The foreign policy dimension of digital policy
Digital policy as a foreign policy instrument began to attract greater attention several years ago, notably when countries such as Denmark appointed a technology ambassador to Silicon Valley in 2019[1]. These early digital foreign policy strategies reflected a growing recognition of the digital domain’s importance, particularly in shaping diplomatic engagement and messaging.
European platform regulation
In the late 2010s, as the internet and particularly social media platforms grew more dominant, the European Union decided to develop a framework to safeguard fundamental rights as well as European democratic values online – in short, the Digital Services Act (DSA) was adopted in 2022. Alongside the DSA, the Digital Markets Act (DMA) was designed to ensure fair competition by regulating currently seven gatekeeper service providers and platforms. Under both acts, the EU may impose fines up to 10% of the non-compliant company’s global revenue.
Such measures have been perceived as geoeconomic tools, as private sector lobbying efforts have framed such fines as “multi-million-dollar tariffs”[2]. Similar claims of the DSA essentially opening the door to measures amounting to censorship, essentially makes European digital policy a matter of security policy debate. This foreign and security political dimension also becomes clear in cases of Chinese firms such as ByteDance or Temu having been investigated under the DSA and the DMA. After the EU imposed a substantial fine on TikTok for transferring European user data to China, the Chinese Foreign Ministry denied accusations of illegal
data access and called for fair treatment of Chinese companies.[3]
Digital Infrastructure and Data
The significant dependency of Europe on non-European digital infrastructure and data usage has increasingly become a security issue. A tangible example are cloud services: there is no major European-owned cloud. This is an issue for civilian usage, but also in the military realm – since sensitive data ultimately might not be stored sovereignly. Also, within the transatlantic alliance, the extraterritorial reach and US-private companies’ obligation to share data with the US government must be considered.[4]
In tandem with the EU’s paradigm shift designating China as a partner, competitor and strategic rival[5] in 2019, the EU began to acknowledge the security risks of Chinese investment in critical digital infrastructure.[6] This growing concern led to the adoption of the voluntary 5G Toolbox in 2020, which recommended the restriction of high-risk foreign vendors such as Chinese companies Huawei and ZTE from 5G networks.[7] Nonetheless, Europe’s reliance on Chinese tech companies for its critical digital infrastructure remains a primary security concern, encompassing risks of surveillance, sabotage and potential data breaches.[8]
Geoeconomic dependencies
After the Covid pandemic and Russia’s full-scale war against Ukraine exposed the broader security risk of the EU’s dependency on critical raw materials, particularly rare earths from China, Europe’s de-risking approach vis-à-vis China further extended to the digital sphere.
From a geoeconomic perspective, the EU’s reliance on Chinese semiconductors and (processed) critical raw materials indispensable for its digital transition poses a threat to digital sovereignty. This became particularly evident when China imposed export controls on rare earth elements in April and October 2025, exposing the vulnerability of European critical supply chains.[9]
However, the EU had already introduced its Anti-Coercion Instrument in 2023 in response to intensifying global power rivalries, which increasingly manifest through geoeconomic leverage. The instrument is designed to defend European interests against economic coercion by third countries. Although it has not yet been used, it represents a serious effort to position the EU as a credible global actor. Ultimately, the pursuit of European digital sovereignty unfolds within a context of growing great-power competition, where economic coercion—whether through critical raw materials or tariff wars—plays an increasingly central role.
Cybersecurity and FIMI
Cybersecurity has become an increasingly important issue in the realm of foreign affairs. The surge of cyberattacks originating predominantly from China and Russia prompted the EU to ramp up its cybersecurity acquis, including the Cybersecurity Act (2019) and the NIS-Directives.[10] As China increasingly operates with a similar hybrid playbook as Russia to target Europe in the cyber space, Chinese foreign information manipulation and interference (FIMI) operations tend to be more subtle compared to Russia.[11]
However, the case of Tik Tok’s influence on the 2024 Romanian presidential election illustrates Europe’s vulnerability to disinformation spread via Chinese platforms: During the first election round, Russian influence operations via Tik Tok led to the victory of far-right candidate Călin Georgescu, which was later annulled. In response, the Commission launched investigations whether TikTok had failed to meet its obligations under the DSA to prevent electoral interference.
How do EU digital policy initiatives respond?
The EU is increasingly using digital policy as a foreign policy tool by strengthening technological autonomy and reducing external dependencies. The appointment of Henna Virkkunen as a Commissioner for Tech Sovereignty in 2024 institutionalizes digital power within EU foreign policy. Although critics of the DSA have framed the Digital Omnibus initiative as a softening of the EU’s strict enforcement of the DSA, the strategy instead aims to foster industrial growth and innovation, thereby reducing Europe’s vulnerability to economic pressure or political leverage. This shift creates opportunities to recalibrate geopolitical dependencies on a more balanced footing. Moreover, measures such as the European Chips Act address strategic dependencies primarily on Chinese technology.
The 2026 revision of the Cybersecurity Act represents one of the EU’s boldest efforts to protect its critical digital infrastructure by introducing a framework for restrictions on foreign high-risk vendors and setting a binding timeline to phase out such suppliers from 5G networks, a step most likely to affect Chinese companies
Huawei and ZTE.[12] Framed by the Commission through a cybersecurity lens to avoid overt geopolitical confrontation, China has nonetheless
criticised the proposal as protectionist and cautioned against possible countermeasures.[13]
Aimed at countering foreign interference and disinformation, the European Democracy Shield strikes a cautious tone on the role of private tech companies, resorting to voluntary initiatives such as the European Centre for Democratic Resilience[14]. With the 2025 International Digital Strategy, the EU aims to provide a framework for global engagement – however, for the moment, it remains rather at the surface of high-level policy dialogues and less meaningful industry engagement. Initiatives like the Digital Networks Act acknowledges the EU’s heavy reliance on third countries’ digital infrastructure as a security risk; whether it can change remains to be seen.
Conclusion
Amidst a shift from digital diplomacy to digital geoeconomic competition, the EU faces the delicate balancing act of strengthening digital sovereignty while averting open confrontation with third countries. As Europe steps up its enforcement of its digital rules, repeated risks of retaliation underscore the far-reaching foreign policy repercussions of EU digital policy. At the same time, geopolitical tensions over the EU’s perceived regulation of private actors in the digital sphere illustrate the need for the EU to reduce its digital dependencies to become less vulnerable to economic pressure or political leverage.
In a world order shaped by intensified geopolitical competition, digital sovereignty has become a key component of Europe’s broader push for strategic autonomy, and digital policy a tool to do so.
Expert Comment: Kai Zenner, Digital Policy Advisor to MEP Axel Voss
Towards a European Grand Strategy for the Digital Age
The EU has built an impressive regulatory arsenal, yet an accumulation of policy instruments does not constitute an overall strategy. The deeper problem is conceptual as the Commission treats digital sovereignty primarily as an enabler of cooperation rather than as a prerequisite for global power. International cooperation with only reduced own tech capabilities means permanent dependency; regardless of how many horizontal digital laws or international partnerships have been created.
What Europe actually needs is a genuine grand strategy for the digital age: one that prioritises rather than attempts to cover every new technology equally. Europe cannot and should not lead everywhere. But it must lead decisively where norm-setting, economic leverage and strategic resilience converge (i.e AI foundation models, cloud infrastructure, digital identity, quantum computing). In other areas, trusted international partners and interoperability standards can suffice.
This understanding goes back to the "European Way”15 a policy concept that proposed to introduce a value-based digital policy approach for the EU (i.e. principle-based governance, strategic resilience, interoperability, sustainability, trust and a decentralised economic model). It also suggested to use a concrete institutional lever: an Article 20 TEU enhanced cooperation mechanism, enabling willing member states to advance in critical technology fields without being blocked by unanimity requirements. Externally, a "Trusted International Partners" framework (e.g. Canada, Japan, South Korea, Brazil, India and Ukraine) would anchor supply chains, research alliances and data spaces in democratic ecosystems.
The objective behind this concept is to create a second Brussels Effect: not by exporting EU digital regulations onto others' platforms, but the proactive export of trusted technologies, open protocols and human-centric standards. The EU has the research excellence, the normative credibility and the global trust that authoritarian tech models increasingly lack. What it still needs is the political will to act as a shaping force instead of a rule-setter for others’ digital hardware, software, and infrastructure.
[1]The New York Times: The World’s First Ambassador to the Tech Industry - The New York Times
[2] German Marshall Fund of the United States: The EU’s Digital Markets Act and Digital Services Act
[3] Brussels Times: China denies data access after EU imposes fine on TikTok
[4]Library of Congress: Cross-Border Data Sharing Under the CLOUD Act
[5] BDI: Europe and China: between cooperation and confrontation
[6] Schuman Papers: The European strategic approach to technological security: the challenges posed by China
[7] EIAS: EU Digital Dialogue and Cooperation with China: The Way Forward?
[8] French Institute of International Relations: The “Huawei Saga” in Europe revisited German Lessons for the Rollout of 6G
[9] European Parliament: China's rare-earth export restrictions
[10] EPRS: Question time: Protecting strategic infrastructure against China's influence
[11] The Hague Centre for Strategic Studies: FIMI in Focus
[12] EU Observer: EU proposes phasing out high-risk foreign tech, targeting China
[13] Euractiv: China urges EU against protectionist path in cybersecurity law
[14] Euractiv: Commission risks blunting 'Democracy Shield' amid US sensitivities and big tech backlash
15Internationale Politik Quarterly: The European Way
About this series
