Skip to main content

Tech Sovereignty Package: What’s in it for democracy?


The EU’s recently published Tech Sovereignty Package is the first comprehensive framework put forward to address the EU’s strategic dependency on foreign tech and foster – you guessed it – EU tech sovereignty. But what exactly do we mean by tech sovereignty? 

While there is no consensus on the concept of tech sovereignty, it is broadly understood as an effort to reduce the EU’s dependency on foreign tech and build a competitive domestic tech sector. The text itself does not explicitly define the term, but refers to it as a mostly economic and geographic concept, grounded in: “openness, partnership and fair competition”. This definition serves to relay any critique of EU protectionism, but falls short of mentioning on which values it should be based

At first glance, tech sovereignty and the organisational structure of tech companies don’t appear to be closely linked to democratic principles. The package frames tech sovereignty almost entirely through competitiveness and economic security, with democratic accountability largely overlooked. Overall, civil society and fundamental rights are conspicuously absent from the picture, with stakeholder consultations overwhelmingly industry-driven and fundamental rights impact assessments exclusively focusing on freedom to conduct business and the protection of personal data. There are a few exceptions, in particular, the endorsement of open source and procurement criteria that go beyond purely economic considerations and open the door to a broader conversation about democratic-by-design digital infrastructure. 

While the Tech Sovereignty Package is framed as first and foremost an industrial policy tool, tech policy precedents such as the Digital Services Act and Artificial Intelligence Act have shown that it is perfectly possible to integrate democratic values and accountability into instruments with an industrial rationale. In fact, it further strengthens such legislation by embedding it in democratic standards.

This analysis will show how the Tech Sovereignty Package could do the same.

Main elements of the package -or- Tech Sovereignty 101

The EU’s Tech Sovereignty Package is a set of 4 legislative and non-legislative initiatives aimed at boosting the EU’s competitiveness, resilience, and strategic autonomy in the tech sector. It includes the following proposals: 

While this package is framed as industrial policy, it also poses significant implications for democracy. European countries are increasingly dependent on digital infrastructure controlled by companies whose business models and governance structures are often incompatible with democratic principles, whether they are European or not. For this reason, the EU’s push for digital sovereignty is not just an economic question: it is an opportunity to ask how democratic values can be meaningfully embedded into the infrastructure that underpins our lives.

In the next paragraphs we will look into the main elements of the different initiatives more in detail and what that means for democratic governance – with the exception of the Strategic Roadmap for Digitalisation and AI and Energy, which is less relevant to our analysis.

Chips Act 2.0

The Chips Act 2.0 is a proposed regulation to address the EU’s dependency on foreign-produced semiconductors and a follow-up to the original European Chips Act, aimed at correcting the shortcomings of the first initiative, according to the Commission’s own assessment.

Semiconductors are materials, such as silicon, that are required to manufacture chips, the basic components essential to modern electronics, and by extension powering the infrastructure of modern life. Unlike many other products, manufacturing semiconductors is highly dependent on highly specialised knowledge, equipment and skills, rather than raw materials. The biggest players in this field are Taiwan, which produces the vast majority of the world’s chips, and the US, which leads in chip design. The EU, by contrast, is heavily dependent on third-country suppliers with nearly 80% headquartered outside the EU. This vulnerability is felt increasingly amid geopolitical shifts that have seen the EU at odds with longstanding allies, such as the United States.

This is why the EU is addressing the issue with regulation fostering research, skills and coordination. In practice, however, the Chips Act 2.0 is primarily a governance framework and does not bring significant new investment. Its main tools are coordination mechanisms, administrative simplification and crisis response procedures to address supply chain disruptions, such as during the Covid-19 pandemic and the most recent blockage of the Strait of Hormuz.

Cloud and AI Development Act (CADA)

The Cloud and AI Development Act (CADA) is considered the most significant initiative in the package, with the objective of promoting cloud and AI innovation in Europe. Like the Chips Act 2.0, it is primarily a governance framework, but it contains some very innovative elements. 

The most concrete is the cloud computing sovereignty framework, which establishes a rating system with four assurance levels to show how “sovereign” a cloud service is, based on criteria around data location, supply chain control, cybersecurity and exposure to foreign jurisdiction. Public contracting authorities are obliged to procure at level 1 (the lowest rating), and if their activities have “public order relevance” they must use level 2, 3, or 4 only. Non-price criteria for procurement are also included, such as the “Union added value”, like in the Chips Act 2.0. Finally, the proposal adds an open source preference for EU entities, pushing public bodies towards transparent and auditable solutions over proprietary ones. The significance of these two inclusions will be elaborated on further on in this article.

Communication on European Tech Sovereignty and Open Source Strategy

On the one hand, the Communication on European Tech Sovereignty gives an overview of the different actions taken and an explainer of the package as a whole. More notably, however, it introduces an Open Source Strategy to promote open source software as a best practice model for the use of technological applications in the EU, particularly in the public sector.

Open source typically refers to software whose source code is made publicly available, enabling its use, modification, and redistribution for free. This has great advantages in terms of transparency, accountability, and innovation; but also in terms of democratic participation because of its accessibility and because it allows a process of co-creation, with anyone being potentially able to edit and improve the source code.

Public procurement is put forward as the main tool to promote open source solutions based on the principle of “public money, public code” in areas such as digital communication, workplace services, software development and AI. This would mean that technological solutions supported by public money must be open source, which is a long-standing advocacy point of the digital rights community. The strategy also explicitly mentions the example set by open source social media and decentralised social media solutions such as Mastodon. 

The strategy also outlines an approach to embed the goals of openness and sovereignty-by-design in digital investments and project lifecycles by integrating assessment criteria into governance structures to ensure that control, interoperability, portability, and sustainability considerations are systematically evaluated from the earliest design stages.

Out of the four initiatives, the open source strategy is the only one that mentions EU values explicitly more consistently and sets out a vision on how tech sovereignty should be achieved. In particular by “reinforcing the ‘European way’ to technological sovereignty” which includes “a human-centric approach that upholds EU values such as safety, security, transparency, human oversight, respect for fundamental rights, inclusivity, equality, non-discrimination and accessibility”. This is an important political commitment to democratic tech,  and extends to the other initiatives given that the Communication serves as an explainer for the whole ETS package.

Enter democracy: recommendations for democracy entry points 

While the Tech Sovereignty package is an important step towards addressing the EU’s strategic dependence, it consistently lacks considerations on how to integrate democratic principles into the fabric of the EU tech sector. There are a few mentions of democracy in the Open Source Strategy, a blanket remark that the EU protects democratic principles in the CADA, and no reference at all in the Chips Act 2.0.

And yet, there are many questions that are raised by the EU’s quest to tech sovereignty, that don’t only pertain to competitiveness or economic security, but touch on the core of democracy. Who gets a voice in how essential services are designed and governed? What prevents a European cloud from being just as extractive as a foreign one, simply under a different flag? How to ensure that the production of semiconductors and other soft/hardware is done in the common interest? Who controls open source foundations?

These are difficult questions, but ones that are worth asking. For these reasons, we have identified in the next section several areas as ‘democracy entry points’ where we could better integrate democratic values in a concrete way and start answering such difficult questions (see table).

1. Organisational models for open source solutions

As mentioned above, the Open Source Strategy is the most groundbreaking of the three initiatives, taking a clear stance in promoting open source, and showing that it is possible to take such stances even as part of industrial policy initiatives. As mentioned before, open source is not only a technical solution, but also a known model to unlock more participation, transparency and democratic accountability in the tech sector.

The text reiterates that tech sovereignty and the promotion of open source will be done following the “European way”, meaning a set of principles and values that would guide economic activities in the EU. While this is welcome, it is possible to get even more concrete in terms of organisational structures to ensure the respect of democratic standards.

The Open Source Strategy mentions that open source projects operate under various models, for example: 

  • independent, volunteer driven, and informal networks, sometimes hosted by foundations; 
  • projects managed by large companies (mostly non-European) that use open source for their core products but add proprietary layers for monetisation; 
  • and dedicated ‘pure open source’ companies that install, maintain and provide support services; and 
  • The package also mentions that it will support open source stewardship, which could be for example a foundation that would pool in the resources for, and coordinate, open source projects.

This would be an interesting opportunity to further recommend specific organisational models that are, by design, more democratic. Some have been mentioned already, like foundation-led models and private public partnerships, but there is more to explore, such as cooperatives and media-inspired models. 

For these reasons, the Tech Sovereignty Package could be complemented by specific guidelines with recommendations of models that promote democratic governance and suggest what models are the most appropriate for which part of the tech sector.

2. EU added value as a non-price criterion for procurement

Both the Chips Act 2.0 and the CADA mention EU added value as an additional criterion for initiatives that should be incentivised at EU level, for example through public procurement. The inclusion of non-price criteria for procurement, as well as the reference to the public interest in the Chips Act 2.0, are important elements to show that the cost of investment is not exclusively monetary. 

An important acknowledgement in itself, this argument is currently focused on the economic added value and can be further strengthened by offering a suggested framework of non-price criteria, including basic democratic principles and fundamental rights.

Additional requirements could be also taken into account as EU added value such as that activities are conducted in the public interest, for the common good or that they adopt specific, more democratic structures. For more information on democratic tech structures, you can find EPD’s most recent analysis here.

3. Definition of strategic projects as a priority

In the Chips Act 2.0 “strategic projects” are introduced that would be considered as a priority for investments and supported by a mix of private and public funding. Strategic projects are also picked based on their “EU added value”, according to Article 16, and certain entities can be restricted or excluded “where this would be contrary to the Union’s strategic assets, interests, autonomy or security” (Recital 55).

The possibility of exclusions is a very strong addition to the package and an interesting opportunity to be explored further. The possibility to exclude certain entities could, for example, be linked to their lack of respect for democratic principles, fundamental rights and adoption of non democratic structures.

4. European semiconductor technology initiatives and domestic undertakings

The Chips Act 2.0 includes further criteria for European semiconductor technology initiatives, in particular stating that a European semiconductor technology initiative should be carried out by domestic undertakings (Article 14), showing a clear preference beyond economic considerations. “Domestic” is defined in Article 2(31) as having its seat in the EU and being under the ownership and control of an EU undertaking. 

While the effort to promote the EU domestic industry and reduce dependency is important in a competitive and geopolitical sense, promoting organisations and companies just for being European doesn’t automatically solve many of the problems that we face today in terms of democratic accountability. This is another good opportunity to introduce additional criteria such as the adoption of democratic structures that reduce concentration of power and promote the respect of fundamental rights.

5. Criteria and risk assessments for sovereignty assurance levels

One of the most crucial elements of the whole package is the procurement framework in the CADA, Title IV, introducing a ranking system of four assurance levels showing how ‘sovereign’ an undertaking should be to be considered for public procurement. This is an important step, showing that it is possible to include criteria on which ‘models’ to promote – also exemplified by the explicit mention of open source. 

Recital 16 also mentions that frontier AI technologies have become critical strategic assets. For this reason, it is essential to strengthen the EU’s tech sovereignty to ensure that the transition to AI is aligned with democratic values. Nevertheless, the identification of main risks posed by lack of sovereignty doesn’t touch upon democratic principles, but exclusively on “economic security risks”, with the sole addition of risks to the protection of personal data as a fundamental right (Recital 63).

In this context, we would suggest going further and introducing democratic accountability as a criterion that could be inserted into procurement frameworks or certification schemes.

Conclusion

The Tech Sovereignty Package is a meaningful step forward and shows early signs of integrating democratic governance considerations into industrial policy, but it also remains overwhelmingly focused on economic competitiveness. The EU should have a clear vision of what European tech looks like in terms of democratic accountability, fundamental rights, and the public interest – and embed concrete democratic values not just into individual legislative texts, but into its broader approach to industrial policy. This could be done by identifying concrete opportunities to link specific tools with democratic values, both in these proposals and upcoming ones. 

After all, digital infrastructure at this scale has the ability to deeply affect democratic structures and should therefore be constructed to serve the common good, not the interests of a handful of corporations or governments.