Why Europe can’t defend what it can’t connect

Politico Europe · Feb 26, 2026 · Collected from RSS

Full Article

Europe enters a more contested decade than any since the end of the Cold War. Yet the frontline shaping its security is no longer limited to land, sea, air or even space. It runs directly through the digital backbone that powers modern life: the networks, data infrastructures and connectivity systems on which governments, economies and armed forces depend. But Europe will not be secure until it takes this digital backbone’s security seriously, and governs its openness through risk-based, verifiable sovereignty rather than isolationism or complacency. Europe will not be secure until it takes this digital backbone’s security seriously, and governs its openness through risk-based, verifiable sovereignty A digital frontline that remains dangerously exposed Hybrid threats no longer sit at the margins of European security. In reality, they cut straight through its core systems. Hospitals, energy grids, transport networks, financial markets and military command-and-control all rely on constant, resilient connectivity. Via Vodafone. Joakim Reiter, group chief external and corporate affairs officer, Vodafone. And when those systems falter, nations falter. Recent blackouts in Portugal and Spain revealed what this means in practice. A ‘digital failure’ is not an IT incident. It is a national security event. Adversaries have already drawn the lesson. Subsea cables carrying 95 percent of the world’s internet traffic face mounting sabotage risks. Satellites have become open theatres of geopolitical competition. And cyberattacks now routinely target both critical national infrastructure and the commercial networks that underpin defense readiness. Despite this, much of Europe’s digital backbone is still approached as a utility, not a strategic asset. Market forces, on their own, cannot deliver the resilience, redundancy and diversity that modern deterrence requires. Piecemeal upgrades and fragmented responsibilities across civil, military and regulatory silos leave avoidable gaps that adversaries will inevitably exploit. A ‘digital failure’ is not an IT incident. It is a national security event. Europe must therefore elevate secure connectivity to the level of defense preparedness — politically, financially and operationally. It requires moving beyond incrementalism to a coordinated framework that fosters and defends critical digital infrastructure — one that enables governments and operators to plan, train and respond together before, not during, the next crisis. Sovereignty is about control, not isolation Connectivity alone is not the issue. Europe’s strategic vulnerability also stems from how it governs the technologies on which its digital backbone depends. And while digital sovereignty is one pillar of Europe’s wider resilience agenda — spanning critical value chains such as defense, automotive, chemicals and energy — it is the pillar without which none of the others can function. Europe cannot attain digital sovereignty by continuing excessive dependence on a small number of non-European providers. But it also cannot achieve it by walling itself off from global innovation. Both extremes weaken resilience. That’s why sovereignty done right means governing openness on Europe’s terms. Europe must keep critical operations in trusted European hands while maintaining access to the scale, performance and innovation that global platforms can provide. This approach starts with understanding sovereignty across three dimensions: — Data sovereignty: who has lawful access to information. — Operational sovereignty: who runs and can intervene in critical systems. — Technological sovereignty: which capabilities Europe must own or control. The false choice between ‘ban foreign tech’ and ‘do nothing’ is a trap. The real path forward is risk-based, proportionate and verifiable. We must define what truly requires European control and work with like-minded international partners to build a trusted technology ecosystem. Sovereignty needs to be demonstrated in practice, not merely asserted in policy. This approach would also enable Europe to pool industrial capacity with trusted partners such as Japan, Canada, Australia, the United Kingdom and South Korea. This is cooperation that strengthens Europe rather than diluting control. From principles to verifiable control Europe should reject blanket bans based on EU borders that raise costs, slow next-generation deployment and fail to deliver true control. Instead, sovereignty must be translated into concrete, auditable mechanisms that strengthen resilience. To deliver it, Europe should follow four core principles: Harden the backbone: Europe must create a much better business case for investing in resilient fiber, advanced 5G technologies and future networks built with defense-grade security. And it must fortify subsea cables, satellite systems and cross-border infrastructure against hybrid threats. This is defense spending by another name. Engineer sovereignty into operations: ensure Europe retains verifiable control over access to sensitive systems and require European oversight of critical operations. Authorities must be able to verify who operates critical systems, where data is processed and which legal jurisdiction applies. Certify ‘Trusted European Operators’: establish an EU-wide certification enabling European-anchored providers to manage access to global platforms within EU-governed environments. Make interoperability and portability mandatory to prevent lock-in and ensure resilience. End ‘sovereignty washing’: providers claiming sovereign capabilities must prove it. Europe must require auditable disclosures and rigorous, risk-based assessments. If claims cannot be verified, they should not determine Europe’s critical infrastructure decisions. In parallel, Europe should adopt a single EU framework defining practical levels across the data, operational and technological dimensions. This would give CIOs, regulators and public bodies clarity and consistency. From doctrine to delivery As the dust settles on the annual Munich Security Conference, Europe faces a defining choice. It can carry on treating its digital backbone as regulatory plumbing and watch vulnerabilities compound. Or it can recognise this backbone for what it is — a core line of defence. The real test of seriousness is whether governments and operators can plan together, train together and respond together when systems are stressed. The real test of seriousness is whether governments and operators can plan together, train together and respond together when systems are stressed. And this depends on whether investment, procurement and certification systems finally move at the speed security demands. The way forward lies neither in dependence nor in fantasies of self-sufficiency. It must be grounded in risk-based sovereignty, delivered through verifiable control, modernized infrastructure and deeper public–private cooperation, aligned with trustworthy allies. Ultimately, Europe cannot defend what it cannot connect, and it cannot compete if it closes itself off. Europe will fail this critical strategic test if the regulatory agenda for connectivity — the Digital Networks Act, Cybersecurity Act and merger guidelines revisions — does little to strengthen the very networks its security depends on. If Europe gets this right, it can build a digital backbone capable of deterring adversaries, supporting allies, protecting citizens and powering innovation for decades to come. Disclaimer POLITICAL ADVERTISEMENT The sponsor is Vodafone Group plc The ultimate controlling entity is Vodafone Group plc The political advertisement is linked to EU-level security and digital policy with particular focus on the Digital Networks Act, Cybersecurity Act, merger guidelines and broader digital sovereignty strategy. More information here.