On 18 November 2025 in Berlin, during the Summit on European Digital Sovereignty, the EU Member States signed the Declaration for European Digital Sovereignty (the Berlin Declaration). It constitutes a political commitment, designed to provide a common framework for the enhancement of Europe’s digital capabilities. The Berlin Declaration marks another milestone in the attempts of the Union and its Member States to articulate a coherent vision for their digital future. It rightly highlights the need to mitigate digital dependencies and to advance the EU’s technological capabilities. Yet what remains strikingly absent is an explicit recognition of the central role that fundamental rights play in the EU’s regulatory model. Equally missing is a stronger commitment to enforcement. Sovereignty is not only about building European chips, clouds, or AI models, it is also about ensuring that EU law can be effectively applied and enforced – including against powerful non-EU companies that shape the digital environment within the Union. Without this enforcement dimension, the pursuit of digital sovereignty risks being aspirational rather than operational.

Defining the European digital sovereignty

In recent years, digital or technological sovereignty has become a recurrent theme in European political discourse. The concept reflects the European Union’s growing determination to reduce structural dependencies on foreign technologies and to secure greater control over its digital infrastructure, critical resources, data flows, and innovation ecosystems.

The Summit on European Digital Sovereignty reflects that trajectory. It was an ad hoc, Member State-driven initiative launched by Germany and France, with work on the Berlin Declaration initiated by Austria. Although concluded outside of the EU’s institutional framework, all Member States support the document, which includes references to both the Member States and the EU as an institutional actor.

The Berlin Declaration defines digital sovereignty as “the EU and its Member States’ ability to act autonomously and to freely choose their own solutions, while reaping the benefits of collaboration with global partners, when possible”. The pursuit of stronger strategic autonomy comes amid broader issues linked to changes in geopolitics and decline in international cooperation.

The overlooked pillar

Although the Berlin Declaration briefly invokes the need to preserve “European democratic values in the digital world”, this reference remains largely rhetorical. There is no concrete follow-up in the form of commitments that would operationalise these values in practice. Democracy is referenced in the Berlin Declaration only in a very specific context: the spread of disinformation, the threat posed by deepfakes and the increase in cyberattacks, thus failing to recognise it as a foundational principle that should actively guide the EU’s approach to digital regulation and sovereignty. Therefore, the Berlin Declaration – much like the broader rhetoric of the European Commission – tends to frame digital sovereignty predominantly in terms of capacity-building and infrastructural investments, marginalising the fundamental rights component. This focus risks reducing digital sovereignty to a matter of technical and industrial capability, rather than embedding it firmly within the Union’s constitutional and democratic commitments and leaves a crucial aspect of European digital autonomy underdeveloped.

The EU as a sovereign actor: powers and limits

The EU’s sovereignty has some structural constraints. Enforcement of key digital regulations, such as the General Data Protection Regulation, relies heavily on national supervisory authorities, whose capacities and priorities vary significantly across the Union. Moreover, the EU can act only within the competences conferred upon it by the Treaties, which places legal boundaries on its activities. These systemic limitations are well illustrated by persistent tensions between the EU and its Member States over the division of competences, and have generated extensive case law before the CJEU, from well-known ones such as 6/64 Costa vs ENEL to the most recent C-19/23 Denmark vs European Parliament and Council on the Minimum Wage Directive. These structural and legal constraints can help to explain why the Berlin Declaration, despite numerous references to the EU as a whole, was formally signed outside of the EU’s institutional framework.

The quest for meaningful sovereignty

The understanding of digital sovereignty, adopted by the signatories of the Berlin Declaration, is centred on building technological capacities for the Union and its Member States while reducing critical external dependencies. However, it overlooks the core element of sovereignty itself in its legal sense: the ultimate authority to impose and enforce law.

The Berlin Declaration’s definition of sovereignty begins with the reference to the ability “to act autonomously and to freely choose (…) one’s own solutions”. Yet this goal cannot be achieved without credible and consistent enforcement of EU law, particularly against large technology companies that operate across jurisdictions, manage vast datasets, and control critical infrastructures used by millions of Europeans. The Declaration also emphasises the importance of “reaping the benefits of collaboration with global partners, when possible”. However, such cooperation is only meaningful if extraterritorial enforcement works. Without it, global partners may benefit while bypassing regulatory obligations that bind EU domestic companies, creating an uneven playing field and undermining the credibility of the EU framework – as it is already the case in the area of data protection. Effective and reliable enforcement, including extraterritorial enforcement, is therefore a vital, yet often underestimated, cornerstone of genuine digital sovereignty.

European digital sovereignty in a global context

The global diffusion of digital technologies and the deep integration of transnational supply chains have exposed the European Union to forms of structural dependence on external actors and infrastructures. In domains such as cloud services, semiconductors, and advanced AI, the EU relies heavily on technologies developed and controlled by non-EU companies, which constrains its ability to shape the digital environment on its own terms. This imbalance highlights not only Europe’s weaker industrial position, but also the risks that arise when foundational technologies are shaped by jurisdictions whose regulatory philosophies differ from the EU’s approach.

A recent development that illustrates how relative sovereignty can be is the observation that US law can effectively take precedence over Canada’s claims to data sovereignty. This example highlights how national control over digital assets can be constrained by the extraterritorial reach of more powerful jurisdictions and shows the practical challenges the Berlin Declaration faces in its aim to protect Europe’s most sensitive data from external interference. It should also raise questions about the effectiveness of products and services marketed as “sovereignty-friendly”. The King v. OVH Canada decision provides the latest illustrative instance in this ongoing discussion. Most critically, these developments bring us to a central and increasingly urgent question: whose law governs situations when transnational actors – especially non-EU companies – operate across multiple legal regimes? And, even more crucially: which legal order will prevail when EU rules come into conflict with foreign regulatory frameworks?

Asking similar questions in the European context may lead to answers the signatories of the Berlin Declaration would prefer not to confront – namely, that Europe’s own claims to digital sovereignty, including data sovereignty, remain vulnerable particularly when they are not backed by effective enforcement mechanisms. When caught between conflicting jurisdictions, a company will, in all likelihood, comply with the legal regime backed by the strongest and most credible enforcement capacity. In this light, political commitments such as protecting EU data from undue external interference or extra European laws may constitute obligations that are particularly difficult to uphold within the current geopolitical and technological landscape.

Asserting jurisdiction beyond the EU

The Berlin Declaration states that “Europe must take a proactive role in shaping international policy leveraging its strengths that will create a vibrant global digital ecosystem”. In this context, it is important to recognise that the European Union has, in recent years, adopted an increasingly comprehensive and ambitious digital regulatory framework. Key legislative instruments include the Artificial Intelligence Act, the General Data Protection Regulation, the Digital Services Act, the Digital Markets Act, the Data Governance Act and the Data Act, among others. Together, these measures constitute a sophisticated regulatory architecture designed not only to govern digital markets and technologies within the Union, but also to project European standards outward.

A notable common feature of all these instruments, with the exception of the DGA, is their extraterritorial reach. They are explicitly crafted to apply not only to entities established within the EU, but also to non-EU actors whose activities have effects within the EU’s territory. In other words, the EU seeks to ensure that its regulatory standards govern the digital environment experienced by its residents, regardless of where the relevant entity is based.

By extending its rules beyond its physical territory, the EU and its Member States aim, first and foremost, to “defend” themselves, that is, to prevent non-EU entities from circumventing European legal requirements and to maintain effective control over the digital ecosystem within its borders. It could also, of course, be seen as manifestation of EU’s ambition to act not merely as a regulatory power within its own territory, but as a global norm-setter capable of shaping the behaviour of multinational technology companies.

Yet regulatory reach is meaningless without enforceability. We are not digitally sovereign if we lack the practical capacity to enforce EU law against the actors that shape our digital environment, regardless of where those actors are established. Digital sovereignty therefore requires the ability to ensure effective and enforceable jurisdiction over all relevant actors, including powerful non-EU companies that operate within the Union or have a significant impact on its digital environment.

The imperative of effective enforcement

The stakes, however, extend far beyond ensuring market fairness or creating a level playing field for entities operating within the EU. Digital sovereignty is inseparable from the protection of core European values and the safeguarding of fundamental rights. These values form the constitutional backbone of the Union and are integral to its approach to digital regulation. As such, the ability to exercise effective jurisdiction over external actors is not solely a matter of economic control, it is a prerequisite for upholding the Union’s foundational commitments in an increasingly digitalised society.

The EU and its Member States have a constitutional obligation to uphold human rights, democracy, and the rule of law, as enshrined in Article 2 TEU and operationalised through the EU Charter of Fundamental Rights. This commitment does not stop at the analogue domain – it necessarily extends into the digital sphere, where technological systems increasingly shape social interaction, political participation, access to information, and even the exercise of fundamental rights themselves. Ensuring that these values are protected online is therefore not optional.

Defending fundamental rights in the global digital sphere

Policymakers from across Europe seem to equate digital sovereignty with the pursuit of innovation, technological capability, and competitiveness. While these dimensions are undoubtedly important, placing a stronger emphasis on fundamental rights and core EU values would have also another benefit: it would significantly reinforce the EU’s ability to assert and defend its jurisdiction internationally. The EU’s regulatory model already places considerable weight on the protection of human rights, democratic principles, and the rule of law. Elevating this dimension to a strategic tool could help consolidate the EU’s position in global digital governance.

A rights-based framing offers a legal and normative foundation for EU’s regulatory claims, including those with extraterritorial implications. International law, especially where linked to the protection of fundamental rights, can reinforce the credibility of EU action. When EU rules on data protection, AI, or platform regulation are grounded in internationally recognised human-rights obligations, the EU is better positioned to justify why certain standards should apply to entities outside its territory. By rooting its extraterritorial enforcement claims in universally endorsed principles rather than purely economic or security considerations, the EU can strengthen its global standing and mitigate accusations of regulatory overreach. A values-based approach thus not only reflects the Union’s constitutional identity but also enhances its capacity to defend and extend its regulatory space in an interconnected digital environment.

Conclusion

With developments such as the Berlin Declaration, the broader EU deregulation agenda (see here and here), and the forthcoming digital fitness check, European policymakers have entered a global race for technological innovation and global competitiveness. There is much to gain, and it is clear that Europe must strengthen its technological capabilities. Yet, such capacities alone do not guarantee sovereignty. The ability to set, apply, and enforce rules – including vis-à-vis powerful non-EU companies – is equally essential if the EU is to act as a genuinely sovereign actor in the digital age. At the same time, there are inherent limits to how far the Union can ensure enforcement in areas such as data protection, where its competences remain shared with – and in crucial aspects – dependent upon the Member States. The paradox is that empowering the EU on the global stage and strengthening its digital sovereignty requires not only action at the Union level, but also a strengthened commitment from the Member States to implement and enforce EU law effectively and, where necessary, extraterritorially. The EU’s global standing in digital governance depends therefore also on the willingness and capacity of the signatories of the Berlin Declaration to act as credible enforcers of a shared legal order.

In pursuing technological leadership, the Union and its Member States must not sideline the values on which it is founded. Instead, they should leverage them to strengthen the legitimacy of EU’s digital sovereignty, particularly when asserting extraterritorial jurisdiction over global tech giants. Through effective enforcement, political intentions – such as these expressed in the Berlin Declaration – become practical reality, enabling European standards and interests to guide the digital ecosystem rather than those of powerful non-EU corporations. Without such enforcement, calls for European digital sovereignty risk remaining symbolic rather than substantive in today’s highly interconnected global digital landscape.

The views and opinions expressed in this blog post are those of the author and do not necessarily reflect the views or positions of any affiliated organisations or institution.