2. How much digital sovereignty does Europe need?
3. What constitutes digital sovereignty?
3.2 Importance for the financial sector
4. Policy reqirements to strengthen Europe’s digital sovereignty
4.1 Create a level playing field for digital competition
4.2 Promote cloud banking in Europe
4.3 Promote the data economy by creating a cross-sector data framework
4.4 Enhance cybersecurity expertise
4.5 Introduce a programmable euro
4.6 Create a digital ID ecosystem
1 Executive summary
The digital sovereignty of Europe is a basic prerequisite for the European economy to maintain its innovativeness and therefore its competitiveness in the medium to long term. Yet, Europe’s digital sovereignty is still very limited. The increasing concentration of economic power and technological expertise among large, non-European online platforms has meant they can operate as gatekeepers, particularly to the digital economy. At the same time, however, German and European businesses are strongly interlinked in a globalised world with a high degree of specialisation. So, with this in mind, full digital sovereignty in the sense of complete separation would not be desirable. The aim of this position paper is to raise awareness for the need to strike an even balance between strengthening Europe’s digital sovereignty and retaining an open and flexible European economy in a globalised world. Protectionist measures aimed at turning digital sovereignty into a reality will have a negative impact on Europe as a location and must therefore be avoided.
In order to strengthen Europe’s digital sovereignty, and particularly that of its financial industry, this position paper looks at the specific requirements of the financial industry through the prism of the four sovereignty dimensions – infrastructure sovereignty, data sovereignty, decision-making sovereignty and platform sovereignty.
- Overhaul the existing framework of competition law to produce modern legislation that creates a level playing field for digital competition.
- Promote cloud banking in Europe by removing regulatory hurdles and creating European standards that allow IT infrastructure to become more flexible and powerful.
- Support the data economy by creating a cross-sectoral data framework that allows data-driven value creation across all industries and for the benefit of customers.
- Develop and expand cybersecurity expertise not only to protect critical infrastructures, but also to gain the trust of the individual in the digital economy.
- Focus on multilevel procedures to introduce a programmable euro in order to support particularly German industrial enterprises with their digital transformations.
- Create a European digital eID ecosystem.
All efforts to strengthen digital sovereignty should aim to tread a common European path. And this path must be based on European values and standards such as trust, openness, high levels of data protection and smart governance, whilst also maintaining the competitiveness of European businesses.
2 How much digital sovereignty does Europe need?
“Now is the time for Europe to be digitally sovereign” – these were the words used in a letter sent in early March 2021 by four European heads of government, including German chancellor Angela Merkel, to call on the European Commission to come up with an action plan for greater digital sovereignty. This latest attempt to highlight the issue underlines once again how important the topic has become in recent years. Hardly any political debate about Europe’s role in the world fails to mention digital sovereignty; the term has become synonymous with Europe playing catch-up in the global race for technology leadership, particularly in relation to the US and China. However, this does not define what digital sovereignty needs to encompass. At the German government’s most recent digital summit towards the end of 2020, Chancellor Angela Merkel said that Europe must be able to do everything – in other words, Europe must be independent without restraint. However, Minister of State for Digitalisation, Dorothee Bär, was more reserved and said that for her, digital sovereignty meant wanting to go our own European way on digitisation and determining the digital transformation for ourselves. She said that neither was it a question of doing everything ourselves in Europe. It was about having the sovereignty to decide where we want to remain independent and which areas we will have to invest in.
In the context of the political discussion as to how the competitiveness of banks and fintechs in Europe can be secured, the debate about digital sovereignty has already found expression in regulations targeting the European financial sector. Legislative initiatives, such as the Digital Operational Resilience Act (DORA), the Markets in Crypto-assets Act (MiCA), the Digital Services Act (DSA) and the Digital Markets Act (DMA) show the efforts being made by policymakers to strengthen the digital sovereignty of Europe as an economic location and financial centre. Europe’s GAIA-X project, initiated by the German government, to create an open data infrastructure is also headed in this direction. Nevertheless, Europe has a long way to go to secure its digital sovereignty. As the facts and figures show: China has been working on a digital central bank currency since 2015, Google dominates almost the entire European market for search engines and the vast majority of European internet users are active on Facebook every day. Together with its other services, WhatsApp and Instagram, the Facebook group is already an almost indispensable part of the everyday lives of many Europeans.
In order to strengthen and, at the same time, secure Europe’s digital sovereignty, it is crucial that transparent and flexible economic activities are not endangered in a globalised world. However, in our rush to regain technological self-determination, we must never lose sight of the fact that we live in a networked world and that we benefit massively from it. In other words, in a global and therefore highly specialised world, full digital sovereignty will never be possible; we need to strike an even balance. In the following section, we highlight what the Association of German Banks – a firm advocate of these objectives – believes will achieve balanced digital sovereignty in Europe and look specifically at measures relating to the financial sector.
3 What constitutes digital sovereignty?
3.1 Origins of the term
The concept of digital sovereignty has emerged quite recently from the aspiration to achieve European leadership and strategic autonomy in the digital domain. It describes Europe’s ability to act independently in the digital world, deploying both protective mechanisms and offensive instruments to foster digital innovation.
A report by the European Commission on media sovereignty from March 2019 highlights that the power of global tech companies whose strategies revolve around the collection and analysis of data, and whose actions are not always guided by European rules and basic values, represents a major political challenge for Europe. Furthermore, in 2019, the European Parliament expressed its deep concern about security threats associated with the growing technology presence of China in the EU and called for possible measures at EU level to reduce Europe’s dependencies.
What does this mean specifically for the concept of “digital sovereignty”? What areas need to be defined and what levels of competence and autonomy need to be attained before we can talk about achieving digital sovereignty? The Bertelsmann Stiftung determined in its publication from July 2020 that the term “digital sovereignty” is interpreted very differently and made its own attempt to define it.
“Digital sovereignty is the ability of an entity to personally decide the future form of identified dependencies in digitalisation and to possess the necessary powers.”
In our opinion, it is important that digital sovereignty, in the sense of being able to take our own decisions and actions, ought not be based solely on an analysis of the present. When considering how critical or indispensable a service, product or sector is, it is vital to take into account future developments and the overall global context.
The Karlsruhe Institute of Technology (KIT), together with the Fraunhofer-Gesellschaft, published a thesis on the digital sovereignty of Europe and attempted to differentiate between its four constituent dimensions. Accordingly, the four dimensions of digital sovereignty are as follows:
- Infrastructure sovereignty: the ability to create trustworthy technical infrastructures or to verify their trustworthiness and operate them in such a way that services offered on the basis of these infrastructures are trustworthy.
- Data sovereignty: the ability to make informed and self-determined decisions about how and by whom information about one’s own person or institution, one’s own actions or products is collected, processed and transferred.
- Decision-making sovereignty: the possibility to trace the origins and justifications for decisions and recommended actions implemented by autonomous systems and assistants and, where applicable, to influence them through human intervention.
- Platform sovereignty: occurs when the market power of major players in a platform economy is restricted through regulation and deliberate customer choices to a degree that allows fair competition.
If European areas of competence and common goods are discussed in terms of these four sovereignty dimensions, it becomes evident that EU member states can only be successful in all these individual areas if they work together. This is clearly illustrated, for example, in the financial industry.
3.2 Importance for the financial sector
Europe’s digital sovereignty is vitally important for the innovativeness of European businesses and organisations. And since users of IT services and of success-critical digital technologies depend on there being sufficient competition on the provider side, the needs of both providers and users must be taken into account. As users of a variety of IT services for many years, banks are all too aware of this. Setting up a competitive landscape of European IT providers, most prominently offering cloud services, and actively promoting European IT cooperation projects, such as the GAIA-X initiative set up by the German government to create an open data infrastructure, are enormously important. These initiatives all come under the dimension of infrastructure sovereignty.
It also includes setting up secure technological infrastructures (e.g. 5G) and a digital euro. Although in its payments system based on SEPA standards, Europe has a sovereign and powerful payments infrastructure, it is under threat from initiatives such as Facebook’s digital currency, Diem (formerly known as Libra). In order to introduce a programmable euro and thereby satisfy the needs of industry in the Internet of Things (IoT), a powerful telecommunications network is vital. In addition, true digital infrastructure sovereignty can only be attained through strong European cybersecurity skills, as this issue will dominate future security policy.
Data are not only a key factor in strategic production and competition, they are also at the core of value creation in the digital economy. The financial sector has supported the principle of data sovereignty by using open interfaces for Europe-wide payment services, in line with the EU’s Revised Payment Services Directive (PSD2). Of course, the use of open interfaces is currently unilateral and limited to the financial industry. Open interfaces must now be used in all sectors, including the major technology companies, because promoting the exchange of data across sectors is fundamental for European data sovereignty. This includes allowing customers to make decisions about storage, processing, access and use of their data at any time. Among other things, this would enable banks to better satisfy customer needs and to modernise and thereby significantly improve their risk management.
Decision-making sovereignty in the digital world is becoming increasingly dependent on expertise in the field of artificial intelligence. Entire business models and even government action are increasingly based on the evaluation of enormous amounts of data by complicated algorithms. It became clear during the COVID-19 pandemic that decisions taken based on the use of advance AI systems could have major advantages in combatting the spread of the virus. The US and China, in particular, are leaders in the field of research and development into artificial intelligence. The lack of European expertise in this area could have devastating consequences for the sovereignty of Europe, since it would mean purchasing technologies blindly and without any real opportunity to verify them. Even today, it is no longer possible in all cases to fully trace every decision made using advance AI methods, such as neural networks. The possibility to trace the origins and reasoning of decisions taken and actions recommended by autonomous systems and to influence them, where necessary, is important for the individual as well as for businesses and industries. A sense of proportion must be applied here in order to enforce decision-making sovereignty over the major US and Chinese tech companies and, at the same time, avoid excessive regulation for European providers, such as banks.