From dystopian warnings to digital reality, Europe pursues digital autonomy against surveillance capitalism, while Poland builds security-first tech independence – seeking control not just of data, but of its technological future
By Sean Reynaud
English literature is filled with dystopian visions of authoritarian governments. From Brave New World, to 1984, to It Can’t Happen Here and Fahrenheit 451. Writers of the genre have insisted that governments are one step away from stripping citizens of their rights. What these writers could not have imagined, in a world before the internet, was the way in which private industry has weaponized a public utility for its own financial gain. They could not have imagined gutting privacy to feed what Shoshana Zuboff describes as “surveillance capitalism,” that is, an industry driven by data collection.
According to British mathematician Clive Humby, “Data is the new oil.” If that is the case, then privacy is a threat to supply. When Edward Snowden disclosed U.S. surveillance in 2013, it became quite evident that privacy was under threat. And for an entity such as a state, digital autonomy was also a target not only of foreign powers but also of corporations. Snowden, a former contractor for the National Security Agency, exposed how public utilities were being used by the U.S. government to collect data on citizens, as well as “terrorists,” as surveillance powers expanded under the USA Patriot Act of 2001.
Europe, responding to a long list of privacy grievances and mounting concerns triggered by the Edward Snowden disclosures, adopted the General Data Protection Regulation (GDPR) in 2016, which came into force in 2018.
France and Germany debated “cloud independence” as it became evident that their governments were being surveilled from abroad. Calls for “digital sovereignty” echoed across the EU and became a politically charged buzzword as users ditched any tech platform with U.S. origins.
Between 2017 and 2020, Europe was in a tizzy. Germany and France outlined an EU initiative, GAIA-X, to establish a federated, secure, and transparent data infrastructure for the continent, with the aim of promoting digital autonomy and enabling interoperable cloud and data services.
The situation was worrying: US Big Tech’s dominance, coupled with the industry’s insatiable need to feed surveillance capitalism, and the dubious security protocols and backdoors in Huawei’s cheap 5G routers, were a recipe for Europe’s digital enslavement by foreign interests.
By 2020, the COVID-19 pandemic made it clear that exposed supply chains were too fragile, including access to chips, cloud solutions, software and hardware. Digital autonomy became, at this point, not just a digital policy but an industrial policy. The pandemic exposed the dependency of an entire continent.
Also in 2020, the European Commission issued the EU Digital Strategy to make the EU digitally sovereign, empowering citizens and businesses through secure technologies that respect “European Values.” In 2022, the Digital Markets Act outlined regulations to ensure fair competition and limit monopolistic behavior in digital markets. Also in 2022, the Digital Services Act established comprehensive rules for digital platforms, online intermediaries and search engines. The European Chips Act (2022) was designed to strengthen Europe’s semiconductor ecosystem, reduce dependence on foreign chip supply, and support industrial and digital policy goals to 2030.
By the end of 2024, the EU had shifted from reactive regulation to proactive capability-building to ensure strategic autonomy, technological sovereignty, and digital independence from foreign influence, especially from American Big Tech.
Poland’s position on digital autonomy was less like that of the French and Germans, who made moves driven by ideological imperatives, and more focused on security. Poland’s government was late to the digitalization game in 2011, and needed to first establish its digital footprint for government services.
Poland’s focus was on e-government and digital services between 2011 and 2018. The Program Zintegrowanej Informatyzacji Państwa (PZIP) was Poland’s national strategy for a coordinated digital transformation across the public administration. Public services like ePUAP and the Trusted Profile (Profil Zaufany) required the acquisition of public tech tools, especially those from foreign tech companies like Oracle and Microsoft. Digital autonomy was not an issue at this point.
From 2018 to 2021, the National Cybersecurity System Act and the creation of national CSIRTs (incident response teams) made cybersecurity a national priority in Poland. Huawei was an issue as Poland aligned with the US on concerns about the Chinese vendor, forcing an implicit shift towards a “trusted supplier” doctrine.
GovTech Polska, an initiative of the Chancellery of the Prime Minister, was launched to bring new technologies into the public administration and to connect government institutions with startups, SMEs, researchers, and civic innovators. This was the first real phase of digital autonomy focused on security and vendor trust.
The Cybersecurity Law of 2018, the moves to create a national cloud computing service, and the shift from the cheapest vendor to making geopolitical risk assessments on vendors meant that Poland was moving beyond the analog, but not towards full digital autonomy. While Europe started with the GDPR and moved toward industrial sovereignty, Poland had to begin with digitization, then cybersecurity, and now exists in an area of partial digital autonomy.
Without domestic software and hardware solutions, Poland has chosen to use U.S. cloud solutions (Microsoft, Google), while maintaining the right to keep data local, maintain legal control, and reduce high-risk dependencies (such as with China).
In March of this year, Poland’s work with the European Investment Fund, aligned with the EU, has embedded Poland in the European capital system. This alignment is with Europe, not extra-continental powers.
The creation of Future Tech Poland (FTP), in conjunction with BGK and the European Investment Fund (EIF), has established a joint investment vehicle under the Innovate Poland program, with an initial allotment of PLN 365 million (€85 mln) across three VC funds. The long-term plan is to increase the total amount to PLN 1.5 billion, potentially mobilizing PLN 5 billion to fund 150-200 tech companies. FTP invests in Polish venture capital funds rather than in companies. Cogito Capital (growth-stage companies), Expeditions VC (security, defense and AI) and Balnord (early-stage, frontier and dual-use tech) will benefit from FTP, according to BGK.
This initiative will operate over approximately 19 years in order to close the “capital gap” in Poland’s VC ecosystem. By strengthening Polish VC funds, Poland hopes to attract private capital and increase competitiveness in the Polish tech sector, while also creating a dual-use technology hub that contributes to European security.
It is hoped that this state-backed industrial policy for technology will build digital autonomy through capability rather than isolation. By building its own tech ecosystem, Poland will have alternatives to foreign tech, while gaining bargaining power and strategic autonomy. This, in turn, will build economic autonomy, not just regulatory control.
Poland ranks among the top ten most likely to experience a cybersecurity incident. To build up its security framework, Poland needs to focus on defense, cybersecurity, AI, and space. These technologies determine geopolitical security and reduce dependency in critical sectors while ensuring control over strategic capabilities. FTP creates domestic funding capacity to ensure ownership of intellectual property and decision-making power close to Poland and the EU. The only way to guarantee digital autonomy is not just by controlling data or banning companies, but by owning the future of technological development.
