France and Germany presented, on Wednesday 17 June, a series of joint proposals aimed at strengthening Europe’s digital sovereignty on the basis of a risk-based framework, while stressing both the need to avoid “lock-in effects” in the current geopolitical context and the importance of co-operating with “trusted partners” that ensure data protection and compliance with their obligations under international law and trade agreements.
These proposals were unveiled at the VivaTech event in Paris and a few days after reports that the US government had restricted access to Anthropic’s advanced artificial intelligence models by people who are not US nationals.
“Recent geopolitical upheavals and increasing systemic competition make it a strategic imperative to ensure areas of Europe’s strategic influence, reduce strategic dependencies and vulnerabilities and avoid lock-in effects”, the two countries warn in a joint document on digital sovereignty published on 17 June and seen by Agence Europe.
They nonetheless specify that “the EU’s digital sovereignty does not mean turning towards protectionism and isolation”. “Open markets and international cooperation with trusted partners remain essential pillars of European digital sovereignty”, they stress. These trusted partners are defined as those which notably respect fundamental rights, democratic principles and the rule of law, ensure a high level of data protection and honour their international legal obligations arising from bilateral, multilateral or free trade agreements.
The two countries propose “a risk-based approach” involving graduated requirements according to the level of ‘criticality’ of the product, service or, where necessary, certain components. They also propose a framework built around six dimensions or core pillars: - implementation and enforcement capability; - technology design, deployment and use capability; - economic value creation; - data protection; - system substitutability and interoperability; - infrastructure resilience. The framework would be “modular and scalable”, and digital sovereignty within it would be assessed on the basis of variable weighting of these different dimensions. In this logic, “strengths in one dimension can – depending on the context – compensate deficits in others”, thus allowing a pragmatic assessment while preserving technological competitiveness and Europe’s strategic positioning.
As regards the capability to enforce the rules, France and Germany propose in particular taking into account whether a supplier is established in a Member State of the European Union or, under certain risk-based conditions, in a trusted partner country. They also stress the need to ensure compliance with European law, including security standards, as well as transparency regarding companies’ ownership structure and subcontracting chains. They also consider essential the legal and technical limitation of extraterritorial access to data, as well as unauthorised transfers of data outside the Union.
As regards the capability to design, deploy and use technologies, the two countries notably highlight the possibility of direct technical co-development, particularly with open source solutions. They also call for increased support for research, innovation and the scaling up of European technology start-ups, notably through better access to venture capital.
In order to stimulate demand for sovereign solutions, France and Germany propose the creation of a “toolbox for strategic public procurement”, intended to support investment, skilled employment within the Union and the development of a European ecosystem. They acknowledge that these solutions may include part of the value creation in trusted partner third countries, while stressing that the objective remains to strengthen European capacities and gradually reduce strategic dependencies. They also insist on the need to create measurable economic value within the European Union and the European Economic Area, by demonstrating a real contribution to the European technological value chain. Certain essential research, development and engineering capacities might therefore have to be located within the Union.
Furthermore, France and Germany want the European Commission to define the “highest protection standards for the most sensitive data”, notably by means of adequate safeguards against cybersecurity risks and the effects of third countries’ extraterritorial legislation.
In order to ensure the substitutability and interoperability of systems, the two countries advocate a modular architecture, open interfaces, greater transparency in supply chains, as well as the design of migration strategies and multi-vendor approaches.
Finally, as regards infrastructure resilience, Paris and Berlin advocate the development of critical IT infrastructures placed under national or European control, and for Member States in future to rely as a priority on solutions originating from other Member States of the European Union.
Link to the document: https://aeur.eu/f/meb (Original version in French by Ana Pisonero Hernández)