The EU’s policies in the field of technology broadly defined are increasingly marked by a concern over strategic autonomy, and Europe’s place in the world. Regulatory interventions are framed in terms of “digital sovereignty,” with the Commission seeking to ensure that external dependencies are reduced with the aim of increasing the EU’s resilience to geopolitical instability and external shocks. Using the case study of semiconductors, the chips that power modern electronic devices, this article explores how technology policy in the EU sits at the economy–security nexus, in which economic goals and security goals are interdependent and inseparable. Focusing on the life cycle of the semiconductor supply chain from the control over natural resources through to the cybersecurity requirements placed on the finished products, this article demonstrates the increasing security logic embedded within a burgeoning industrial technology policy.

Quantum computing research and development efforts have grown dramatically over the past decades, led in part by initiatives from governments around the world. Government quantum computing investments are often driven by national security or digital sovereignty concerns, with the language used depending on the geography involved. For example, a focus on “national security” and quantum computing is prominent in the USA, while European countries regularly focus on “digital sovereignty”. These phrases are often loosely defined and open to interpretation, and they share some common motivations and characteristics (but also have important differences). This paper identifies specific governmental entities typifying the national security/digital sovereignty perspectives, along with these organisations’ respective roles within national and international policy engagement in quantum computing. It analyses governmental structures, historical developments and cultural characteristics that contributed to this national security–digital sovereignty divide. Building on this analysis, we use the history of other technologies to illustrate how we might adapt tested policy approaches to modern political dynamics and to quantum computing specifically. We frame these policy approaches so that they do not overemphasise “digital sovereignty” or “national security”, but rather address interests shared across both concepts, with a view to facilitating international collaboration.

As humanitarian organizations become more active in the digital domain and reliant upon new technologies, they evolve from simple bystanders to full-fledged stakeholders in cyberspace, able to build on the advantages of new technologies but also vulnerable to adverse cyber operations that can impact their capacity to protect and assist people affected by armed conflict or other situations of violence. The recent hack of the International Red Cross and Red Crescent Movement's Restoring Family Links network tools, potentially exposing the personal data of half a million vulnerable individuals to unauthorized access by unknown hackers, is a stark reminder that this is not just a theoretical risk but a very real one.1

The 2020 cyber operation affecting SolarWinds, a major US information technology company, demonstrated the chaos that a hack can cause by targeting digital supply chain components. What does the hack mean for the humanitarian cyberspace, and what can we learn from it? In this article, Massimo Marelli, Head of the International Committee of the Red Cross's Data Protection Office, draws out some possible lessons and considers the way forward by drawing on the notion of “digital sovereignty”.

This article explores the challenges of the extraterritorial application of the right to be forgotten and, more broadly, of EU data protection law in light of the recent case law of the ECJ. The paper explains that there are good arguments for the EU to apply its high data protection standards outside its borders, but that such an extraterritorial application faces challenges, as it may clash with duties of international comity, legal diversity, or contrasting rulings delivered by courts in other jurisdictions. As the article points out from a comparative perspective, the protection of privacy in the digital age increasingly exposes a tension between efforts by legal systems to impose their high standards of data protection outside their borders – a dynamic which could be regarded as ‘imperialist’ – and claims by other legal systems to assert their own power over data – a dynamic which one could name ‘sovereigntist’. As the article suggests, navigating between the Scylla of imperialism and the Charybdis of sovereigntism will not be an easy task. In this context, greater convergence in the data protection framework of liberal democratic systems worldwide appears as the preferable path to secure privacy in the digital age.