The EU tech sovereignty package coming this week marks a pivotal moment for Europe, calling for an open and inclusive debate as it will shape competitiveness in a globally connected technology ecosystem.

Technology moves extremely fast – sometimes faster than policy cycles can adapt. IBM’s perspective has long been clear: control and independence must be built into the architecture, regardless of specific technology. For more than a century, this has defined how we operate in Europe.

Trying to tailor solutions to today’s technologies, or to recreate entire technology  stacks locally risks holding back the next wave of innovation. Openness is what enables scale, innovation, and resilience — not closed systems. 

Sovereignty is defined by direct oversight, built‑in controls, and the ability to change systems when it matters most. Over‑reliance on a single platform or provider — in any region — can erode that control. Business leaders know they need the ability to move workloads when required — including in times of crisis — enabling them to deploy AI with confidence and independence today, not someday. 

These challenges are not hypothetical — they are technical. Research from IBM’s Institute for Business Value shows sovereignty is now a strategic priority, yet far fewer organisations can act on it: less than a third know what AI runs where. Forthcoming data reinforces that point – with seven in ten leaders saying switching AI vendors or models would be difficult today. That’s lock‑in in practice — and it directly undermines control. The challenge goes beyond data residency — it is about decision residency.

If you can’t oversee or move your systems, you can’t control them – and the risk becomes that maintaining sovereignty while adopting AI confidently remains an aspiration — not a reality.

Closing that gap between ambition and execution is exactly where we focus.

Our clients entrust us with their most critical data — and we build around that trust: from high‑control environments like IBM Sovereign Core to capabilities such as the Sovereignty Risk Profile, helping organisations verify and document control and compliance in practice — building on a long heritage of choice and optionality.

Digital sovereignty is about control and authority across the full IT estate — not borders. Isolation should not be the goal. The goal is control where it matters — and openness where it counts.