Category: News | Published: 2026-06-09
There has been a quiet but significant shift in how European governments talk about technology. A few years ago, concerns about dependence on foreign digital infrastructure were largely confined to academic papers and policy think-tanks. Today those same concerns are being written into procurement law.
Poland's announcement of a formal sovereignty test for major government technology purchases is one of the clearest examples yet of that shift moving from rhetoric into practice. But it does not stand alone. It is part of a much larger rethinking of what it means for a country, or a continent, to have meaningful control over its own digital future.
What Poland Has Announced
Speaking at the European Financial Congress in Sopot, Polish Prime Minister Donald Tusk confirmed that the government would introduce a formal sovereignty test for significant public-sector technology procurements. The policy will also be accompanied by annual reports tracking Poland's progress towards greater IT independence, creating a degree of transparency and accountability around the issue that most governments have not attempted.
Tusk was direct about his reasoning. He said that the scale of Poland's dependency on foreign digital infrastructure has reached proportions that demand serious economic, institutional, and organisational decisions. The test is expected to examine vendor concentration risk, control over critical systems, data access and residency, and the strategic risks associated with relying heavily on a small number of overseas technology suppliers.
The full framework has not yet been published, but the direction is clear. Digital sovereignty is moving from being a background concern to an active criterion in how the Polish state spends public money on technology.
The Numbers That Explain the Concern
The policy is not an abstract political statement. It is backed by a specific economic concern. Poland's digital trade deficit, the gap between what the country spends on foreign technology and what it earns from technology exports, has grown from approximately PLN 9 billion in 2016 to around PLN 45 billion in 2025. That fivefold increase in less than a decade reflects how rapidly Polish public and private sector technology spending has shifted towards overseas providers.
The broader European picture is equally striking. A European Parliament report estimates that the EU now relies on non-EU countries for more than 80 per cent of its digital products, services, infrastructure, and intellectual property. In cloud infrastructure specifically, two thirds of the global market in 2025 was controlled by three American companies: Amazon Web Services at 30 per cent, Microsoft Azure at 20 per cent, and Google Cloud at 13 per cent.
For governments considering what happens if those relationships become complicated, whether through geopolitical tensions, regulatory disputes, or commercial decisions made in a foreign boardroom, those numbers represent a genuine strategic vulnerability.
Why AI Is Making This More Urgent
Digital sovereignty concerns are not new, but artificial intelligence is changing their character significantly.
For most of the past decade, the sovereignty debate centred on cloud infrastructure and data storage. Those are important but relatively static dependencies. AI creates something different: a dynamic, evolving dependency on systems that make decisions. AI is increasingly embedded in healthcare diagnostics, public administration, benefits processing, education platforms, national defence systems, transport networks, and critical infrastructure. In each of those areas, the question of who owns, trains, maintains, and ultimately controls the AI system is not just a technical one. It is a question of governance and accountability.
As AI becomes central to how governments function, the case for having meaningful oversight of those systems, rather than simply licensing access to them from an overseas provider, becomes considerably stronger. That is the concern sitting underneath Poland's sovereignty test, and it is shared across the continent.
Europe Is Moving at the Same Time
Poland's announcement did not arrive in isolation. On 3 June 2026, the European Commission published its European Technological Sovereignty Package, a coordinated set of measures designed to strengthen the EU's capabilities across semiconductors, AI, cloud computing, and open-source software.
The package includes two significant legislative proposals: Chips Act 2.0, which builds on earlier semiconductor investment legislation, and the Cloud and AI Development Act, which will introduce a single EU-wide sovereignty framework for assessing cloud and AI procurement. Commission President Ursula von der Leyen framed the stakes clearly: Europe cannot afford to depend on others for the technologies that keep its hospitals running, its energy grids stable, and its services secure.
This is a substantive shift from where European technology policy was even three years ago. The conversation has moved from ethics guidelines and voluntary frameworks to binding legislation with direct implications for procurement decisions across all member states.
How the Sovereignty Test Is Likely to Work
The test Poland is introducing is unlikely to function as a straightforward ban on foreign technology suppliers. That would be impractical and would cut Polish government agencies off from tools that are currently among the best available anywhere.
The more realistic model is an assessment framework. Government departments making significant technology procurements would be required to consider whether a purchase creates excessive dependence on a single vendor or jurisdiction, whether critical data remains under appropriate control, whether the system could be migrated to an alternative if required, whether resilient alternatives exist in the market, and whether the strategic risks associated with the procurement have been properly understood and mitigated.
Those kinds of questions are already becoming standard in enterprise technology governance discussions around cloud computing, AI platforms, cybersecurity tools, and telecommunications infrastructure. Poland is essentially applying the same logic at a national level.
What Poland Has Already Done
The sovereignty test builds on steps Poland has already taken. The government earlier restricted certain Chinese technologies from sensitive military environments, reflecting the same concerns about strategic dependence that underpin the new procurement policy. It has also increased support for domestic AI development, including funding for Polish-language AI models, which address a specific form of digital sovereignty: ensuring that AI systems capable of understanding and generating Polish are not entirely dependent on models built and controlled overseas.
Those earlier moves suggest that the sovereignty test is not a one-off political gesture but part of a considered direction of travel.
What This Means for Businesses
The immediate implications of Poland's policy are for Polish public-sector procurement. But the broader trend has implications for any business that relies heavily on a small number of technology providers, particularly where those providers are based in a single country or jurisdiction.
In the UK, similar conversations are taking place, albeit less formally codified. Questions about cloud provider concentration, data residency, AI governance, and supply chain resilience have become standard parts of enterprise technology reviews. The reasoning is essentially the same as Poland's, applied at an organisational rather than national level: dependence creates vulnerability, and meaningful choice requires deliberate effort.
For businesses thinking about their own technology strategy, particularly around AI tools and cloud services, now is a sensible time to consider how concentrated your dependencies are and what your options would be if a key supplier relationship changed.
Our AI Consultancy page covers the practical steps businesses are taking to adopt AI tools thoughtfully, including how to evaluate providers and build strategies that keep you in control of your own data and operations.
The Direction of Travel Is Clear
Digital sovereignty is not a trend that is going to fade. As AI becomes more deeply embedded in how organisations and governments function, the question of who controls the underlying systems will only become more politically and commercially significant.
Poland's sovereignty test is one country's answer to that question. The EU's Technological Sovereignty Package is a continental one. Neither will resolve the tension between accessing the best available technology and maintaining meaningful independence. But both signal that the era of treating technology procurement as a purely commercial decision, with no strategic dimension, is drawing to a close.