Not through a dramatic blackout like the one recently seen in Spain — though that offered a glimpse of how fragile complex systems can become under stress.
More likely, it would happen quietly. Almost invisibly.
No sudden collapse. No warning sirens. Just systems progressively slowing, degrading, disconnecting — until entire sectors of European economic and social life begin to stall.
We mapped out a few realistic scenarios of how Europe's technological dependencies could one day "switch off" parts of our economies and societies.
A cloud provider restricts access overnight
Europe's cloud market is worth €61 billion. Amazon, Microsoft and Google control 70% of it. European providers have fallen from 29% share in 2017 to 15% today and have not recovered.
Total EU annual spending on US cloud and software services is estimated at around €264 billion — roughly 1.5% of EU GDP and comparable in scale to Europe's annual energy import bill.
If any one of those three US companies decided tomorrow to restrict access to European clients — for commercial reasons, under legal pressure, or at the direction of a government — what share of European digital infrastructure could continue to function without interruption?
A software licence is suddenly suspended
Microsoft holds 77–80% of EU public sector productivity software (governments, local entities, administrations, agencies etc). In some member states its share of office software reaches 90–92%. EU procurement tender data shows Microsoft cited in 89–100% of relevant notices in 2024.
The International Criminal Court (ICC) is the world's permanent court for war crimes, based in The Hague. Its Chief Prosecutor, Karim Khan — a British national — had his official Microsoft email account suspended in May 2025 after the Trump administration placed him under US sanctions.
A British citizen, working for an international institution on European soil, lost the ability to communicate officially because of a decision made in Washington and executed by a US software company. The Dutch government launched an emergency review of its digital infrastructure within days.
If a foreign government were to sanction a European head of state, a European institution or government, or a simple citizen — how many of the tools they rely on daily to govern would remain accessible?
A critical update never arrives — or worse, breaks systems at scale
On 19 July 2024, CrowdStrike — a US cybersecurity company — pushed a routine update. Within hours, 8.5 million Windows computers crashed worldwide in what is now called the largest IT outage in history. It was an accident.
More than 5,000 flights were cancelled in a single day. Hospitals lost patient records. Banks went offline. Fortune 500 losses reached $5.4 billion. The lesson is not that CrowdStrike is malicious — it is that a single automated update from a single US vendor can do this by accident.
The CrowdStrike case was an accident affecting a fraction of global infrastructure for a single day. What could deliberate acts, timed across sectors and exploiting dependencies on critical updates, bring about?
A foreign court invokes its jurisdiction, freezing data flows or blocking services
Since 2018, the US CLOUD Act has given American authorities extraterritorial reach over data controlled by US tech companies — even when that data is stored in Europe.
Your hospital records may sit in a Frankfurt data centre, but if the provider is American, that data can still fall under US jurisdiction.
In June 2025, Microsoft admitted under oath in a French court that it could not guarantee data held in Europe would not be transferred to US authorities if legally required. European sovereign cloud spending is now projected to more than triple between 2025 and 2027 as a direct result.
Two legal frameworks now apply simultaneously to data stored in Europe in infrastructures owned by American companies — one European, one American. In the event of a conflict between them, will those American companies comply with European legislation or US law?
What This Means For Europe
None of these, on their own, would bring Europe to a halt. But combine a few — even accidentally, even temporarily — and entire sectors could slow, stall, or fail.
This is not a dystopian scenario. It is simply the logical endpoint of a dependency European States have spent years building and years refusing to name.
Europe's economies now run on infrastructure it does not control.
The cloud platforms storing sensitive public and corporate data are overwhelmingly American. The most advanced semiconductors powering industry, defence, and telecommunications depend on supply chains centred in Taiwan and the United States. The AI models increasingly used in healthcare, logistics, finance, and public administration are largely developed and governed outside Europe.
For most of the past decade, this was seen as efficiency. A natural division of labour in a globalised world.
We have seen this logic at work in recent times: the United States restricting access to advanced chips for China. China limiting exports of critical raw materials. Sanctions regimes cutting countries off from financial and technological systems overnight.
The tools exist. The precedents exist. The incentives to weaponize dependencies are ever growing.
As tensions rise between Washington and Europe over trade and industrial policy, between the West and Beijing over technology, the question is no longer abstract:
And what happens the day that control is exercised?
What Tech Sovereignty Really Means
"Tech sovereignty" has become one of those phrases everyone uses and few define.
Strip away the jargon, and it comes down to something simple: can our societies still function if others decide to change the rules? Can a hospital keep running if its software provider cuts access? Can a factory operate if updates stop coming to its machines? Can a government act if its data is stored — and legally controlled — elsewhere?
Practically: control in moments of friction.
The invisible dependency
Digital dependence is hard to grasp because it is buried deep in systems people never see. A "European" company today might run on American cloud infrastructure, use chips designed in the US and manufactured in Taiwan, depend on software licensed under foreign jurisdiction, integrate AI models trained and whose algorithms are controlled elsewhere. On paper, it is European. In reality, its room for manouvre is limited — not because anyone is actively switching it off, but because the option exists. And in politics, the mere existence of leverage changes behaviour.
Where sovereignty is won — and lost
For decades, Europe's tech and digital strategy has been nothing more than regulating others' services and products. The GDPR set a global benchmark for data protection. But it did not address the underlying question: who controls the systems that store, process, and move data? That distinction is now central.
If Europe is serious about sovereignty, the real question today is: how do we create situations where European choices become the default? That does not come from leaders' declarations or blind funding distributions: use, scale, and demand are what has been missing.
Three Things That Actually Matter
We need to talk about the Single Market (again)
Europe lacks adoption at scale. There are European cloud providers, AI companies, cybersecurity solutions. But they are rarely the first choice. Public administrations still default to Microsoft and AWS. Corporates optimise for short-term efficiency, not long-term resilience. Startups build on non-European stacks because that's where the ecosystem already is. The result: European alternatives exist — but remain marginal.
Sovereignty starts when European solutions are actually used. Today, digital demand in Europe is still fragmented along national lines: procurement rules differ, standards diverge too much. A German company, a French administration, and an Italian startup face different frameworks — while their American competitors operate on one large, unified home market.
Stop trying to throw money at the problem
For years, the EU and Member States have tried to build sovereignty through funding supply: more projects, more subsidies, more strategies. But supply without demand leads to one outcome: good technologies that nobody uses. The missing piece is demand. Why do European companies not switch? Because switching costs are high, ecosystems are weaker, and perceived risk is higher than staying with incumbents. Policy should focus on making switching rational and scalable — through procurement that consistently prioritises European providers, diversification requirements on critical systems, and funding conditions that steer startups toward European infrastructure from day one.
You are the answer
Ministries and EU Institutions can only do so much. Sovereignty is shaped by millions of everyday choices. Europeans overwhelmingly use American operating systems, American platforms, American AI tools. The alternatives exist, but habit, convenience, and network effects dominate. Scale is what makes technologies viable. If European consumers adopted European apps, browsers, AI tools, and cared about where their data is controlled domestically — the market would shift. Today, digital sovereignty is exclusively treated as a strategic issue, while it should also be considered a consumer behaviour issue.
Someone, somewhere, could decide to switch Europe off.
The question is whether we will have given them the switch in the first place.