are relevant because they allow companies to keep critical data and sensitive workloads on-premises, while benefiting from the flexibility and scalability of the cloud. European alternatives to the cloud and sovereign solutions do exist, but the real question is whether they actually strengthen control or simply create a new dependency. Energy efficiency is also becoming an increasingly critical factor. An infrastructure model that structurally consumes too much energy is neither economically nor strategically viable.
It therefore makes sense to prioritize partners who develop their infrastructure and development capabilities in Europe.
Rethinking Architectures for the Long Term
° Where do you see the main vulnerabilities for corporate digital sovereignty?
“The greatest vulnerability lies in the legal complexity surrounding international data laws and extraterritorial access rights. Many companies do not know who can access their data, under what conditions, or where control actually lies. Added to this are dependencies on global suppliers and a lack of transparency in the value chain for digital products and services. Architectural decisions are also too often made without considering their long-term impact on sovereignty. Without a clear strategy, companies settle for ad hoc solutions, which only increases the risks.”
° What do you recommend to companies that want to strengthen their digital sovereignty? What is the first step?
“It all starts with a pragmatic analysis: what are the existing dependencies, which data is most critical, and what legal requirements apply? This is the foundation for any subsequent steps. Companies must then assess which platforms and services are available and how much flexibility they actually have. Many organizations are less dependent than they think—or, conversely, more dependent than they realize. Thoughtful choices regarding storage, databases, and cloud services can already make a big difference.”
Looking Beyond Data Localization and Hosting
° Are there any international examples Europe could draw inspiration from?
“Yes. Japan demonstrates what a coordinated approach between public authorities and the private sector can achieve. For Europe, the lesson is that sovereignty cannot be solely the result of technological choices. It requires coherence between regulation, industrial policy, infrastructure, and decisions made at the corporate management level. For Belgium and the Netherlands, this means translating European ambitions into concrete choices regarding procurement, partnerships, and infrastructure.”
° How important is the compute layer in Europe’s efforts to strengthen its digital sovereignty and develop credible capabilities in artificial intelligence?
“The debate on digital sovereignty cannot be limited to data localization or cloud hosting. If Europe wishes to develop credible capabilities in artificial intelligence, the compute layer also becomes strategic. Processors play an increasingly important role in performance, efficiency, resilience, and the degree of dependence on external ecosystems. It is in this context that the Fujitsu MONAKA processor is relevant: not as a product, but as an illustration of a broader reality. Sovereignty also depends on the fundamental technologies that underpin AI and critical workloads.”
Digital Sovereignty: A Matter of Long-Term Freedom
° What is your personal message to companies interested in digital sovereignty?
“Companies that take action today gain much more than just security. They also strengthen trust, resilience, and their strategic freedom. The real question is whether they want to remain mere passive users of external systems or determine for themselves the conditions under which they operate. Digital sovereignty is not an abstract ideal, but a very concrete matter of control and long-term freedom of action.”
