The Tech Sovereignty Package is the European Union’s upcoming policy framework (expected in 2026) aimed at strengthening Europe’s control over its own digital future. At its core, it seeks to reduce dependence on non-European technology providers while boosting the EU’s capacity in critical areas like semiconductors, cloud computing, artificial intelligence, and open-source software. Dr Monique Calisti, CEO at Martel Innovate and coordinator of the NGI Commons initiative, highlights that the framework is not just about regulation but about redefining Europe’s digital foundations.
Rather than introducing an entirely new layer of regulation, the package is designed to simplify and better align existing rules. It builds on the recommendations of Mario Draghi in his 2024 competitiveness report, and is embedded in the EU’s broader strategy through the Competitiveness Compass. The goal is to cut unnecessary bureaucracy that slows innovation, while creating conditions that allow European companies to grow and compete globally.
“Europe’s Tech Sovereignty Package is not simply about tightening rules or reducing dependency. It is about reshaping our digital foundations around shared, open infrastructures. By recognising open source as digital commons, we are elevating community-driven innovation into a strategic pillar of sovereignty, ensuring that Europe’s digital future remains collaborative, resilient, and sustainably governed.”
Dr Monique Calisti, CEO Martel Innovate
In practical terms, the initiative focuses on four main pillars: Cloud and AI Development; Chips Act 2.0 and the next generation of computing; the European Open Digital Ecosystems (The Open Source Strategy) and the roadmap for Digitalisation in Energy. Together, these efforts support what the EU calls “open strategic autonomy”, the ability to remain globally engaged while retaining control over key technologies.
For initiatives like NGI Commons, the package is especially significant because it formally recognises open technologies as digital commons, shared infrastructures that are essential for sovereignty, innovation, and security, rather than just cost-effective alternatives. If we focus on the Open Source Strategy or the European Open Digital Ecosystems, for example: Jointly driven by DIGIT and DG CONNECT at the European Commission, this initiative moves beyond treating open source merely as a cost-saving alternative or a licensing compliance issue.
Instead, it formally positions open technologies as digital commons, which are shared, public-interest digital infrastructures that are critical to European sovereignty, democratic resilience, and cybersecurity. According to data from the GitHub Innovation Graph, there are nearly 25 million EU developers who generated over 155 million contributions to public projects in a single year. However, as highlighted in the Open Knowledge Foundation network’s formal submission to the Commission’s early-2026 Call for Evidence, the commercial value of this massive output is disproportionately extracted by large non-EU tech companies. These foreign entities routinely package European open-source assets into highly profitable, proprietary enterprise platforms, while the underlying code remains maintained by underfunded volunteer communities. Then there is the Digital Commons European Digital Infrastructure Consortium (DC-EDIC). This legally binding consortium pools national resources to jointly fund, develop, and operate cross-border open-source infrastructure (spanning AI, cloud, and cybersecurity). The explicit goal is to ensure public administrations are not forced to default to proprietary foreign software.
The Strategic Tension: Sustainable Maintenance vs Value Extraction
Global software infrastructure cannot rely on one-off innovation grants. The strategy must establish continuous, operational funding for the maintainers of critical open-source projects. Furthermore, as these projects become foundational to European tech sovereignty, they must be protected from regulatory burnout. The Cyber Resilience Act (CRA) addressed this by introducing the “Open Source Software Steward” role, a tailored legal framework that allows foundations to maintain sovereign infrastructure with significantly lighter compliance obligations than commercial manufacturers. By ensuring that strict technical documentation rules (such as CRA Article 31) remain proportionate for these stewards, the EU aims to secure the digital commons without creating a regulatory frightening effect on its developers. Ultimately, executing this vision requires a massive behavioural shift in public procurement, convincing Member States to adopt a strict “buy European / open by default” mandate.
Roadmap for Digitalisation in Energy
While framed as a sustainability initiative, the Strategic Roadmap for Digitalisation and AI in the Energy Sector, scheduled for adoption in early 2026 as an evolution of the 2022 EU Action Plan, operates fundamentally as a national security and critical infrastructure defence strategy. Following a major public consultation that concluded in late 2025, the roadmap treats energy-sector AI as high-risk infrastructure, mandating strict compliance with the NIS2 Directive and the Cyber Resilience Act (CRA). It promotes the creation of a Common European Energy Data Space, utilising artificially generated “synthetic data” to train local grid-optimising AI models without violating EU privacy laws. Furthermore, the Commission is backing the development of a highly accurate Digital Twin and a European AI Foundation Model for Energy Grids, allowing operators to run millions of locally hosted simulations to test grid resilience against cyberattacks without requiring billions in physical hardware upgrades.
The 2026 Tech Sovereignty Package and its Dilemmas
The Strategic Tension: The Compute vs Climate Collision
There is a profound friction between the EU’s technological ambitions and its physical energy limits. The overarching package aims to onshore massive AI computing power, yet AI data centres are projected to devour staggering amounts of electricity. To manage this tension, the roadmap aligns with the upcoming Data Centre Energy Efficiency Package, introducing a strict “Grid-Positive” mandate. For a tech provider to fast-track a new data centre in Europe, they must prove the facility offers demand-side flexibility and captures waste heat for local district heating. The strategic risk is whether these strict environmental mandates will ultimately discourage the sovereign infrastructure investments the European Commission is trying to attract.
Funding Mechanisms: The Capital Markets Dilemma
To fund these initiatives, the European Commission is attempting to streamline capital through a centralised European Competitiveness Fund. As outlined in the formal legislative proposal, this framework aims to mobilise hundreds of billions to de-risk private deep-tech investments and prevent European startups from relocating to the USA. Draft proposals suggest the EU may restrict access to these massive public funding schemes exclusively to advanced tech producers based in Europe.
The Strategic Tension: Balancing Autonomy with Investment
The capital required to scale leading-edge AI and semiconductor ecosystems is overwhelming. By legally capping foreign direct investment or limiting global tech giants from accessing European subsidies, the EU faces the challenge of funding its own market. Without a fully realised and highly liquid Capital Markets Union to replace that foreign capital, a vulnerability heavily emphasised in the 2024 Draghi Report, the Tech Sovereignty Package risks setting ambitious rules without the underlying financial mechanisms necessary to execute them at a global scale.
Strategic Recommendations – Building Architectural Resilience
True autonomy is not about waiting for regulations to take effect. It requires building architectural resilience and embedding organisations into the European innovation ecosystem today. Because the operational realities differ slightly depending on jurisdiction, leaders and decision-makers must tailor their approach.
Key Initiatives and Usage Examples
- Cloud and AI Development Act (CAIDA): Harmonises definitions of “sovereign” cloud and eases rules for building data centers in the EU to increase data capacity.
- Chips Act 2: The Next Generation of computing. Builds on previous efforts to strengthen semiconductor manufacturing and secure supply chains.
- Open Source Strategy: or the European Open Digital Ecosystems, encourages the use of independent, European-managed software to decrease reliance on non-European tech giants
- Strategic Roadmap for AI in Energy: Focuses on developing digital infrastructure specifically for the energy sector.
- Sovereign Cloud Tender: The commission is already awarding tenders (e.g., EUR 180 million over 6 years) to European providers to secure cloud services for EU institutions.
- Digital Sovereignty, “Technological” or “digital sovereignty” has emerged as a way to advance European leadership and strategic autonomy in the digital sphere.
- Open Strategic Autonomy “Open strategic autonomy emphasises the EU’s ability to make its own choices and shape the world around it through leadership and engagement, reflecting its strategic interests and values.
- European Industrial Policy aims to strengthen the competitiveness of EU industry and to promote a more sustainable, resilient and digitalised economy that creates jobs.
Dr Monique Calisti’s full analysis underscores that recognising open source as digital commons marks a turning point: it elevates community-driven technologies into strategic assets that must be sustained, protected, and integrated into public policy. For NGI Commons, this shift is particularly as it validates its mission to foster an open, human-centric internet ecosystem. By aligning policy, funding, and infrastructure around shared digital resources, the package creates a unique opportunity for NGI Commons to scale its impact and help ensure that Europe’s digital sovereignty is built on openness, collaboration, and long-term sustainability.
English 
French