Andrea Margiovanni .it
ITENFRDE
Home / European digital sovereignty

European digital sovereignty

Sovereignty isn't a flag: it's a lattice of dependencies. This is the index page on my essays about trying to map it, without ideology or rhetoric.

What follows is my personal reading of the sovereignty question, with references to the essays I’ve written. It isn’t an anti-cloud rant: it’s the view of someone working on infrastructure that has to keep functioning over the next decade, in a geopolitical frame that isn’t helping.

Last revised: 27 May 2026.

Thesis, in one sentence

Digital sovereignty is a systemic property, not a purchase. It is measured in the number of substitutable vendors within a reasonable operational window — not in product labels or homepage flags.

Everything that follows is the reasoning behind that sentence.

How I see it

  • Marketing’s “sovereign cloud” doesn’t exist. Sovereign architectures do: ones where you can exit a vendor in 6–12 months without rewriting the software. Everything else is branding.
  • Europe doesn’t have a technical problem, it has a buyer problem. Public administrations buy cloud without asking what happens if the vendor changes its mind. The concept of a geopolitical kill-switch is not in today’s tender documents.
  • Sovereignty and open source are not the same thing. Open source helps, but without independent operational engineering it doesn’t save you. Kubernetes is open source; your ability to staff it isn’t.
  • Sovereignty isn’t only industrial — it’s already geopolitical. EU digital regulation — GDPR, DSA, AI Act, CRA, PLD — is read from the outside (San Francisco above all) as an existential attack on the American tech-capitalism model. Acknowledging that reading isn’t conceding — it’s understanding why every non-EU vendor choice is already a political decision, even when it dresses up as a technical one.

Essays on this topic

27.05 2026
№ 69

The Human Is a Stance

I am an atheist, I come from philosophy, I work in European compliance. Leo XIV's first encyclical on artificial intelligence is not something I signed, it is something I argued with. And I found in it a vocabulary that Brussels still lacks.

10′ reading time
2,096 words
Read →
13.05 2026
№ 67

Twelve Jobs in Search of a Market

The first national European standard on AI professional profiles was published on 30 April. It is worth taking seriously, and it is worth mistrusting in the right way.

6′ reading time
1,312 words
Read →
07.05 2026
№ 65

The Compliance Hourglass

A map of the Italian compliance market drawn from the inside: specialist advisory at the top, platforms at the bottom, the middle layer crushed between them. And the one specifically Italian piece—ACN—that bends the rules.

7′ reading time
1,768 words
Read →
05.05 2026
№ 64

The Spectre We Are

A long reckoning with European digital regulation seen from the outside—by those who hate it—and a counter-reading from inside, by those who translate those rules into technical objects every working day.

22′ reading time
4,950 words
Read →
01.05 2026
№ 63

The Contract's Deception

On why the software supply contract, as we have known it, has stopped being the central instrument of the relationship between vendor and client — and how much it costs to keep pretending it still is.

19′ reading time
4.180 words
Read →
27.04 2026
№ 59

The Shape of Constraint

Treating regulatory compliance as the adversary of the technical project means you haven't understood what the technical project is. An essay on the category error weakening Europe's software industry — and on how the European framework, read as a system rather than as a list, configures a structural competitive advantage for those who learn to inhabit it.

16′ reading time
3.842 words
Read →
21.04 2026
№ 58

DPIA as a Genre, Not a Form

The EDPB's DPIA template, released in April, isn't a longer form. It codifies a form. On the shift from module to genre, and what changes for anyone who writes compliance as continuous writing practice.

26′ reading time
6.514 words
Read →
18.04 2026
№ 56

Mrs. Donoghue's Last Bottle

Why the «product» on which modern liability law is built no longer exists in contemporary software — and what we might put in its place.

30′ reading time
7.401 words
Read →
28.03 2026
№ 50

Incompetence as a Structural Condition of the Present

Nobody knows what they’re doing—not as a cliché, but as a structural fact: our technical systems are now too complex for any single person to understand.

12′ reading time
2.707 words
Read →
25.03 2026
№ 47

Progress Is Not a Direction: Anatomy of a Dangerous Misconception

When people shout that the state is "holding back progress," are they really talking about progress: or something else entirely?

29′ reading time
6.442 words
Read →
17.03 2026
№ 43

EU compliance 2026: it's architecture, not just legal

Over the next 18 months CRA, AI Act, PLD, NIS2 and EAA will reshape European software. Compliance isn’t a checkbox: it’s designed into architecture.

11′ reading time
2.331 words
Read →
17.03 2026
№ 43

Compliance Is Your Problem

Between 2026 and 2027, software becomes a product with legal liability. If the client only wants go-live, the risk stays with everyone.

7′ reading time
1.560 words
Read →
17.03 2026
№ 43

Hands and the Machine: Trust in Software

Software runs the world yet stays invisible. Between ai, open source and European rules, trust is built with care, choices, and responsibility.

11′ reading time
2.390 words
Read →
29.12 2025
№ 9

Airbus and European Sovereign Cloud: The First Credible Signal of an Awakening?

A few days ago I read a piece of news that probably went unnoticed by many, hidden among the geopolitical and tech headlines.

9′ reading time
1,820 words
Read →

Work with me

My job here isn’t to talk you out of the American cloud — it’s to show you, with real numbers, what exiting would cost if you ever had to. It’s strategic sobriety, not a manifesto.

Who it's for

  • CTOs or Heads of Infrastructure at essential entities, regulated companies, or public administrations that need to defend cloud choices to a board or an authority

  • IT leaders at ministries, regions and healthcare about to sign (or renew) hyperscaler contracts

  • European SaaS founders and CTOs who want to differentiate on sovereignty without slipping into marketing

  • Risk committees that need to estimate exposure in non-trivial geopolitical scenarios

How I work

Exit-readiness assessment (3–4 weeks)

I map your critical stack dependencies and estimate the cost and time to replace each dominant vendor, scenario by scenario. Output: a risk matrix with a dependency-reduction roadmap ordered by impact.

Cloud architecture review (2–3 weeks)

I take an in-flight or planned architecture and evaluate it against the question ‘how many months to move this somewhere else?’. Useful before multi-year commitments.

Strategic decision coaching (ongoing)

A couple of calls per month for the heaviest cloud decisions: onboarding a new vendor, negotiating an exit, public positioning on sovereignty.

Engagement FAQ

Are you against AWS, Azure, GCP?

No. I’m against using them unconsciously. In most cases a hyperscaler is the right choice — as long as you know what you’re buying and what losing it would cost.

Do you only work with the public sector?

No. But the public sector, essential entities and regulated industries are where the demand for sovereignty is most concrete.

How long does a typical engagement last?

Three to six weeks for an assessment or review, ongoing for strategic coaching.

Do you also do migration?

No. Independent sovereignty advisory works precisely because it doesn’t sell capacity. If execution is needed, I support it — I don’t perform it.

Email me at hello@margiovanni.it with a couple of lines of context. I reply within a few business days with a concrete proposal, or a polite no if it's not my scope.

Questions & answers

What do you mean by 'sovereignty'?

The capacity to keep delivering a service — public or private — when a non-EU vendor changes its pricing, its terms, or is compelled by its own country’s law to do something inconvenient for us. It isn’t autarky: it’s having negotiating leverage that we largely don’t have today.

Is the American cloud the problem?

The problem is concentration. If 70% of a country’s critical workloads run on three hyperscalers, your digital policy is effectively co-decided in Redmond, Mountain View, and Seattle. Regardless of technical quality — which is excellent.

© 2026 Andrea Margiovanni Made with care, by hand