What the European Technological Sovereignty Package means for us Europeans
On 3 June 2026, the European Commission presented the European Technological Sovereignty Package. It is more than just another digital programme from Brussels. It sends a clear signal to public administration, critical infrastructure, industry and IT providers: Europe’s digital dependence on technology stacks outside Europe is to be systematically reduced.
The package comprises four key components: the Chips Act 2.0, the Cloud and AI Development Act, the EU Open Source Strategy and a strategic roadmap for digitalisation and AI in the energy sector. The Commission describes the package as a set of measures designed to strengthen Europe’s capabilities in semiconductors, artificial intelligence, cloud computing and open source. (Digital Strategy for Europe)
For us as Europeans, this is not an abstract debate on industrial policy. It affects procurement, architectural decisions, compliance, risk management and the question of who has control over data, systems and operational capability in the event of an emergency.
Digital sovereignty is becoming a concrete operational IT requirement
The central point of the EU initiative is clear: Europe does not want to remain structurally dependent on the technologies that keep hospitals, energy supplies, public administration, businesses and critical business processes running.
Commission President Ursula von der Leyen sums it up in the communication: “We cannot afford to depend on others for the technologies that keep our hospitals running, our energy grids stable and our services secure.” (Digital Strategy for Europe)
This shifts the focus of the debate. Digital sovereignty is no longer just a political buzzword. It is becoming a technical and organisational requirement:
- Who controls the data?
- Who operates the infrastructure?
- Who can ensure that access, updates, support and operations are traceable?
- Which legal jurisdictions apply to the systems in use?
- How quickly can an organisation migrate if a provider, a platform or a regulatory environment becomes a risk?
For every IT decision-maker, this means that sovereignty must be made measurable in architecture, tendering, operations and governance.
What does this mean for you?
A clear mandate is emerging. Anyone selecting cloud, AI, monitoring, security, DMS, IAM or compliance systems today should no longer simply compare licence costs and feature sets. Strategic controllability is becoming the decisive factor.
The Commission expressly points out that Europe remains heavily dependent on suppliers outside the EU and that demand for computing capacity is rising sharply due to AI. However, the package is intended to reduce structural dependencies and ensure that Europe can develop, deploy and secure the technologies on which we, as Europeans, rely. (Digital Strategy for Europe)
In practical terms, this means the following for IT customers:
This raises a simple question that we must ask ourselves:
Which systems must we operate in such a way that we remain capable of acting even under regulatory, geopolitical or economic pressure?
What does this mean for European IT manufacturers?
For us, as a European IT manufacturer, this package represents a major opportunity, but no guarantee. The EU is sending a clear market signal: European solutions should become more visible, scalable and accessible in strategic technology sectors.
The Commission describes its strategy as a comprehensive approach spanning the entire value chain — from chips and infrastructure to software, the cloud and AI. (Digital Strategy for Europe) For manufacturers, this means that sovereignty is not assessed solely at the hardware or data centre level. Software products, operating models, supply chains, support structures and open-source components also form part of the strategic assessment.
For us as a manufacturer, this means, in concrete terms:
- We must make sovereignty demonstrable. Origin, development location, supply chain, operating model, support capability, security processes, auditability and data control become selling points.
- We must remain integrable. European customers will not accept isolated solutions. Sovereign IT must fit into existing landscapes, handle interfaces seamlessly and offer migration paths.
- We must enable professional operation. Open source, European development and local control build trust. But customers also need updates, SLAs, documentation, support, training and clear lines of responsibility.
- We must maintain a balance between independence and openness. Europe’s goal is not digital isolation, but greater strategic autonomy, more choice and less structural dependency.
This does not make competition any easier, but it does make it more focused – for our benefit as Europeans. European manufacturers must do more than simply be ‘European’. They must prove that their products are technically robust, secure, scalable, maintainable and economically viable.
Why this is relevant for Austria and Germany
Austrian and German companies are at the heart of this development. Many operate critical systems, process sensitive data or form part of European supply chains. At the same time, as EU members, both countries are fully integrated into the emerging regulatory and procurement policy framework.
For Austrian and German IT customers, therefore, it is not just about compliance. It is about resilience. Anyone modernising their infrastructure, security, monitoring, AI, document management, identity management or communications systems today should actively explore European alternatives.
Not out of protectionism. But for the sake of risk management.
The better question is not: “Do we have to source everything from Europe?” The better question is: “Where would dependency be business-critical for us?”
How COMPRISE is positioned
As an Austrian company, COMPRISE is clearly positioned in this landscape: COMPRISE offers European IT products for secure, sovereign IT and trustworthy AI. The focus is on security, compliance and the controlled use of AI. Since 2019, our solutions have been designed for both cloud and on-premises scenarios and are geared towards giving customers control over their data, systems and processes.
This is precisely the direction in which the European market is, fortunately, now also moving.
Two specific examples from the COMPRISE portfolio
Digital sovereignty remains an abstract concept until it is manifested in specific systems. Within the COMPRISE portfolio, two solutions illustrate particularly well how European technology policy can be translated into practical IT decisions: ArchiveKeeper and LOMOC.
ArchiveKeeper: Austrian software development for controlled document archiving
ArchiveKeeper is an audit-proof document management and archiving system from RISE. The solution centralises documents and supports automatic versioning, encryption, role-based permissions and digital signatures. COMPRISE describes ArchiveKeeper as an audit-proof DMS from RISE; the solution has been audited in accordance with IDW PS 880 and, when used correctly, meets the requirements for proper electronic archiving procedures.
This makes ArchiveKeeper a good example of what technological sovereignty means at the application level. It is not just about data centres or cloud infrastructure. It is also about those core systems in which business-critical information is stored, searched, retrieved and deleted over the long term.
The EU describes tech sovereignty as Europe’s ability to develop and control key technologies, data and infrastructure, whilst reducing dependence on non-EU providers. (Digital Strategy for Europe) This is precisely where ArchiveKeeper comes in: Companies retain control over their documents, their archiving processes, their access control models and their compliance records.
This is relevant for European IT customers because archiving systems often have particularly long lifecycles. Anyone selecting a DMS or archiving system today is not only deciding on a software function, but also on data sovereignty, traceability, regulatory certainty and future migrability.
A purely Austrian software development project such as ArchiveKeeper therefore aligns directly with the thrust of the EU package: to build up critical digital capabilities in Europe, make them available and integrate them into productive business processes.
LOMOC: OpenSearch-based log analysis as a practical example of open-source sovereignty
LOMOC is RISE’s log monitoring solution. The solution supports the analysis and visualisation of system, application and security logs. COMPRISE positions LOMOC as an enterprise log analysis tool for centralised log management, flexible collection and indexing, and high-performance operation with clustering and load balancing. At the same time, COMPRISE highlights compliance requirements such as ISO 27001, PCI DSS, HIPAA and NIS2, for which efficient log management is becoming increasingly relevant.
Particularly relevant in the context of the EU package is the technological foundation: LOMOC is based on OpenSearch. COMPRISE is listed as a solution provider within the OpenSearch ecosystem, and the Austrian manufacturer RISE hosts the Vienna User Group of the OpenSearch Project.
This makes LOMOC a concrete example of the EU’s open-source strategy. The EU describes the Open Source Strategy as a cornerstone of the Tech Sovereignty Package. It is intended to support open-source ecosystems in Europe and to promote the development and use of European alternatives. (Digital Strategy for Europe)
The EU sets out the benefits of open source in very concrete terms: open source enables “more control, less lock-in, stronger security, and reusable building blocks”. (Digital Strategy for Europe) It is precisely this logic that applies to LOMOC. Log management is a critical foundational component for security monitoring, incident response, audit evidence, NIS2 compliance and operational stability. Any organisation that is entirely dependent on proprietary platforms that are difficult to migrate from is creating a strategic risk.
LOMOC highlights a point that is particularly important to us: open source alone does not constitute a complete enterprise solution. What is crucial is the combination of an open technological foundation, professional operation, scalability, support, security concepts and integration capabilities. COMPRISE positions its services precisely at this interface: turnkey deployment, integration, migration, support, troubleshooting, updates, best practices and training. (COMPRISE)
LOMOC thus embodies precisely the approach that the EU aims to strengthen with its open-source strategy: European providers utilise open technologies, operationalise them for critical business and public sector environments, and thereby create greater control, transparency and independence.
What ArchiveKeeper and LOMOC demonstrate together
ArchiveKeeper and LOMOC demonstrate that digital sovereignty does not arise solely at the level of major EU programmes. It arises from specific product decisions.
With ArchiveKeeper, we address the sovereign management and audit-proof archiving of business-critical documents through an Austrian software solution from RISE.
With LOMOC, we demonstrate how open-source technology such as OpenSearch can be transformed into a professional, European-managed enterprise solution for log analysis, compliance and security monitoring.
Both examples align with the central logic of the European Technological Sovereignty Package: Europe aims to strengthen technological sovereignty across the entire value chain. This is precisely where COMPRISE is positioned: not as an abstract commentator on European digital policy, but as a provider of concrete European solutions that enable customers to implement sovereignty, compliance and technical control in practice.
The crucial point: sovereignty must become a practical reality
The EU package shows the way forward. Europe wants greater control over key technologies, greater in-house capacity, more resilient supply chains and more trustworthy AI. For customers, this means that IT strategies must be more strongly focused on control, portability, auditability and the ability to act within a European framework.
For manufacturers, it means that European origin alone is not enough. What is required are robust products, transparent operating models, seamless integration, professional support and genuine scalability.
For us, it means that our own positioning aligns perfectly with the new market requirements. As an Austrian company offering European IT products for security, compliance, the controlled use of AI, open source and sovereign operating models, we are situated precisely at the interface where political objectives must be translated into practical IT implementation.
Digital sovereignty is not achieved through strategy papers. It arises from concrete architectural decisions, reliable products and partners who are experts in implementation.
Conclusion
The European Technological Sovereignty Package marks a turning point. It makes it clear that Europe regards digital infrastructure as a strategic asset. For European IT customers, the pressure is mounting to understand dependencies and explore sovereign alternatives. For European IT manufacturers, a market is emerging that demands greater transparency, traceability and technical maturity.
We are well positioned in this regard: European, practical, control-oriented and with a portfolio that addresses security, compliance, monitoring, AI, open source and core business processes.
ArchiveKeeper and LOMOC exemplify how this positioning plays out in practice: on the one hand, through Austrian software development for audit-proof document archiving; on the other, through an OpenSearch-based solution for log analysis and compliance.
Anyone who wants to not only discuss digital sovereignty but also put it into practice should review their IT landscape now: where are the critical dependencies? Where are European alternatives needed? And which systems need to be designed in such a way that control, security and operational capability remain guaranteed in the future?