A new Myra Security study finds that in Germany, France and the Nordic countries, digital independence is turning from political rhetoric into concrete action — driven by geopolitical pressure and the US CLOUD Act.
For years, digital sovereignty was mostly a political declaration of intent. A new survey of 1,818 IT decision-makers in Germany, France and the Nordic countries shows that this intent is increasingly translating into concrete action — even if the path there differs sharply by region.
The debate around digital sovereignty has shifted noticeably within a single year. That is the central finding of the “State of Digital Sovereignty Report 2026” by IT security provider Myra Security, for which polling institute Civey surveyed 1,818 IT decision-makers in Germany, France, and the Nordic countries of Denmark, Norway, Sweden and Finland between February 25 and March 5, 2026. The core takeaway: a widely shared conviction is increasingly turning into concrete corporate action.
In Germany, 87.5 percent of respondents favor prioritizing European digital products for critical infrastructure operators — a modest increase from 84.4 percent the previous year. More striking than the overall figure is the shift within that approval: while 66.1 percent expressed unequivocal support in 2025, only 47.2 percent did so in 2026, while the more cautious “rather yes” camp grew from 18.3 to 40.3 percent. Outright rejection has nearly vanished, down to 0.3 percent from 5.5 percent. The study’s authors read this as a maturing process — categorical enthusiasm giving way to a sober but broadly shared consensus.
The shift is even more pronounced in actual implementation. The share of German companies actively adopting European software nearly doubled within a year, from 20.4 to 39.7 percent. The share of those categorically refusing to switch collapsed from 47.7 to 4.6 percent — a drop of more than 90 percent.
The study identifies a changed geopolitical environment as the central trigger. In February 2026, Reuters reported that the US State Department had instructed its diplomats worldwide to actively push back against digital sovereignty efforts. Even before that, the International Criminal Court in The Hague had switched its office software from Microsoft to a German alternative after the US government sanctioned several of its judges, cutting off their access to US platforms. In June 2025, Microsoft France’s chief legal officer confirmed before the French Senate that the company must comply with lawful US data requests regardless of where the data is stored — a statement that cemented the CLOUD Act as a mainstream concern in European IT strategy.
Regional comparison reveals three distinct profiles. France leads in overall approval of European software, at 93.6 percent, but also shows the highest share of companies increasing their use of US software in reaction to geopolitical events (24.8 percent). Study authors partly attribute this to survey timing: the announced migration of French state administration from Windows to Linux was unveiled only after the survey concluded. The Nordic countries stand out for consistency — only 3.3 percent categorically reject switching providers, and 49.5 percent believe Europe can achieve far-reaching digital independence by 2035, the highest figure among the three regions. Germany, meanwhile, shows the strongest concrete response to the CLOUD Act, with 32.4 percent planning a provider switch and 16.4 percent already having done so.
The transition is not without friction: high migration costs, lack of information about European alternatives, and technical doubts dominate as the most-cited obstacles across all three regions. Yet roughly two-thirds of respondents in each region do not consider costs a decisive barrier. The study frames this as an opportunity — providers that lack visibility don’t get procured, and that is precisely where European vendors can gain ground.
Political pressure is mounting elsewhere too. In April 2026, 25 CEOs of European cloud and digital companies warned the European Commission in an open letter against defining digital sovereignty too loosely in the planned Cloud and AI Development Act — a phenomenon the industry now calls “sovereignty washing,” referring to providers that promise European control while leaving core dependencies in corporate structure, legal jurisdiction, or technical administration intact.
The study concludes soberly: Europe doesn’t need to own the digital sea, but it does need to navigate it itself again. It outlines five action areas — improving the visibility of European providers, building migration capability, winning public administrations as anchor customers, strengthening trust in European technical competitiveness, and defining sovereignty realistically as the capacity to act rather than as full autarky.

Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM.
Contact via Mail: jakob.jung@security-storage-und-channel-germany.de