Europe’s strategic autonomy in artificial intelligence, advanced manufacturing, health resilience, mobility systems, energy management and public services cannot be built on compute, cloud capacity and regulation alone. It depends on access to reliable, interoperable, legally usable and commercially trusted data. The central problem is that European data are abundant but fragmented across firms, public authorities, hospitals, infrastructure operators, industrial supply chains and national systems. Data sovereignty therefore cannot be reduced to data localisation. It is the capacity to govern access, define lawful use, protect rights and trade secrets, reduce platform lock-in, preserve cybersecurity and turn European data into an operational input for AI, digital twins, automation, critical-infrastructure management and public decision-making.

The report is structured in four parts. The first defines data sovereignty as a legal, industrial and infrastructural capability rather than a territorial slogan. The second reconstructs the EU legal framework, including the European Data Strategy, the Data Governance Act, the Data Act, the GDPR, the free flow of non-personal data regime, the Open Data Directive, high-value datasets, the European Health Data Space, the Interoperable Europe Act, the AI Act, NIS2 and the Cyber Resilience Act. The third examines the main sectoral data spaces in manufacturing, health, mobility, energy and public services, with attention to trusted intermediaries, interoperability and secure processing environments. The fourth translates the framework into a Defence Finance Monitor assessment of industrial value, investment relevance, AI competitiveness, critical-infrastructure resilience and Europe’s remaining vulnerabilities.

Subscribe to DFM