NCC Group reaction: European Technological Sovereignty Package

NCC Group welcomes the European Commission’s focus on strengthening resilience, capability and trust across Europe’s digital ecosystem through the proposed Technological Sovereignty Package - a set of measures to strengthen Europe’s capacity in semiconductors, artificial intelligence, cloud and open source. The package includes a new Chips Act 2.0, a Cloud and AI Development Act, an EU Open Source Strategy, and a Strategic Roadmap for Digitalisation and AI in Energy.

Mike Maddison, CEO at NCC Group, said: “Europe’s push for technological sovereignty is both necessary and timely, but it will only improve security if it remains risk-based, proportionate and open to trusted partners. The real test isn’t where a provider is based, but whether organisations retain control, continuity and assurance over the systems they rely on. Done right, this agenda can strengthen resilience; done poorly, it risks creating new barriers that limit access to the trusted expertise Europe depends on.” 

As the proposals are debated, NCC Group encourages policymakers to ensure that commitments to openness are clearly translated into practice, keep sovereignty requirements proportionate and risk-based, and avoid regulatory fragmentation that could undermine cross-border collaboration. The Package’s emphasis on resilience, interoperability, supply chain security and reduced lock-in reflects the practical challenges organisations face in managing modern digital risk. However, there is a risk that sovereignty measures, particularly in cloud and AI, could evolve into overly restrictive requirements that limit competition, slow innovation and reduce access to trusted expertise.

A balanced approach that prioritises real control, operational resilience and trusted capability will be critical to ensuring Europe’s sovereignty agenda strengthens rather than constrains long-term cyber security outcomes.