top of page


If the ambition is to maintain France among the states that count in the digital space, it remains that the European Union is the relevant scale to build a stable and democratic cyberspace that is also efficient.

To provide appropriate responses and robust guarantees, an in concreto analysis of the digital ecosystem must be carried out in the current context of globalization and neoliberalism, where the brutality of international geopolitical and economic relations is expressed.

Cyberspace has the particularity of being the only strategic space created by the hand of man[1]. This intangible world appears as a world to conquer or, at the very least, in which to exercise power. In this regard, it is essential to well define its boundaries. The ANSSI[2] defines cyberspace as the space of communication constituted by the global interconnection of digital data processing automated equipment.

Cyberspace consists of three spheres[3]:

1. Hardware or infrastructure layer, which corresponds to all the devices, servers, routers, computers that allow the interconnection of machines ;

2. Logical or software layer, which covers the elements of communication between the machines themselves, i.e., protocols, or between humans and machines, i.e., software.

These first two layers form the technical organization of cyberspace and define how networks work.

3. Semantic or informational layer (or « cognitive » layer) : corresponds to all the information that passes through the first two.

Therefore, sovereignty, understood as the supreme political power exercised over a territory, must apply to these three levels of cyberspace ; otherwise, a technological dependency link will always be present. To simplify, the entity that controls its three layers will dominate the digital space.

And in this power game, the United States, which created and deployed the Internet[4], has taken an absolute lead in the global governance of the digital Empire, imposing their aggressive standards and regulations with extraterritorial reach[5]. President Obama declared, in 2015, in response to accusations of massive digital espionage by the NSA[6] (the Snowden affair) : « The Internet is ours, our companies have created it, extended it and perfected it in such a way that competition cannot follow. »

The United States has structured their strategic and geopolitical vision of cyberspace on its architecture, defined by its first two layers, through their submarine cables through which 90% of data flows and their root servers operate the Internet.

Furthermore, the fundamental mission of defining the main standards applicable to the Internet also falls to a private American company : the ICANN[7] which is in a worldwide monopoly position. The logic would dictate that the management of such an important system for humanity should be the subject of a treaty establishing an international organization. So far, this debate has had little echo and has encountered the intelligent policy of ICANN and (likely) the determined resistance of the US government.

« It is indicative that the United States is very strongly attached to the location of ICANN and computers (...) on American soil. The global file of subscribers and internet sites is therefore located on their territory, with wide access possibilities, either through justice or more discreetly. »[8]

The Internet also participates in American soft power, being an alternative vector of the liberal world, in particular through social networks such as Facebook, Twitter, Linkedin... This is why « the Internet must therefore be considered not as a tool of influence, but as a tool that multiplies the influence ».[9]

American technology has thus imposed itself globally in all spheres and sectors of public and private activity, constituting a considerable leverage of power, leverage largely supported and strengthened by the government, law and North American diplomacy.

Just one example is the Cloud Act[10], passed in 2018, which allows US law enforcement and federal intelligence agencies to obtain data from non-Americans held in servers of American companies (essentially the GAFAMs) without having to notify users. This is a risk for our strategic data and a contradiction with the GDPR[11] regarding personal data. Without a legal procedure for judicial assistance, States cannot oppose this plundering of data or refuse to deliver it.

And in this regard, the GDPR is of no help[12], its scope is in fact limited, and the fines imposed are not deterrent given the billions generated by Big Tech Giants.

Thus, the United States, imitated by China and Russia (to a lesser extent), have taken the lead in global digital control.

China and Russia have heavily invested to counter the American block and have developed strict doctrines aimed at ensuring their digital sovereignty and emancipating themselves from American hegemony. These authoritarian and obscure policies, which restrict the protection of cyberspace and are far from Western democratic values, have had mixed success but must not be neglected. China and Russia are now armed in terms of digital sovereignty in cyberspace at a time when the technological cold war is at work.

The balance of power today places Europe, and France, in a very particular position.

This geopolitical situation leaves little room for a still poorly defined European strategy : European investment capabilities remain marginal, the emphasis is therefore on defending values (a demanding conception of privacy), and the main lever remains, by default, negotiating access for companies to an coveted internal market of close to 500 million consumers.

And today in France, initiatives such as La French Tech are trying to give new life to its positioning in cyberspace. But « the effort is manifestly insufficient due to lack of means, but above all because the environment has been preempted since then by Big Tech companies, which makes it difficult to create sovereign, independent digital services or resources. »[13]

Massively and undiscerningly funding startups doomed to failure or ultimately acquired by non-European players will not change the game. Technological progress must above all guide France and Europe towards real digital independence.

It is in the field of data transfer to the USA that Europe has been waging a defensive legal battle for almost a decade. Through its remarkable Schrems judgment, the Court of Justice of the European Union invalidates the Safe Harbor agreement concluded in 2000 between the European Commission and the United States. Hastily, the controversial Privacy Shield was concluded in 2016, which was also invalidated by the CJEU.

Europe has so far been able to restore balance in the power relationship, but have Europe's energy dependencies led it to sacrifice its digital sovereignty ?

On March 2022, the EU seeking an alternative to Russian gas, an energy alliance was sealed between Europe and the United States, allowing Europeans to access American LNG. It is in this context that a new agreement on the transfer of data between the EU and the United States is announced, while discussions were at a standstill.

Have our data been chosen as a bargaining chip ?

New geopolitical, environmental, and socio-economic challenges thus question the roles and responsibilities of actors. In this regard, control of data is the priority axis both for the "redevelopment" of the US economy, structured around economic giants (GAFAM), and for the US security strategy, supported by the very significant powers entrusted to the NSA.

To restore balance in the distribution of digital power, the Union must not succumb to easy solutions, such as simply locating data on its territory, for example. Very varied solutions are available to address this issue, ranging from technical standardization to industrial investment through regulation.


Founding President, Delex Consortium

[1] Report of the French Senate, « The Duty of digital Sovereignty », October 2019 [2] National Agency for the Security of Information Systems [3] Report of the French Senate, « The Duty of digital Sovereignty », October 2019 [4] The history of cyberspace begins on American soil with the creation of the Arpanet in 1969 for the needs of Defense, developed by the Defense Advanced Research Projects Agency (DARPA), and the creation of the TCP/IP (Transmission Control Protocol/Internet Protocol) in 1972. For its civil use, the Arpanet will become the Internet with the creation of domain names in 1983 and the World Wide Web in 1989. [5] For example, the « Claryfying Lawful Overseas Use of Data Act » (or "CLOUD Act") [6] The National Security Agency is a US government agency within the Department of Defense responsible for electromagnetic intelligence gathering and the security of American government information systems. [7] The ICANN (« Internet Corporation for Assigned Names and Numbers ») is responsible for managing Internet protocols (IP), which are a series of numbers that form a computer address. Each computer has an IP address that is its own signature. The ICANN also registers Internet domain names (DNS). [8] Parliamentary Information Report on private vectors of influence in international relations, by Jean-Michel BOUCHERON et Jacques MYARD, National Assembly, 18 October 2011, p. 66 [9] Parliamentary Information Report on private vectors of influence in international relations, National Assembly, October 2011 [10] The Claryfying Lawful Overseas Use of Data Act" (or "CLOUD Act") was adopted by the US Congress in March 2018. It aims primarily to reaffirm the right of US authorities to require technical intermediaries subject to their jurisdiction to disclose any data stored abroad. [11] The EU General Data Protection Regulation went into effect on May 25, 2018, replacing the Data Protection Directive 95/46/EC. [12] According to Solange Ghernaouti, director at Swiss Cybersecurity Advisory & Research Group [13] MAISON ROUGE (de) Olivier, Cyberisks. Legal Management of risks in the digital era, LexisNexis, 2018


Commenting has been turned off.
bottom of page