Hamid Chriet is a French-British expert in cybersecurity and digital geostrategy. His work focuses on the security of critical infrastructure, the governance of cyberspace, and European policies for technological resilience. This text aims to offer a clear-eyed and assertive look at Europe’s position in the global digital war—between technological dependency and the quest for sovereignty.
Modern warfare no longer unfolds solely on traditional battlefields but within networks, infrastructures, and data. Cyberspace has become a battlefield where state powers, criminal organizations, and private actors clash—each pursuing economic, political, or ideological objectives. In this global confrontation, Europe appears disarmed. It has neither a clear doctrine nor a unified strategy, nor a true will to assert power. While the world’s major cyber nations are asserting themselves, the Old Continent remains too often confined to a defensive, regulatory, and at times naïve posture.
The facts are undeniable. Cyberattacks targeting European institutions, hospitals, businesses, and local authorities are multiplying. Behind every intrusion lie power dynamics: industrial espionage, political influence, and economic sabotage. The 2021 attack on the Norwegian Parliament, massive breaches in French and German networks, and destabilization campaigns waged through social media all attest to a new digital order in which the line between warfare, crime, and intelligence is increasingly blurred. What is at stake is control over information—the ability to protect strategic data and, above all, to act swiftly against threats.
Yet in the face of this evolution, Europe remains fragmented. Each member state defends its own approach, priorities, and legal framework. The European institutions have made progress—the ENISA, the NIS2 Directive, the Cyber Solidarity Act, and the creation of a European Cybersecurity Competence Centre are steps in the right direction. But these initiatives still lack political drive. They reflect a reflex of compliance rather than a strategy of power. The Union regulates, it standardizes—but it struggles to act. Meanwhile, others move forward.
The United States long ago made cybersecurity a pillar of its military doctrine. The U.S. Cyber Command coordinates both defensive and offensive operations, ensuring smooth cooperation among the armed forces, intelligence agencies, and major technology firms. In China, cybersecurity is an instrument of state policy: Beijing has built a centralized model where the digital economy, surveillance, and information warfare converge. Russia, for its part, has made hybrid warfare a deliberate strategy, combining cyberattacks, propaganda, and manipulation of perceptions. In this landscape, Europe stands out as an open, vulnerable space—where the rules are clear but no one enforces them.
Europe’s first weakness is cultural. It continues to view cybersecurity as a technical issue, when it is in fact a strategic question of sovereignty and power. As long as cybersecurity remains confined to IT departments or compliance committees, it will never become a full-fledged political pillar. The second weakness is institutional: the European Union has no integrated cyber command, no common doctrine, and minimal rapid response capability. Each crisis becomes an exercise in improvisation. The third weakness is technological: massive dependence on American cloud providers, a scarcity of sovereign solutions, and a chronic shortage of skilled professionals.
Escaping this deadlock requires a strategic awakening. Europe must recognize that cybersecurity is not only a matter of defense but also of power, influence, and deterrence. It must build the foundations of digital strategic autonomy, comparable to its ambitions in the energy and industrial sectors. This begins with the creation of a European Cyber Command capable of coordinating national forces, ensuring collective defense, and, when necessary, conducting retaliatory operations. Such a structure should remain connected to NATO while maintaining its own decision-making autonomy.
Next, Europe must develop a common cybersecurity doctrine shared among member states. Today, an attack on a French or German infrastructure is still perceived as a national problem, when in reality it targets the stability of the entire continent. The pooling of intelligence, technical capabilities, and response plans must become a political priority—not a bureaucratic objective.
At the same time, Europe must invest massively in sovereign technologies—encryption, secure cloud solutions, detection tools, and AI applied to security. Technological dependency is not merely an economic risk; it is a strategic vulnerability. It leaves the Union exposed to external pressure, extraterritorial sanctions, and digital supply disruptions. The true goal of cyber sovereignty is not only to protect oneself but to act independently—without needing permission.
Finally, Europe must develop a cyber diplomacy. The global governance of the internet is being shaped today—at the UN, the OECD, in regional alliances, and in private forums dominated by tech giants. The European Union can no longer remain a spectator. It must train a new generation of cyber-diplomats capable of defending an ethical and democratic vision of cyberspace—while also asserting its red lines and its interests.
This awakening cannot occur without a change in mindset. Europe must accept that it is already engaged in a digital war, even if that war remains unnamed. Deterrence is not about attacking—it is about being able to. Sovereignty is not about isolation—it is about choosing one’s dependencies. And digital power is not measured only by the sophistication of one’s technologies but by the political will to use them as instruments of influence.
If the continent wishes to matter in the global digital war, it must shift from a defensive reflex to a strategy of power. That will require political courage, resources, and a long-term vision. But it is the price to pay if Europe is to stop being a digital battlefield and instead become a sovereign actor in the global cyber arena. The alternative is marginalization. And in the digital world, weakness always comes at a cost—paid in full.
