The time has come to take back control of our cybersecurity

« Sovereignty means having options, keeping technological control, and the possibility of changing your mind and using other solutions. » 

Mathieu Isaia, Managing Director of TheGreenBow

In his televised address to the French nation on March 5, 2025, President Macron reiterated the need for economic, technological, industrial and financial independence. He pointed out that the time has come to move from words to deeds, by France truly putting itself in a position to wield such freedom of choice to strengthen its independence in defense and security.

The debate around sovereignty is not a recent one, and has always been highly divisive. Awareness of the importance of this issue for the French economy and national security has grown slowly, undoubtedly because its proponents are talking about potential threats of an uncertain nature.

Secondly, European countries have willingly taken shelter under America’s umbrella to ensure their defense. France even ultimately rejoined NATO’s command structure in 2009. However, the geopolitical situation at the start of 2026 shows that the threats are now very real and tangible.

Clearly, the current stance of our long-standing ally across the Atlantic shows that we no longer share the same priorities, nor the same enemies. The decision to pause its offensive cyber operations against Russia is a perfect illustration of this major change in strategy by the United States.

Within this new multipolar order that is emerging, Europe is now able to rely only on its own forces. The time has come for French and European private- and public-sector organizations to decide to keep the US at arm’s length.

We see a clear choice between two options. The first is to wallow in our illusions, accepting our dependence on American solutions, a state of affairs regularly highlighted in European Commission reports. For example, the report published on 21 February 2022 (EU strategic dependencies and capacities: second stage of in-depth reviews) underlines Europe’s technological dependence in a number of fields, starting with cybersecurity. One figure in this report is particularly breathtaking, which is that 70% of imports by Member States of goods and services in the area of cybersecurity are from outside the EU (the United States and China in particular). This report also warns of the harmful consequences of this strategic vulnerability, namely the risk to information security, the risk of shortages or bans affecting exports, and of importing vulnerabilities.

Keeping the status quo would clearly mean implicitly, and yet assuredly, relinquishing the confidentiality of our data. This would add to another risk already apparent to—and experienced by—CISOs, namely data security. Predominating as they do, American software solutions are in fact the primary targets of cyberattacks, and moreover are showing themselves to be increasingly vulnerable (see the 2024 Trends in Vulnerability Exploitation report). These solutions are already sorely testing the nerves of IT security professionals, who must keep up with the breakneck pace of software updates. No one has forgotten the faulty CrowdStrike update that caused widespread crashes on Microsoft Windows systems. Millions of systems were affected worldwide, leading to significant disruption in organizations operating in areas such as transportation, financial services, government services, and healthcare.

The second option is to switch to alternative solutions, either local, or failing that, European. Such alternatives exist in every area, and the unconvinced simply need to take a look at the many initiatives listing equivalent solutions that are mushrooming across social media. For example, the mapping published at the start of 2025 by the European Champions Alliance lists 832 companies offering solutions in many fields, such as cryptography, fraud detection and prevention, cloud and data protection, and cyber governance.

Besides the prospect of gaining independence, this option has the benefit of giving European and French solutions a chance, offering them the opportunity to develop further and, as a result, to continuously improve their quality.

This second path cannot be taken without some major political choices at a number of levels. First of all, nationally. Significant room for improvement exists within the French government itself, which should be setting an example in terms of digital sovereignty. The striking example of French health data being hosted via the Health Data Hub, awarded to Microsoft Azure in 2020, epitomizes this contradiction. Despite the fierce controversy this decision provoked, and the legitimate questions raised about the protection of this sensitive information, this strategy choice has still not been seriously challenged, a situation that testifies to the perpetual gap between official statements advocating technological independence, and what the government actually does.

When personal data is involved, public procurement should favor sovereign solutions. Similarly, at the European level, all possible angles to encourage the purchase of European products and services in the field of defense and cybersecurity should be fully explored. With the Trump administration threatening to increase tariffs on European products and services, passing a “Buy European Act” appears necessary.

Our reassessment must be thorough and our action swift, because in cybersecurity—as in defense procurement—our dependence on American equipment has reached very high levels and unquestionably affects our capacity for action. It is worth recalling that roughly two thirds of European Union Member States’ arms spending goes to American suppliers. Yet when it so chooses, Europe is capable of strengthening its defenses. National security reasons drove it to act to restrict the use of equipment from Huawei and ZTE. Eleven European countries, including Germany and France, consequently decided to exclude Chinese telecoms hardware from their 5G networks, or at least limit its use. SFR and Bouygues Telecom, the two French operators that had installed Huawei network equipment, have until December 31, 2031 to remove some 11,000 antennas.

Should we be as distrustful of American technology as we are of Chinese solutions? Maybe not, but at the very least, equivalent distrust, risk analysis, and building European digital sovereignty in critical sectors such as defense and cybersecurity all make perfect sense.

The good news is that we have the resources to implement such sovereignty. The technological capacity, regulatory framework, financing, and research are already in place to fuel a rich European ecosystem, as the ECA’s mapping shows. France is in fact the leading member of this ecosystem, with around 40% of the 832 companies identified by the ECA, including global leaders such as Thales, Atos, and Stormshield. This momentum is underpinned by a rapidly expanding technological fabric, and regulations that encourage innovation.

However, while these solutions exist, they are not sufficiently employed. All it would take is a proper strategic surge, and they could establish themselves as the benchmark in Europe and internationally.

The defense industry proves that sovereignty is not a pipe dream, but an attainable strategy choice. France has demonstrated that technological independence is possible when political will and interoperable solutions converge, which is what French manufacturers in the Defense Technological and Industrial Base (DTIB) have achieved in the field of secure communications. They have managed to develop and deploy sovereign solutions, ensuring the independence of our armed forces and our critical infrastructure. TheGreenBow, with its advanced VPN security solutions, illustrates this ability to break free from foreign alternatives.

Along with artificial intelligence, the other challenge for these stakeholders is developing expertise in quantum technologies. Technological sovereignty is one of the stated objectives of the PROQCIMA project (the French initialism for Quantum Program for Cybersecurity and Advanced Military Intelligence) begun in March 2024 by the French Defense Procurement and Technology Agency in conjunction with the General Secretariat for Investment. This program, which aims to develop universal quantum computers to meet the needs of the French defense sector, involves five innovative French start-ups. Support for research, and public-private partnerships in quantum technology, are contributing to the emergence of an impressive industrial ecosystem.

The defensive aspect of quantum-resistant cryptography constitutes a challenge facing all of Europe. At this point, it is once again America that is paving the way by setting the first standards for quantum-resistant algorithms. Although European researchers and manufacturers are heavily involved in researching and developing these new algorithms, it is the American standards body (NIST) that is selecting them and deciding upon standards. China, meanwhile, has recently announced that it is also starting an ambitious initiative to develop its own standards. A decision that results not only from a lack of trust, but also from a determination to ensure its own technological independence in a field it views as vital for its national security and sovereignty.

In response to the changing geopolitical situation, Europe needs to build on its strengths and claim its digital independence. Stop submitting, stop being dependent, and instead impose its own standards, encourage its own technology champions, and make cybersecurity a mainstay of its sovereignty. We need to stop merely observing the state of play, and act now, on every front—political, industrial and technological—to ensure a secure, independent digital future for Europe.