In his speech at the World Economic Forum in Davos on 20 January 2026, President Emmanuel Macron reaffirmed the importance for France and Europe of not giving in to “the law of the strongest” and of defending national, territorial and economic sovereignties in an increasingly unstable world. He emphasised that in the face of the “brutalisation of the world,” it is vitally important to reject subjugation and strengthen strategic autonomy in the interests of preserving an order that is based on rules, and not on force.
This vision, although formulated on a macro-geopolitical scale, has a direct resonance in the field of cyber defence. At a time when digital architectures are becoming critical areas of sovereignty, mere regulatory compliance – whether at French or European level – is insufficient to address the issues at stake.
An imperative of sovereignty for defence actors
For players in the defence and digital technology sectors, sovereignty must no longer be seen as a mere administrative constraint or protectionist barrier, but as the sine qua non for trust, operational control and shared responsibility in the face of hybrid and evolving threats. This vital need for sovereignty requires total transparency and traceability throughout the technology value chain. In other words, we need a clear understanding not just of the features offered by the solutions that protect sensitive infrastructure, but more importantly, of the underlying origins of such solutions. This requirement applies in equal measure to IT security tools (software, hardware), complex defence systems (command, intelligence) and critical information networks.
In an international context marked by intensifying geopolitical pressures and strategic rivalries, it is paradoxical to note a persistent mistrust, or even ignorance, of the identity and real roots of certain European cybersecurity companies. Although these players are strategically positioned and sometimes leaders in their segment, the fact that they are French or European is not always clearly appreciated or considered by decision-makers. The European Union’s recent refusal to impose strict sovereignty criteria for the cloud, as provided for in the Cybersecurity Act 2, illustrates this strategic ambiguity and blurs the visibility of European cybersecurity players.
Towards strategic autonomy and national resilience
The question of sovereignty goes far beyond a simple need to meet regulatory obligations or national certifications. It is based on strengthening local technological ecosystems, encouraging Research and Development (R&D), direct support from experts and close legal and cultural frameworks. Strategic autonomy and national resilience depend on the full and whole-hearted adoption of these solutions by operational and political leaders.
Beyond legislation, decrees and technical standards, sovereignty in cyber defence is fundamentally a question of people and collective cohesion. It is a contract of trust that must be re-established and strengthened between public authorities, manufacturers and end users. This requires a collective effort to appreciate the issues at stake and the provenance of home-grown solutions, along with the guarantees they offer. A collective approach of this kind would enable nations to plot a resilient course amid an international environment marked by growing tensions, sophisticated state cyberattacks and intense strategic competition for technological dominance. Sovereignty is, ultimately, the assertion of the ability to act autonomously and resiliently in the face of uncertainty and threat.
