European Digital Sovereignty: EU’s Projection of Normative Power?

Published on September 9th, 2020

Written by Abid Adonis

Figure 1. European Union flag. (Photo credit: Wikimedia Commons)

In the last four years, “digital sovereignty” has turned into a new prominent talking point between the European Union (EU) policy makers. The EU has been unprecedentedly vocal about the importance of international actors having digital sovereignty as the new European Commission President Ursula Von Der Leyen emphasized it in her pitch in 2019.1 Digital sovereignty, defined as the ability of an actor controlling, governing, exercising, transferring, and using digital information, communication, and infrastructure,2 creates a novel political debate in EU politics as it arguably will determine EU position in global politics in the upcoming years, particularly towards the United States, China, South Korea, Russia, and Big Tech Firms. It is also a technocratic effort to keep up with fast-paced technological developments like Artificial Intelligence (AI), 5G, Big Data, Blockchain, and Cloud Computing that will define geopolitical contestation in the future.

The EU and its member states have been working on defining and shaping the idea of European Digital Sovereignty as the new norm in cyberspace. The EU reveals four-folded Digital Strategy as the pillars of European Digital Sovereignty: a) technology that works for people; b) a fair and competitive digital economy; c) an open, democratic, and sustainable digital society; and d) Europe as a Global Digital Player.3 These strategies are manifested mostly in the development of regulatory frameworks and investment on research and innovation. Specifically for Digital Sovereignty, the EU develops and utilizes European regulation as the main instrument. General Data Protection Regulation (GDPR) is in the heart of European Digital Sovereignty given its salient impact on European and global level in setting a new standard for internet regulation.4 GDPR not only highlights the EU’s founding values on freedom, democracy, and human rights as written in the Treaty of EU,5 but also fosters an innovative civil rights protection agenda in the digital era such as the right to be forgotten and data portability rights.6 In addition to the Digital Sovereignty agenda, the EU also introduces numerous regulatory frameworks in digital space including Cybersecurity Certification by ENISA and proposes Digital Taxation and 5G standardization.7 In short, regulation is the spearhead of European Digital Sovereignty.

It goes without saying that economic variables play a pivotal role in the discussion of digital sovereignty. The EU sees how European digital firms fail miserably to compete toe-to-toe with its American and Asian counterparts. According to Forbes, there is only one European digital company that ranks in the 20 Biggest Digital Companies in the world.8

There is a sizable gap on competitiveness and capitalization of European tech firms that stimulates an eerie feeling for EU stakeholders. European leaders, lately, shoot on taxation, anti-competitive behavior, and civil rights protection issues as the intervening variables preventing European companies to compete fairly against American and Asian companies.9 Some prominent tech companies from North America and Asia are recently under legal inquiry or, at least, deemed as breaking those issues in European Union and its member states.10 The idea of digital sovereignty fits with this intention by regulating the European digital market in accordance with EU’s values, or interests.

On the political-security dimension, the call for European Digital Sovereignty has been linked with the objective of having European strategic autonomy. French President Emmanuel Macron and German Chancellor Angela Merkel have repeatedly invited EU leaders to envision European strategic autonomy in response to ever-increasingly unpredictable endeavors demonstrated by their transatlantic partner.11 European Digital Sovereignty is situated in the heart of the strategic autonomy discussion since EU member states have encountered cyber threats first-handedly in the form of disinformation, interference on electoral process, attacks on critical infrastructure, and other malicious cyber activities without significant help from non-EU partners. Reliance to NATO without envisaging its own strategic autonomy in the era of alliance uncertainty would turn the European Union into a sitting duck against increasingly dangerous cyber adversaries in the present and future. With hindsight, the EU sets multiple cyber defense and cyber diplomacy measures to mitigate the risk and build a foundational base for its strategic autonomy within Common Foreign and Security Policy (CFSP).12

With strong economic and political security considerations, I deem that the construction of European Digital Sovereignty is a rejuvenation of European Union as a normative power. The concept of “normative power,” coined by Ian Manners in 2002, refers to the ability of European Union to set a new normal by instrumentalizing European norms to influence other actors’ behavior.13 Here, European norms are associated with liberal values such as democracy, human rights, and sustainability that are claimed to be universal, but made in Europe.14 The idea is that the European Union has the responsibility and moral obligation to manage its foreign relations not only for the sake of power pursuit, but also to advocate values in equal weight, at least normatively. The understanding of European Union as normative power mostly relates to the EU’s behavior in trade negotiations that is relatively successful in promoting sustainability principles to its trading partners–although the EU is also proactive in non-trade activities to promote European values.

The European Digital Sovereignty project is the ample illustration on how European Union attempts to exercise itself as a normative power. It seeks to set a new normal in international cyber norms by introducing GDPR as a legally-binding regulation. The compliance of the GDPR is mandatory to allow any tech firm to run the business within European Union territory. Virtually it implies most of the biggest tech companies to adopt the European regulations since it is almost impossible not to run their business in a lucrative European market. Not only for tech companies, GDPR also already sets a new normal in international cyber norms by being a reference for other countries in setting their internet regulation. Last year, Brazil passed a data protection law, called Lei Geral de Proteção de Dados (LGPD) that is largely inspired by the EU’s GDPR.15 Indonesia is also in the process of finalizing a new law on data protection with the EU’s GDPR as the main guide.16 In 2018, Japan also aligned its data protection to the EU’s GDPR.17 In terms of setting a new normal and shaping other actors’ behavior, one can say that European Digital Sovereignty fulfills the attribute of normative power.

The European Union apparently will learn from the criticism towards the idea of normative power in the past. Previously, the EU was criticized for the accountability and credibility of claiming itself as a normative power, like enacting double-standard measures to different actors or issues; or, above all, putting geopolitical factors as the prima facie of exercising its normative power, rather than value-based factors. In the case of Digital Sovereignty, the EU has a lesser chance to do so since the very existence of European Union’s digital market and security hinge upon the idea of European Digital Sovereignty. Economically, the EU has more incentive to promote its digital sovereignty idea since it hardly competes with North American big tech companies endorsed by the US-styled laissez-faire approach on the digital market. The EU also hardly contests Asian companies, especially from China, in which they have strong government ties and back-ups–something that is diametrically opposite with the EU’s economic feature. The EU has no other option than to distance itself by being in between an excessive capitalism ideology or state-endorsed neo-mercantilist approach in running digital economy. On the security aspect, apart from strategic autonomy consideration, the EU is forced to respond to heavily state-controlled type of digital sovereignty as exercised by China and, to lesser extent, Russia by providing a more solid alternative and democratic vision of digital sovereignty. This is also a reaction to the U.S.’ reluctance to be proactive in promoting democratic vision of digital sovereignty as the superpower profits significantly by less intervening and regulating the digital market. Hence, the EU has to have its own vision of digital sovereignty not only to survive politically and economically by promoting its norms globally, but also to find its relevance in global internet politics.

However, despite the EU’s efforts to establish and promote European Digital Sovereignty, one must remember that the EU still has a long way to go to be a credible normative power. EU shall remember that normative power entails the importance of having credible material capability and capital prowess, apart from the appealing dimension of the norms it promotes. Massive investment and commitment would be the painstaking homework for European technocrats to address in the upcoming years–and surely it will not be easy given the current economic climate. But, the biggest homework for Brussels is formulating a grand strategy for European Digital Sovereignty that balances norms and realpolitik; domestic and external dimension; competition and collaboration; and, above all, short and long term interest. Because the race for digital sovereignty is not a sprint, it is going to be a long marathon between the EU, U.S., and China. And let’s see together who is going to give up first: the normative power, the capitalist power, or the mercantilist power?

Only time will tell.


Abid A. Adonis is a researcher at Abdurrahman Wahid Centre for Peace and Humanities, Universitas Indonesia. He is currently completing his dual master degree in International Affairs at Paris School of International Affairs, Sciences Po, France and The London School of Economics and Political Science (LSE), United Kingdom.


  1. Von Der Leyen, Ursula. 2019. “Political Guidelines for the next European Commission 2019-2024”, European Union,
  2. Adonis, Abid A. 2019. “Critical Engagement on Digital Sovereignty in International Relations: Actor Transformation and Global Hierarchy”, Global: Jurnal Politik Internasional, 21(2): 262-282
  3. European Commission, The European Digital Strategy, Accessed on 20/08/2020
  4. Goddard, Michelle. 2017. “The EU General Data Protection Regulation (GDPR): European Regulation That Has a Global Impact.” International Journal of Market Research 59(6) : 703–5. doi:10.2501/IJMR-2017-050.
  5. Ibid.
  6. Madiega, Tambiama. 2020. “Digital Sovereignty for Europe”, European Parliamentary Research Service Ideas Paper.
  7. Ibid.
  8. Forbes, 2020, Top 100 Digital Companies, Accessed on 20/08/2020
  9. Barker, Tyson. 2020. “Europe Can’t Win its War It Just Started”, Foreign Policy,
  10. New York Times. 2019. “U.S. Announces Inquiry of Digital Tax that May End in Tariffs”
  11. Laurent, Lionel. 2019. “Macron and Merkel are Caught in a New War”, Bloomberg,
  12. Council of the EU, “Cyber attacks: EU ready to respond with a range of measures, including sanctions”,
  13. Manners, Ian. 2002. “Normative Power Europe: A Contradication in Terms?,” Journal of Common Market Studies 40, no. 2.
  14. Ibid.
  15. Laboris, Ius. 2019. “Brazil – Is the new Brazilian Data Protection law a Cut-and-Paste of the European GDPR?”, Lexology,
  16. SSEK Indonesian Legal Consultants. 2019. “With GDPR as Guide, Indonesia Nears Major Changes to Rights of Personal Data Owners.” Lexology,
  17. Skadden. 2018. “Data Protection in Japan to Align with GDPR”.