Discover through this article how to adopt a sovereign collaborative solution, a key imperative in the face of foreign interference risks

In 2025, cyberextortion increased by 44.5%, therefore tripling the number of attacks since 2020. This increase in cyberattacks is part of a geopolitical context marked by multiple conflicts as well as a mistrust between the European Union and its historical ally, the United States.

In this tense geopolitical climate, foreign cyberthreats are increasingly pressing. To try to organise a uniformised answer to those risks and protect European organisations, international collaboration with both private and public actors is being reinforced under the aegis of Europol, Interpol and the Five Eyes Alliance.
As such, digital sovereignty is more than ever a strategic challenge for organisations.

What are the risks associated with using non-sovereign tools?

It is a reality: certain foreign powers carry out spying and destabilising actions against French organisations. For example, during 2025, several foreign organisations conducted cyberattacks on enterprises and administrations located in various European countries. Indeed, a cyberspying operation conducted by the Chinese cybercriminal group Salt Typhoon on a European telecommunication operator has been discovered. Russian cybercriminals also targeted main French economic actors all along 2025.

Destabilisation is often sought through cyberattacks, notably ransomware, in order to paralyse the activity of the victim organisation for as long as possible. On the other hand, spying is frequently conducted in a discreet manner, with the main objective being the collection of sensitive information.

Certain non-European regulations allow States to access the data of French or European companies when they are hosted by providers subject to their jurisdiction, even if data are stored on European soil. This is notably the case with the Cloud Act, the Patriot Act, the FCPA (Foreign Corrupt Practices Act) or Section 702 of the FISA (Foreign Intelligence Surveillance Act) for the United States. Other regulatory frameworks, such as the PIPL in China, also incorporate mechanisms for state access to data under cover of national security or public interest.

Concretely, using software, applications or IT services offered by companies subject to these laws can compromise the confidentiality of your most sensitive data. For example, illegal data transfers from French organisations to the US have already been observed from applications like Zoom, Slack or Mailchimp.

The risk of spying is therefore proven. According to ANSSI, it is particularly important in the telecommunications, transport, research, diplomacy and defense sectors. NGOs, think tanks or public administrations are also concerned. The theft of sensitive data such as intellectual property or strategic information can potentially be used to fuel the technological, economic or military capabilities of foreign powers.

The dependence on non-European solutions also presents risks in case of diplomatic tensions. For example, the provider of the US messaging solution used by the International Criminal Court suddenly prevented the organisation from accessing its services, following a request from the US administration. Beyond data privacy, the use of non-sovereign tools also poses availability risks.

Why adopt sovereign collaborative solutions?

Collaborative tools contain confidential data (such as strategic documents or customer information) and are also used to share sensitive information between collaborators. It is essential to protect these data from non-European legislation. The adoption of sovereign collaborative solutions eliminates this risk. Even better: opting for sovereign tools approved by ANSSI guarantees the highest level of security against cyber threats.
The same goes for mobile devices, which represent a preferred entry point for cyberattacks. Once again, a mobile device security solution can protect data both in transit and at rest, via security bricks such as end-to-end encryption or a sovereign VPN. 

It is also necessary to choose tools capable of guaranteeing the transparency of data flow, in order to have the assurance that sensitive information does not leave the defined perimeter without control. On this point, it is important that suppliers clearly inform their clients about the location of the data, the subcontractors involved and the measures put in place to protect them: some companies require that data be processed only by sovereign tools.

National and European regulations now integrate the risks related to the use of non-European technologies. The GDPR requires that any transfer of data to third countries be governed by adequate safeguards (standard contractual clauses, BCRs). The NIS2 Directive requires a risk assessment of critical third parties and IT providers, which involves considering the risks of spying and data theft. OIVs (Operators of Vital Importance) and certain public entities are required to host their data with a SecNumCloud 3.2 qualified provider by ANSSI. It is also possible to opt for on-premise hosting or a sovereign public Cloud depending on your needs and constraints. In summary, using sovereign collaborative technologies and applications therefore facilitates regulatory compliance.

In a context where attacks are increasingly targeted and sophisticated, it is important to reassure your business partners (suppliers, service providers, clients…) about the level of security of your company. Some tenders or partnerships are only accessible to organisations that have adopted solutions that meet the required security and sovereignty criteria. The deployment of sovereign and secure solutions thus allows for laying the foundations of a relationship of trust.

Finally, the choice of sovereign solutions is also a commitment that allows supporting innovative European or French actors. This support creates value in our territory and allows us to propose an alternative to the domination of the American tech giants. This contributes to the construction of a true European technological independence.

The risk of data theft and cyber spying has never been higher and is exacerbated by growing geopolitical instability. Opting for sovereign technologies is no longer an option, particularly in terms of collaboration and mobility. It is now a strategic necessity to ensure the confidentiality, availability and integrity of data, strengthen trust with partners but also to facilitate regulatory compliance with new European regulations.