Sovereignty and trust: towards a more autonomous European digital industry

Home > Observatory and resources > Expert papers > Sovereignty and trust: towards a more autonomous European digital industry

11/04/2025

The global digital transformation relies on increasingly interconnected infrastructure and services. This dynamic opens up huge opportunities for innovation… but it also raises some basic questions regarding security, trust and sovereignty. In a recent issue, dotmagazine highlighted the challenges posed by the reliance of European digital services on infrastructure that is mainly controlled outside Europe.

This finding resonates with our own analyses within Afnic: the question of digital sovereignty translates today into very specific choices as regards infrastructure, security and governance.

The challenge of digital sovereignty

The flow of data is at the heart of digital sovereignty. A large proportion of these flows still goes through non-European providers, leading to the unfounded supposition that the EU does not have the capacity to achieve strategic autonomy. For example, dotmagazine reveals that more than three-quarters of the traffic generated by German applications flows through US-controlled providers.

Faced with this situation, initiatives such as “Atlantic Convergence 2025” seek to strengthen international cooperation and to construct a more balanced digital ecosystem among the various major powers.

Localised responses: sovereign clouds and control of domains

One way of responding is to develop localised solutions. Sovereign clouds hosted within European jurisdiction help ensure greater GDPR[i] compliance and limit the reliance on foreign regulations, such as the US CLOUD Act.

Another solution: operating your own Top-Level Domain (TLD). This approach allows organisations to gain control of key technical parameters (DNS, security, hosting), thus increasing their digital autonomy.

Indeed, having your own brandTLD means being able to control the rules for managing your domain names directly, apply your security policies and reduce reliance on third-party actors.

With its brandTLD, a business can:

Define its own policies for security, registration and use at the TLD level.
Gain control of its DNS settings (zones, delegations, chain of trust) and how they change over time.
Enforce protection standards (such as HSTS at the domain name level, coupled with DMARC for email) so as to raise the level of security, both perceived and actual.
Increase the readability and consistency of its digital identity (a space “authenticated by the brand”, easy for users to recognise).

This is an approach that Afnic actively promotes with Afnic Registry Services, and which certain major French groups such as BNP Paribas and E.Leclerc have already adopted. These initiatives complement the sovereign approach to good advantage by giving economic actors direct control of their digital identity.

Note: the next window for new gTLD applications has been announced for April 2026, a three-month opening that organisations looking to acquire a brandTLD cannot afford to miss.

[i] European General Data Protection Regulation

Innovating to increase trust

Security depends not just on infrastructure but also on technological models that are suited to the complexity of current environments.

The experts quoted in dotmagazine see the cybersecurity of the future welcoming new models:

“Zero Trust”, based on continuous, contextual authentication, limits the risks of unauthorised access.
“Confidential Computing” protects sensitive data even during processing by creating encrypted hardware enclaves.
These principles are now also being applied to AI by means of “Confidential AI”, which secures both training datasets and the models themselves.

These approaches are essential complements to infrastructure governance: they reduce the attack surface, but they also require a DNS ecosystem and robust digital identities if they are to be fully functional.

Governance and identity: collective stakes

Finally, beyond centralised models, new approaches seek to give transparency and control back to users. In this respect, Web3 and blockchain are two paths that have been explored.

By the same token, the European “TANGO” project proposes the creation of federated data spaces and privacy-first identities, allowing secure data exchange across sectors and borders.

Europe is also moving ahead on the regulatory front in this respect: the European Digital Identity (EUDI) Wallet has been provisionally approved and aims to create an interoperable, secure digital identity that complies with the Law.

Afnic is watching this project closely and sees a powerful synergy in the connection between proprietary TLDs and digital identities: a strong identity, supported by a proprietary, trusted domain that reinforces the coherence and resilience of the European digital system.

Towards a digital society aligned with European values

All these developments show that a pathway to an innovative and sovereign digital environment does indeed exist. Europe has some solid plus points: rigorous data protection regulations, technical actors committed to managing critical infrastructure, and a firm determination to construct interoperable models.

By comparing and combining the analyses of dotmagazine with our experience at Afnic, we come to a clear conclusion:

digital sovereignty does not rely on a single technology.
It is the result of a coherent ecosystem combining local infrastructure, advanced cybersecurity tools, transparent governance and the adoption of European standards.

All the conditions are in place for the large-scale deployment of innovative, trust-based digital solutions.