by Billion Temesghen

BRUSSELS, May 24 (Xinhua) -- When Microsoft blocked International Criminal Court (ICC) Chief Prosecutor Karim Khan from accessing his official email account this week over the court's investigation into Israel, it was seen by many Europeans as a stark warning, reigniting concerns about digital sovereignty and geopolitical vulnerability.

The disruption on May 15 was triggered by U.S. President Donald Trump's February sanctions against the ICC. It interrupted vital communications at the court, with one senior civil servant in The Hague calling it "a red flag at all levels of government," as reported by Dutch news outlet De Volkskrant.

In response, the Netherlands, home to the ICC, has launched a comprehensive review of its digital infrastructure. The Dutch Parliament has called for risk assessments and contingency plans to reduce reliance on non-European cloud providers.

Klaas Knot, president of De Nederlandsche Bank, warned Tuesday that even domestic systems such as iDEAL -- the Netherlands' widely used online payment platform -- rely on infrastructure dominated by Microsoft, Amazon, and Google. These tech giants collectively hold more than 60 percent of Europe's cloud market, making essential services susceptible to foreign policy shocks.

Member of the Dutch parliament Barbara Kathmann voiced the growing anxiety: "Is it possible that Dutch citizens will also be denied access to their Microsoft accounts and bank accounts as a result of sanctions imposed by the Trump administration?"

The sense of alarm is not new. A January audit by the Netherlands Court of Audit flagged "serious risks to continuity," revealing that more than half of Dutch government services run on U.S.-controlled cloud systems.

EU'S LONG WAY TO DIGITAL AUTONOMY

The European Union's (EU's) efforts to achieve digital autonomy started even earlier. Since 2021, the European Commission has taken steps to strengthen digital independence. Initiatives like the EU Cybersecurity Certification Scheme on Cloud Services and the Digital Markets Act (DMA) aim to reduce reliance on foreign platforms and promote competition within the bloc.

National governments have followed suit. Germany and France spearheaded the GAIA-X project in 2020 to develop cloud infrastructure that complies with the General Data Protection Regulation (GDPR). Belgium allocated 61 million euros (69.35 million U.S. dollars) in 2021 to migrate its defense network to a sovereign cloud by 2026. France launched its "Cloud de Confiance" strategy, resulting in Bleu -- a joint venture between telecommunication service providers Orange and Capgemini. Finland, in contrast, has adopted a hybrid approach, welcoming foreign providers under strict regulatory oversight.

Meanwhile, France, Germany, and the Netherlands have jointly pushed for stronger public-private collaboration in emerging sectors such as quantum computing and artificial intelligence. Their proposals include public procurement reforms and initiatives to support startup funding.

Despite the ambition, the reality remains sobering. European dependence on U.S. cloud technology is deeply entrenched. Rotterdam-based provider Intermax estimates that migrating to alternative infrastructure could take up to three years. CEO Ludo Baauw noted that public institutions face "institutional lock-in," with their operations and even staffing deeply entwined with the U.S. tech ecosystem.

While European tech firms work to catch up in scale and capability, the EU has resorted to regulatory mechanisms. Just last month, the European Commission levied its first major fines under the DMA: 500 million euros against Apple and 200 million euros against Meta.

U.S. TECH FIRMS RECALIBRATE

Under mounting pressure, American tech giants are reassessing their strategies. Speaking in Brussels on April 30, Microsoft President Brad Smith emphasized the company's commitment to European laws.

"We understand that European laws apply to our business in Europe," Smith said, adding in a blog post that Microsoft would legally challenge any government order demanding suspension of its European cloud operations.

As part of that pledge, Microsoft vows to increase its European data center capacity by 40 percent and place regional operations under the governance of a board composed exclusively of European nationals.

Google is also adjusting. It has expanded its sovereign cloud services and partnered with French defense firm Thales. Hayete Gallot, Google's president of customer experience, noted that the growing trade tensions were "causing anxiety," adding that digital sovereignty, once a niche defense concern, is now central to customer expectations.

A STRATEGIC VULNERABILITY EXPOSED

The ICC incident exposed a critical fault line in Europe's digital infrastructure. Despite hosting data in EU-based centers, the operations remain under the control of American firms, which may still fall under U.S. jurisdiction, making European sovereignty vulnerable to extraterritorial enforcement of U.S. policy.

Until recently, efforts to localize infrastructure were pursued slowly, often viewed as technical initiatives that required long-term investment and pan-European coordination. The ICC incident has now offered European leaders an immediate and visible reason to accelerate reforms.

In the near term, a hybrid model seems inevitable. Sensitive public systems may transition to EU-controlled platforms, while less critical services will likely remain on global platforms under tighter regulations.

The path to full digital autonomy is proving to be not only longer, but far more urgent than many European policymakers had anticipated. (1 euro = 1.14 U.S. dollar)