Digital Sovereignty in Critical Infrastructure: Why It Matters Now

At 1xINTERNET, we work with organisations that operate some of society's most essential services. Every day, millions of people rely on critical infrastructure to deliver drinking water, manage wastewater, distribute energy, and support economic activity. While these systems are often viewed as physical assets, they increasingly depend on software, data platforms, cloud services, and operational technology (OT).

This digital layer introduces a new challenge: dependency. Much of the technology that powers our daily operations originates outside Europe, creating potential risks around data governance, vendor lock-in, regulatory compliance, and geopolitical influence. As these concerns grow, digital sovereignty has become a strategic priority for both public and private organisations.

Recently, we have been invited by the Dutch and Flemish infrastructure association to discuss these challenges and explore practical approaches to strengthening digital sovereignty in critical infrastructure.

Europe’s Dependence on Foreign Technology

For decades, innovation in software, cloud services, and hardware has been dominated by companies based outside Europe. Most organisations rely on technologies such as Microsoft 365, cloud platforms, smartphones, operating systems, and hardware components developed in North America or Asia.

While these technologies have delivered significant benefits, they have also created dependencies that many organisations are only now beginning to fully assess.

As a company focused on open-source solutions and digital governance, we regularly help clients evaluate how their technology choices affect data ownership, operational continuity, and long-term resilience. Through our work across Europe and our global involvement in the Drupal ecosystem, we see one question becoming increasingly urgent: How dependent have we become on foreign technology, and what risks does that create?

Why Digital Sovereignty Matters

Digital sovereignty is fundamentally about control. Organisations need confidence that their data remains protected, their systems remain available, and their operations cannot be disrupted by external political or commercial interests.

Recent events have demonstrated why this matters. The reported loss of access by the International Criminal Court to critical Microsoft services in 2025 highlighted how dependence on a single technology provider can create unexpected vulnerabilities. Similar concerns have influenced European decisions regarding telecommunications infrastructure and the use of equipment from foreign vendors.

These examples illustrate a broader reality: access to digital services can be affected not only by technical failures or cyberattacks, but also by legal, political, and geopolitical developments.

The Regulatory Landscape

Europe has responded by strengthening its regulatory framework. Legislation such as the Digital Services Act, the Data Act, and the AI Act reflects a broader commitment to ensuring that European organisations retain greater control over their digital assets and data.

In our view, these regulations are not simply compliance requirements. They are strategic tools that help organisations reduce risk, improve transparency, and strengthen resilience.

For example, the Data Act will require service providers to explain how they respond to requests from non-EU governments and demonstrate their ability to resist inappropriate access requests. This will become an increasingly important factor when evaluating suppliers and technology partners.

Sovereignty, Autonomy, and Resilience

When discussing digital sovereignty with our clients, we typically focus on three interconnected concepts:

• Digital sovereignty: maintaining control over digital infrastructure, systems, and data.
• Digital autonomy: preserving independence in operational and strategic decision-making.
• Digital resilience: ensuring the ability to withstand, respond to, and recover from disruptions.

Together, these principles provide the foundation for a sustainable digital strategy.

Our Experience in Critical Infrastructure

At 1xINTERNET, we have worked with organisations including Ennatuurlijk and SENEC, a subsidiary of German energy provider ENBW.

For these organisations, we have developed digital platforms, customer portals, and applications using open-source technologies. We believe open source plays a critical role in digital sovereignty because it gives organisations greater flexibility, transparency, and ownership of their digital assets.

Unlike proprietary systems, open-source technologies help reduce vendor lock-in and allow organisations to retain control over their infrastructure and data. This is one of the key reasons many organisations choose Drupal as a strategic platform.

Why choose open source over proprietary software for enterprise projects

Risks Facing Critical Infrastructure

Based on our experience working with digital platforms and operational environments, we see four major areas of concern:

Digital Sabotage

Operational systems can become vulnerable to manipulation, disruption, or remote shutdown if adequate safeguards are not in place.

Espionage

Unauthorised access to operational and infrastructure data can reveal network structures, operational patterns, and strategic information.

Strategic Dependence

Organisations may become exposed to geopolitical pressures, supply-chain disruptions, or the withdrawal of critical support and software updates.

Financial and Compliance Risks

As regulations evolve, organisations face increasing compliance obligations and potential costs associated with replacing technologies that no longer meet security or regulatory requirements.

These concerns are especially relevant in sectors such as energy, water, transportation, and manufacturing, where operational technology directly affects essential services.

Practical Steps Toward Digital Sovereignty

Achieving digital sovereignty is not about eliminating all external technology. Rather, it is about making deliberate choices that reduce dependency and increase resilience.

We typically recommend focusing on the following areas:

Adopt a Multi-Vendor Strategy

Avoid concentrating critical workloads with a single provider. Multi-cloud and hybrid architectures reduce risk and improve flexibility.

Software vendor selection checklist: insights from 100+ pitches

Invest in Open Source

Open-source technologies provide greater control, transparency, and independence while reducing the risk of vendor lock-in.

Evaluate the Entire Supply Chain

Request Software Bills of Materials (SBOMs) and assess dependencies throughout the technology stack to improve visibility and risk management.

Separate IT and Operational Technology

Implement strong segmentation between corporate IT environments and operational control systems to reduce the potential impact of security incidents.

Maintain Manual Fallback Procedures

Critical infrastructure should always be capable of operating under degraded conditions. Manual procedures and analog controls remain essential safeguards.

Looking Ahead

Digital sovereignty is no longer a theoretical concept. It is becoming a strategic requirement for organisations responsible for critical services and infrastructure.

At 1xINTERNET, we believe that organisations should be able to maintain control over their data, technology, and operations while remaining flexible enough to innovate and adapt. Through open-source technologies, resilient architectures, and effective governance, organisations can reduce risk and build a stronger digital foundation for the future.

We continue to help organisations assess their digital dependencies, strengthen governance frameworks, and implement practical solutions that support long-term digital sovereignty. Get in touch!