Cybersecurity: for a real and civic digital sovereignty
We have heard a great deal about "digital sovereignty" in cybersecurity over the past few years.

We have heard a great deal about "digital sovereignty" in cybersecurity over the past few years. But let's be honest: it has become a catch-all phrase, worn to the bone. Everyone waves it around, few really act.
The reality? We missed the boat. Several times. For lack of vision, of courage, or of consistency. And in the meantime, France and Europe have shifted more than 75% of their IT spending toward non-European solutions, mainly American ones.
We organized our own dependency
The figures are stubborn. The French "sovereign" cloud remained a dead letter. Major public bodies and CAC 40 companies host their critical data on Azure, AWS or Google Cloud.
Yet the skills exist in France. So do the solutions. Serious, solid, innovative players. But they do not get the support they deserve. Not enough references, not enough orders, and therefore not enough weight.
It is a vicious circle, but above all a short-sighted strategy.

Sovereignty is not a posture, it is an infrastructure
This word has been depoliticized to the point of becoming vague. But the truth is simple: no sovereignty without the ability to choose, to understand, to react.
Today, a good part of our data, our decisions, our essential services pass through platforms that we control neither legally, nor technically, nor economically.
And this is not just a matter of "data protection". It is a question of power. Of skill. Of the balance of power.
Cybersecurity without mastery of the tools is an illusion
You can pile up charters, rules, audits. If you do not master the technical basics of your own systems, you are exposed. Full stop.
And if you keep depending massively on foreign ecosystems, whose priorities are neither ours nor those of our citizens, then our entire chain of trust rests on a gamble.
This is not pessimism. It is realism.
Civic digital sovereignty: a horizon still within reach
It is too late to be first. But it is not too late to regain ground.
It starts by giving weight to local solutions. Not out of blind patriotism, but because it is strategic. Because it is healthy. Because it rebuilds skill, resilience, and responsibility.
It continues by training citizens, professionals, decision-makers to understand what they use. Not to know everything, but to know how to ask the right questions.
It also means putting trust back at the center: not in the tools, but in relationships, processes, and the ability to say no when necessary.
The choice is political, but also daily
Do you run a local authority? A company? A public service? Look at your dependencies. Ask your providers the question. Support human-scale players. Invest in skills, not just in compliance.
And if you are a citizen, a user, a professional: be curious. Demand transparency. Talk about these subjects, even simply. Because by making systematic outsourcing routine, we end up subcontracting our very ability to exist.
Digital sovereignty will never be perfect. But it must be a direction. A clear course.
Not a word in the press releases. An act in the choices.
Learn more about My resources and my book
Questions fréquentes
What is digital sovereignty according to this article?
It is not a posture or a slogan, but an infrastructure: the concrete ability to choose, understand and react on your own systems, legally, technically and economically.
Why do we speak of an organized dependency?
Because public bodies and CAC 40 companies host their critical data on Azure, AWS or Google Cloud, for lack of sufficient support for local players, which keeps a vicious circle going.
Is it too late for digital sovereignty?
It is too late to be first, but not too late to regain ground. It starts with giving weight to local solutions, training decision-makers and citizens, and putting trust back at the center.
What can a leader or a local authority actually do?
Examine your dependencies, question your providers, support human-scale players and invest in skills, not just in compliance.

Être en cybersécurité
Une feuille de route cyber en clair, pour tout le monde, pas seulement les experts.
