When Europe Deprives Itself of Its Own Cybersecurity Strengths

Europe holds robust solutions, yet its industry moves against the current. Between high regulatory demands, lack of public support, and American dominance, European players struggle to convert their innovations into commercial success. And yet they carry a technological vision aligned with the values of sovereignty, transparency, and responsibility.
By Arnaud Coustillière and Clément Saad

One is president of a strategic cluster dedicated to cybersecurity and founder of the French Armed Forces' cyber defense unit. The other is the head of a French cybersecurity company, on the front line of market realities, both in Europe and internationally. Both share the same observation: European cybersecurity companies innovate, protect, train, create jobs, and actively contribute to global digital resilience and national wealth. But they are advancing against the tide.

While European companies adhere to stricter standards than their non-sovereign competitors, especially American ones, as a reflection of our values, they still receive too little support in their own territory. There are numerous innovation aid schemes, but an entrepreneur’s primary challenge is winning contracts, growing their business, and increasing revenue.

“We have reached a point where, if we do not act, we will have to compromise our wellbeing, our environment or our freedom,” warns Mario Draghi in his presentation of the report on the future of European competitiveness.

This is the reality economic policymakers must face: the current dynamics of the cybersecurity market weaken our collective capacity to build solid digital sovereignty. And that sovereignty requires security under control, not entrusted to actors whose behavior becomes increasingly unpredictable, as seen in the global landscape since 2014, and even more so recently.
Such control is the foundation of the resilience of our infrastructures, the protection of our data, and the defense of our strategic interests, at a time when geopolitical tensions make these stakes more critical than ever.

European strategic autonomy in defense also requires an autonomous and resilient cyberdefense.

A Two-Speed Race

Our cybersecurity actors have ambition and talent, but they must innovate under constraints others do not face: regulatory compliance (GDPR, NIS 2…), transparency obligations, CSR requirements… They advance with rigor and responsibility, requiring extra effort just to stay competitive.

These regulations bring positive advances, but in the meantime, American giants move at full speed, supported by a more permissive context, a protected domestic market, deep capital, and massive marketing, influence and commercial power. They seize a large share of the European market while benefiting from tax advantages in several Member States and overwhelming influence.

A Public Procurement Too Timid

As many parliamentarians point out: no technological champion is built without public procurement support and adapted regulation. Yet today, public contracts include very few sovereignty criteria in their tenders.

Why not apply to digital sovereignty what we already do for environmental or social criteria? Award extra points to European solutions, require data hosting governed exclusively by European rules, or genuine GDPR compliance, these are possible without sacrificing performance or competitiveness.

Responsible innovation, a European choice

Protecting privacy, ethical AI, resilient supply chains, and environmental responsibility are not obstacles to innovation, they are its foundations for the long term.

European companies have committed fully to this. They are building a high-standard technological model aligned with European values and societal expectations. This choice deserves recognition, support, and promotion.

Europe has the solutions, but they need to be chosen

It is often heard that American solutions are more advanced. That is incorrect. They are often better financed, better presented, better rated by predominantly American rating agencies, perpetuating the perception of technological superiority without proving it.

Yet even at the executive level in large companies, this narrative persists. A leader of a CAC 40 group recently suggested Europe is not up to the challenge in cybersecurity. Such rhetoric, too often repeated, fosters an unjustified distrust of our own solutions, when they abide by higher standards of responsibility.

The reality is that American solutions benefit from a mature ecosystem: many result from acquisitions of innovative startups, quickly integrated, marketed, and endorsed. In Europe, this capacity for consolidation is lacking because our firms remain too small.

Hence the need for some to reach a critical scale, and to do so, they must rely on their revenues, provided we place trust in them ! In the short term, our systems integrators play a key role: they create relevant packaged offers they can deploy and maintain with efficiency.

Europe has an innovative, high-level cyber ecosystem, powerful tools, and a recognized talent pool. What’s missing? Trust, contracts, mobilization commensurate with the challenges! Too often still, our large corporations and public administrations choose American solutions, enriching them instead of supporting the growth of the European ecosystem. That reflex weakens our industrial fabric, slows the emergence of European giants, and jeopardizes our digital sovereignty.

Our Appeal

We are not asking for shortcuts. We demand balanced rules. And that European companies which simultaneously uphold technological excellence, regulatory compliance, and sovereignty, can count on real support from large public and private procurers.

Digital sovereignty embodies respect for European values in an uncertain world where the rule of the strongest seems to override all the lessons from last century’s bloody conflicts. It goes beyond mere economic logic: it is a matter of shared destiny for European nations, and this is precisely where the word sovereignty takes on full meaning.

This covers several dimensions: an exclusively European legal framework, particularly with regard to data and artificial intelligence; a clear anchorage with headquarters and management based in Europe; transparency regarding the origin of the technologies used; and finally, a demanding ethical framework, supported by concrete societal commitments, particularly in terms of CSR and inclusion.

We call on:

• The European Union to establish a “EU Certified” label and certification.
• European public buyers to include digital sovereignty as a selection criterion.
• Decision-makers in major European companies to take their share of responsibility by selecting sovereign solutions and actively supporting their growth.
• European integrators and consulting firms to systematically propose a European alternative when one exists.
• And finally, European policymakers to accelerate the implementation of the Cyber Resilience Act, to make compliance a competitive strength rather than a handicap.

Europe has robust, effective, committed solutions. It is time to give them the playing field they deserve.