INCYBER Forum 2026 Digital dependencies: Europe at a crossroads

Some fifteen months after Donald Trump returned to power, the issue is on everyone’s lips. In the current geopolitical context, will Europe accept remaining a “digital colony”, or will it emancipate itself in order finally to reduce its technological dependencies? For more than four hours, the opening summit of the 2026 edition of Forum INCYBER attempted to answer this question (see the video replay).

In the opening remarks, General Marc Watin-Augouard urged Europe to leave behind its passive attitude and become more united, cohesive and sovereign. “Sovereignty does not impose itself; it is built through daily decisions.” The founder of the “FIC” recalled that Silicon Valley would not have come into being without American public procurement. “We have a choice: let the market dictate our decisions or build our sovereignty.”

This regained sovereignty can start from the territories. Xavier Bertrand, President of the Hauts-de-France region, claims the building of a regional cybersecurity ecosystem — with more than 7,000 jobs — and welcomes the fact that Lille has been chosen to host the headquarters of the future European Union Customs Authority (EUCA). In the field of AI, the region will soon host “the first world-class data centers”, with a capacity of one gigawatt.

“Europeans are too slow, too weak and too fragmented”

At the European level this time, Henna Virkkunen, Executive Vice-President of the European Commission, states that sovereignty has become an absolute priority on the political agenda. Following the revision, in January, of the European cyber regulation, the Cybersecurity Act 2, Brussels is working on the proposal for the EU “Sovereignty Control” package, which will be presented in May. The European response will be structured around the future Chips Act 2.0 for semiconductors, the Cloud and AI Development Act (CAIDA) to promote sovereign cloud services, and a strategy dedicated to open source.

For Henna Virkkunen, “the European technological sovereignty project must take into account each of the underlying technologies, from chips to connectivity, including cloud, data processing, AI, computing power and quantum technologies.” This agenda also involves concrete instruments for citizens with the European digital identity wallet and, for businesses, the new legal status EU Inc dedicated to start-ups.

A speech that clearly did not convince Bruno Le Maire. The former French Minister of the Economy, now special adviser to ASML, cooled the audience at the Grand Palais in Lille. “No, Europe is not a power. It does not want to be one, and is not yet giving itself the means to be one. It would have everything it takes, with a large market of 450 million consumers, very fine industries, cutting-edge technologies, but all of that is totally scattered, without strategy and without vision.”

Faced with the great superpowers that are China and the United States, “we are too slow, too weak and too fragmented.” According to Bruno Le Maire, “we have a few months left, at best a few years, to try to catch up.” He identifies three pillars for regaining our sovereignty: decarbonized and inexpensive energy, semiconductors — “the oil of the 21st century” — and control over data and software.

On chips, he calls for a wake-up call: Europe depends almost entirely on Asia and the United States, and even ASML, Europe’s champion, generates the bulk of its turnover outside the continent for lack of local customers for its cutting-edge technologies. To change scale, Bruno Le Maire advocates a six-country Europe to move faster and quickly deliver concrete results. He also calls for the union of capital markets in order to unlock the €35 trillion in savings to finance European companies.

Bruno Le Maire also believes that we should acknowledge our break with the United States and show our determination to be independent. “As long as you have not made that political act, all the rest is just literature.” For him, the treatment reserved for the judges of the International Criminal Court (ICC) should open our eyes. Placed under sanctions by the Trump administration for having issued an arrest warrant against the Israeli prime minister, they have been deprived of any means of payment, all of which are American, whether American Express, Visa or Mastercard.

The Ministries of the Interior and Defence in battle order

Beyond the broad European orientations, digital sovereignty is also reflected in national public policies. Major General Patrick Touak, head of the cyber command of the Ministry of the Interior, recalls his administration’s long-standing strategy. “For more than 20 years now, the national gendarmerie has abandoned Microsoft solutions in favor of open-source software. Law enforcement uses the NEO mobile terminal, whose operating system is fully sovereign.”

In 2025, the ministry issued a new ministerial strategy to combat cybercrime. It also simplified its organization. The Sub-directorate for Combating Cybercrime (SDLC) and the Central Office for Combating Crime Related to Information and Communication Technologies (OCLCTIC) merged to create the Anti-Cybercrime Office (OFAC), to which the platforms for reporting illegal content or online scams, Pharos and Thésée, are attached.

The same simplification shock took place within the Ministry of Defence. The Defence Digital Commissariat (CND) replaces the General Directorate for Digital and Information and Communication Systems (DGNUM), the Joint Directorate for Infrastructure Networks and Information Systems (DIRISI) and the Ministerial Agency for Defence Artificial Intelligence (AMIAD). At its head, General Erwan Rolland prefers to speak of dependency rather than sovereignty, a “hackneyed word”, referring to “freedom of action”, one of the great principles of war set out by Marshal Foch.

“There are areas, such as management of the electromagnetic spectrum, where sovereignty cannot be shared,” he believes. On the public procurement side, the CND is the exclusive buyer for the Ministry of Defence, with a budget exceeding one billion euros. A Defence and Digital College has been created to present its professions and needs to the industrial and academic ecosystem. A seminar will be organized for this purpose on 20 and 21 May at Fort du Kremlin Bicêtre.

An ecosystem of 1,300 European cyber gems

The industrial cyber ecosystem is already well established. In the 2006 edition of its European Cybersecurity Mapping, the European Champions Alliance (ECA) identified 1,302 cyber startups and scale-ups, one quarter of which are French. For Guillaume Tissier, Managing Director of Forum INCYBER, the supply exists. “Players are present in all market segments. On the other hand, they struggle to scale up because of the lack of integration of European markets.” A company will buy a solution from its own country or from the United States, but not from a supplier based in a neighboring Member State. Forum INCYBER aims to promote this pan-European vision, but also to build bridges beyond the Old Continent, with its editions in Canada and Japan.

For Jean-Noël de Galzain, President of Hexatrust, an association bringing together “French and European champions of cybersecurity and trusted cloud,” ecosystem players must collaborate to create complete value chains and co-build solutions guaranteeing their reversibility and interoperability. The question of financing also arises, allowing our startups to grow without selling themselves to American investors. “It is essential to be able to invest 300 or 500 million euros in these companies in order to create the future Thales or Orange.”

Founder and principal analyst at KuppingerCole Research, Martin Kuppinger advises cyber players to adopt a pragmatic approach, responding as accurately as possible to companies’ needs, without trying to multiply features at all costs. “Many of us use Microsoft 365. But what percentage of the features do you really use? 2%? 5%? Probably not more.”

Head of digital economy at the Dutch Ministry of Economic Affairs, Leah Postma believes, for her part, that EU framework programmes, such as Horizon, are, because of their complexity, unsuited to the needs of innovative SMEs. She advocates better integrated public-private financing structures, but also the creation of coalitions of countries sharing the same values, such as France and the Netherlands. The objective: to move faster on key technologies such as AI, cybersecurity or post-quantum cryptography.

“No real sovereignty without technological sovereignty”

For private players, digital sovereignty does not necessarily mean frontal opposition to American giants, but control over dependencies. Preaching for his own parish, Philippe Vallée, Deputy CEO for Cybersecurity & Digital Identity at Thales, highlights the trusted cloud of S3NS. It combines the innovative strength of a global giant, Google, with operational and legal control ensured by Thales and the highest data protection mechanisms, guaranteed by the SecNumCloud qualification issued by ANSSI. In other words, “the best of both worlds.”

Andy Yen, CEO of Proton, the Swiss editor that offers a secure and “ethical” alternative to GAFAM services, denounces a “false sovereignty” that is all the more dangerous because it maintains a reassuring perception of security where dependency remains intact. He cites the example of SAP’s “sovereign cloud”, which in reality, he says, operates using Microsoft Azure and OpenAI technologies.

“According to a low estimate, American hyperscalers capture 70% of the European cloud market,” Andy Yen continues. “Such a level of domination is extremely rare. Imagine the opposite situation. Americans wake up one day and discover that 70% of their administration operates thanks to European technology. What would they do?”

Beyond exposure to American extraterritorial laws, the issue is our dependency on software and services entirely controlled from the United States. “If Trump wants to seize Greenland, he does not need to use force. He just has to say: ‘Tomorrow, Google, Apple, Microsoft and Amazon will cease their activities in your country if you do not cede this territory to me.’ That is clearly the next step. In other words, there is no real sovereignty without technological sovereignty.”

“Europe has no dream, carries no common destiny”

Andy Yen also points to a mindset problem. “In Europe, we have always considered technology as a cost. And if it is a cost, the logical reflex is to choose the cheapest option, which, very often, turns out to be American, or even Chinese.” According to him, we must show patriotism and support European companies because they are European.

Europe’s cloud leader, OVHcloud, nevertheless remains a second-tier player compared to American hyperscalers. “We generate €1.2 billion in revenue while my main competitor has passed the $100 billion mark,” its CEO Octave Klaba notes. “Even if we reinvest all our profits, that is €350 million a year, in the company’s development, there remains a difference in scale.”

For Octave Klaba, Europe carries no vision, no common destiny. “If you ask politicians what their dream for Europe is, they talk about the dream for their country. Europe is just an economic space.” The executive also points to European structural handicaps such as the absence of a large integrated B2C market or the absence of direction of public cloud spending toward European suppliers.

For his part, Kevin Polizzi, President of Unitel Group, mentions a difficulty in selling oneself. “An American startup that raises 10 million dollars generally devotes 80% of that amount to business development and marketing and 20% to R&D. In France, the proportion would rather be the opposite.”

The key issue of financing

And what do financiers think? Thierry Derez, Chairman of the Board of Directors of the Covéa group, believes that Europe’s risk aversion is hampering its financing capacities. “In the United States, savings are hardly intermediated at all: everyone owns a stock portfolio. In Europe, savings are highly intermediated, with extremely prudent and precautionary investment rules.” Moreover, Solvency II limits insurers’ room for maneuver. The European regulation requires them to hold €43 in capital for every €100 invested in innovation, whereas government bonds — including those of countries in default such as Greece — require zero euros.

Olivier Gavalda, Chief Executive Officer of Crédit Agricole SA, for his part highlights the driving role his bank plays in the digital economy. It invests “several hundred million euros each year” in the field of cybersecurity. Crédit Agricole has entered into partnerships with Pasqal in quantum and Mistral AI in AI. The banking group also supports a startup ecosystem through its 47 “villages by CA” in Europe.

The plenary session then addressed the age-old debate around regulation — a true European expertise — which is said to hinder innovation. For Marie-Laure Denis, “this debate often serves as a screen to hide the real issues.” The President of the CNIL notes that the GDPR encourages a risk-based approach, distinguishing health data from contact files used to send newsletters.

Orange CTO and former Director General of ANSSI, Guillaume Poupard, recalls that the French approach, which consisted in making critical operators aware of their exposure to cyber risks, prepared the ground for the European NIS directive. He also welcomes the establishment of Campus Cyber and the CSIRT network, which show the ability to bring together resources from the public sector, the private sector and the research world.

When geopolitics enters the cyber field

Lastly, the opening summit of Forum INCYBER 2026 recalled the importance of international exchanges to strengthen our resilience. Colonel Mietta Groeneveld, Director of NATO’s Command & Control Centre of Excellence (C2COE), underlines that cyberspace now systematically enters the theater of war, as can be seen in Ukraine and more recently in Iran. This asymmetric warfare requires imagining the unthinkable, and a possible new 9/11.

Interpol’s Director of Cybercrime, Neal Jetton, explained how essential international cooperation is in the face of a threat that is ever more complex and protean, with AI introducing new risks. The Gateway programme, which brings together private partners and state actors, has made it possible to conduct worldwide operations such as Synergia. A group of experts called CyberEX brings together representatives of law enforcement, legal professionals and private-sector specialists. At the European level, Interpol has intensified its collaboration with Europol’s European Cybercrime Centre (EC3).

In Canada, cybersecurity is both decentralized at the federal level, each ministry being responsible for its own sector such as energy or transport, and centralized operationally within the Canadian Centre for Cyber Security (CCC). Its Director General, Daniel Couillard, believes that “international cooperation is the cornerstone of the Canadian approach to cyber defence.” The country is part of NATO, the Five Eyes alliance, and has recently strengthened its field cooperation with Japan in order to emancipate itself from the United States.

Japan, precisely, adopted last year a so-called active cyber defence law. A doctrinal shift that allows the Police and the “Self-Defense Forces” to mitigate or even neutralize threats. Shigeru Kitamura, who served as Secretary General at Japan’s National Security Secretariat until 2021 and has since founded an economic security consulting firm, recalls the trauma caused by the cyberattack against Asahi Breweries. At the end of September, the country’s largest brewer had to stop beer production in most of its 30 plants following a cyberattack. A real national tragedy.