Digital Emigration

Who controls sovereignty after the contract is signed?

Published:

We often talk about digital sovereignty as a technology problem. In practice, it is usually an ownership problem.

An organisation can host systems in the EU, use EU staff, and meet every compliance requirement. Yet if the supplier can be acquired, controlled, or pressured by a foreign parent, sovereignty quietly evaporates over time.

This is where protected ownership comes in.

Protected ownership means that decisive control over a provider cannot be sold, transferred, or coerced without structurally breaking its mandate. In practice, this shows up as foundations, mission-locked statutes, golden shares, or governance vetoes on change of control. Ownership and economic value may exist, but governance is structurally designed to prevent hostile takeovers, jurisdictional drift, and short-term exits.

A well-known example is Signal. The organisation is structured so that it cannot be sold, acquired, or repurposed under external pressure. That ownership model is what makes its guarantees durable. Not because Signal is perfect, but because control cannot silently change.

This is not an abstract concern. The Dutch digital identity system DigiD is formally a government service, yet parts of its operational stack depend on external suppliers. When ownership or control of such suppliers shifts, even if the service itself remains public, the sovereignty assumptions underneath it change. Not by redesign, but by acquisition.

Why this matters for policymakers and CTOs

Without protected ownership, every other safeguard is temporary.

You can invest in secure architecture, customer-controlled encryption, strong identity design, exit strategies, and supply-chain controls. All of that assumes one thing: that control does not silently change underneath you, after contracts are signed and systems are live.

We have seen what happens when that assumption fails. European suppliers are selected for reasons of autonomy, then acquired later. Jurisdiction shifts. Control shifts. The original risk simply reappears one layer up.

Protected ownership does not replace good architecture, cryptography, identity design, exit planning, or operational discipline. Those remain essential. But without protected ownership, each of those defences has an expiry date.

Digital sovereignty is not achieved by choosing the right cloud region. It is achieved by ensuring that control cannot quietly move somewhere else.

Question

If a change of ownership can instantly place critical systems under foreign jurisdiction, why is protected ownership still not a mandatory requirement in procurement, vendor qualification, and platform strategy for critical digital infrastructure?

#DigitalSovereignty
#CriticalInfrastructure
#PublicSectorIT
#Governance