Only three countries – the United States, China, and North Korea – can claim prevailing digital sovereignty over: The remaining 190 member states of the UN search for a digital sovereignty formula, one that ensures participation in the internet ecosystem and the global economy while avoiding a state of dependency that could compromise vital national interests. The term “sovereignty” has become increasingly popular in the tech sector, appearing in various forms, such as digital sovereignty, tech sovereignty, AI sovereignty, algorithmic sovereignty, and cyber sovereignty. However, its frequent and often inflated use tends to lack precision and clear semantic boundaries. In most cases, it refers to countries’ desire to reclaim some digital authority from tech companies and platforms. In this text, I will use the term “digital sovereignty” as the most accurate descriptor, as it encompasses all activities rooted in the binary system of zeros and ones—including the internet and artificial intelligence. The United States is the birthplace of many foundational digital innovations. The internet’s early architecture and much of the modern computing ecosystem can be traced back to U.S. research, industry, and public investment. But the most consequential ‘invention’ wasn’t technological; it was Silicon Valley’s business model: turning the internet into an engine of profit through e-commerce, social media, cloud computing, and now AI. That commercial dominance has shaped U.S. statecraft for decades. U.S. diplomacy has consistently promoted the free flow of data across borders, because frictionless data movement is oxygen for U.S.-based platforms. That’s why Marco Rubio’s recent directive urging U.S. diplomats to push back against data-sovereignty initiatives fits a long-standing pattern rather than a sudden policy shift. And U.S. sovereignty isn’t only a product of corporate scale—it’s reinforced by legal reach. Under the US CLOUD Act, US tech companies can be compelled to comply with subpoenas for access to data, even when the data is held by their branches legally incorporated in foreign jurisdictions. In short, the US doesn’t need to ‘localise’ the digital world. It already sits at the centre of it. China built its digital space the way it built its economy: using foreign technology, mastering it, and then scaling domestic alternatives. Over time, China created a comprehensive ecosystem of national champions that mirror – often very effectively – Western services: search, messaging, payments, cloud, and now frontier AI. This is not simply an economic story; it’s also a governance model. Chinese companies operate within a framework that requires them to be responsive to state authorities. And China’s approach to data is clear: data about Chinese citizens and companies is expected to be stored on Chinese territory, under Chinese jurisdiction. Foreign companies operating in China are also subject to localisation and compliance requirements. China’s version of sovereignty is therefore not accidental. It’s engineered through regulation, industrial policy, and controlled integration with global markets. North Korea may look like an odd addition to this list. Its economy is small, its connectivity is limited, and its digital ecosystem is largely invisible to outsiders. But precisely because of its isolation, North Korea exercises sovereignty over its internal digital environment – its infrastructure, services, data, and information flows are tightly controlled. The country’s key external dependency is the physical link connecting it to the wider internet, largely routed via China. Yet because public access to the internet is restricted, that dependency matters less in practice than it would elsewhere. North Korea demonstrates a blunt truth: digital sovereignty maximises when interdependence with other countries is minimised. It’s also the least replicable option for almost everyone else. Sovereignty is the authority of states over their territories and citizens. However, the less national governments have authority over the digital realm, the more digital sovereignty shifts to tech companies. Meta, Google, Microsoft, and other big platforms now control all four vectors of sovereignty—from infrastructure (such as submarine cables) and services like Instagram and LinkedIn to data centres and, increasingly, AI models. This sovereignty shift raises many questions, including the inherent raison d’être of sovereignty: to ensure the existence of a group of people living in a certain territory, known currently as a state, through established legal rules and predictable relations with other states. Short of China, the US, and North Korea, which can impose sovereignty over tech platforms within their jurisdictions, most other countries will have to reconcile their territorial sovereignty with the digital sovereignty of foreign tech companies. In this situation, tech companies have digital power without territory and citizens, and while national governments have territorial authority and a duty to ensure well-being of citizens living on their territory, including their security, health protection, and education, while have to rely on digital tools owned and managed by entities beyond their jurisdiction. For the vast majority of UN member states, ‘full-stack’ sovereignty is not realistically attainable, at least not in the US or Chinese sense. Most countries cannot match the scale of the digital industry, cloud capacity, or AI infrastructure of two countries. And a North Korean model of isolation is not a viable alternative for open societies and globally integrated economies. Nearly every country depends on digital interdependence centred around: This interdependence leaves governments limited room to manoeuvre. The political relevance of digital dependency becomes visible when access is disrupted, as happened last year in Nepal. Nepal’s government cut off access to Instagram and other services within hours, and thousands took to the streets, turning a dormant political crisis into a major one and toppling the government. The EU, which has a large and wealthy digital market, has been pushing for digital security via a mainly regulatory approach using a set of digital instruments: GDPR, DSA, DMA, and the AI Act. In November 2025, an issue of digital sovereignty was raised on a new level through the Berlin Declaration on European Digital Sovereignty. Any pursuit of digital sovereignty is a delicate balancing act. Externally, nations depend on participation in the global economy, which runs on digital networks. Internally, they grapple with a population, particularly its youngest citizens, that is deeply reliant on foreign tech platforms. Sovereignty, in this context, is less a final destination to be reached than a dynamic equilibrium to be maintained. If most states can’t have complete digital sovereignty, can they have any? Yes, they can have some clusters around 4 vectors of digital sovereignty. Digital sovereignty starts with connectivity via submarine cables, terrestrial routes, exchange points, and the ‘last mile’ connection to internet users. Most submarine cables are owned by tech consortia and, increasingly, by big tech companies. On land, governments have more direct jurisdiction over terrestrial networks and last-mile connectivity, which is regulated by national telecom law. For Europe, the infrastructure sovereignty vector is strong, as most continental land cables are operated by national telecom companies under national jurisdiction. Identity infrastructure matters here, too. Systems like India’s Aadhaar show how digital public infrastructure can keep authentication and access under public oversight. More countries are exploring national digital ID and authorisation anchored in digital sovereignty. Most online services – social media, cloud, search, app ecosystems – are dominated by US firms, including Meta, Google, Microsoft, and Amazon, in addition to specialised platforms like Uber or Airbnb. Some countries try to grow domestic providers; others focus on regulation and competition rules to reduce platform centrality. The EU’s Digital Services Act (DSA) represents one major attempt to shape how platforms operate and to rebalance responsibilities across the ecosystem. Brazil has recently joined this regulatory wave with its own distinctive approach, acting on two complementary fronts. In 2025, the government introduced a Bill to amend the country’s competition law to create an ex-ante regime for digital platforms designated as ‘systemically relevant’ and to embed digital market rules within the existing competition framework overseen by Brazil’s antitrust authority. In March 2026, Brazil’s Digital Child and Adolescent Statute (Digital ECA) came into force, imposing structural obligations on platforms to protect children and adolescents online. Brazil is strengthening its digital sovereignty through a pragmatic and multi-dimensional strategy which encompasses regulation, institutional innovation, and geopolitically aware partnerships. Data is the most visible battlefield in sovereignty debates, and often the most politically charged. Much data generated by digital services is stored in data centres operated by global hyperscalers. Even when servers are physically in-country, operational control and legal exposure may still sit elsewhere. There is a growing consensus that certain categories of data should receive special protection under national control, such as election, health, citizen identity, and national security data. The harder debate is industrial and platform-derived data: who owns it, who can reuse it, and how it should be governed. Estonia’s ‘digital embassy’ concept – backing up critical state data in Luxembourg under specific legal arrangements – shows how sovereignty can sometimes be pursued through redundancy and legal engineering, rather than solely through territorial localisation. In the AI era, knowledge becomes a strategic asset. In large language models, weights are a technical representation of learned patterns that increasingly serve as an operational layer of knowledge and capability. This raises new questions about sovereignty: Where are models trained? Who controls the AI weights? Whose language, values, and data are embedded? Who sets the rules for AI deployment? So far, frontier AI platforms are concentrated largely in the United States (e.g., OpenAI, Anthropic) and China (e.g., DeepSeek). The EU and many other regions are now trying to build national or regional AI capabilities, often centred on LLMs, to gain more control over the AI pipeline and to better protect and promote the knowledge of their citizens, communities, and companies. The internet has been a great enabler of humanity, from grandmothers connecting via WhatsApp or WeChat with grandchildren continents away, to the emergence of new platform economies and the unprecedented access to information, to name a few impacts. Tech enabling comes with the promise of individual sovereignty over our data and, ultimately, over the choices we make in a digitally enabled world. In this big bargain, we got new tools but lost our sovereignty, which shifted either to a few governments or more often to a few big platforms. The way our data is stored and used is opaque. We can be banned from using services such as YouTube or Instagram, a decision that can harm the economic well-being of people who rely on them. Our decision to cede our individual sovereignty in exchange for tech utility has been tacit and rarely informed. Thus, the main challenge of AI/digital governance is to make the tech social contract much more explicit and clear. We must know what is happening without data, and, in particular, in the AI era, with our knowledge, which we pass to big AI platforms with every question we ask or answer, we comment on or like. We should also be aware of the options, including the possibility of developing bottom-up AI. As a matter of fact, personal AI systems on devices are becoming technically feasible, financially affordable, and ethically desirable. The uncomfortable reality is that most countries cannot have full authority over their national digital space, and trying to do so can be economically and politically costly. But the alternative is not helpless dependence. For most governments, the real goal is practical sovereignty: enough control to protect citizens, maintain democratic stability, secure critical systems, and keep economic options open, without cutting themselves off from global networks. That means shifting the conversation from slogans to strategy: In a deeply interdependent digital world, sovereignty isn’t a switch you flip. It’s a set of deliberate choices about where you must be autonomous, where you can safely be interdependent, and how you prevent dependency from becoming vulnerability.
Trending use of sovereignty in the tech realm
The United States: Sovereignty by history and market power
China: Sovereignty by design and industrial strategy
North Korea: Sovereignty by isolation
Tech companies as real digital sovereigns
So what about the other 190 countries?
The four vectors of digital sovereignty
1. Infrastructure: Who owns the pipes and the “last mile”?
2. Services: Platform dependence vs. local capacity
3. Data: Where it lives, who can use it, and under what rules
4. Knowledge: AI weights as a new sovereignty asset
False promise of citizen sovereignty (so far)
In search of sovereignty without isolation
