All articles

Data & Infrastructure

The paradox of sovereignty, and why digital power is about freedom, not just compliance

AI Data Press - News Team
|
September 28, 2025
Credit: Carl Gruner

Key Points

  • European businesses face strategic challenges due to legal complexities like the Schrems II ruling and U.S. CLOUD Act.

  • Victor Lausas, CEO of North Atlantic, advocates for digital sovereignty as a strategic advantage, emphasizing autonomy over compliance.

  • Lausas warns that relying on foreign cloud providers poses financial risks and suggests phased migration to sovereign infrastructure.

  • Jurisdictional complexities extend beyond U.S. laws, with varying risks across European countries; Finland and the Netherlands are noted as safer options.

  • Building trusted infrastructure is a market differentiator, with Lausas highlighting the importance of secure, high-performance hardware.

"When you build your own infrastructure, you have the power to customize it and do exactly what you want. You don't have to wait for jurisdiction decisions and other things that can take months or even years."

Victor Lausas

CEO
North Atlantic

Victor Lausas

CEO
North Atlantic

For European businesses, digital sovereignty has quietly morphed from a niche legal headache into a board-level strategic crisis. The legal landscape is a minefield, defined by the seismic Schrems II ruling and the long arm of foreign legislation like the U.S. CLOUD Act and FISA 702. This has created a tough choice for companies caught between mitigating existential legal risks and relying on the unparalleled convenience of dominant American tech ecosystems.

But for Victor Lausas, this challenge is not a defensive crouch—it’s a declaration of independence. As a seven-time founder, author, and CEO of the AI firm North Atlantic, he is building his company with a fierce commitment to autonomy. For Lausas, the entire conversation around sovereignty needs a radical reframing. It’s not just about what you’re protecting yourself from, but what you’re empowering yourself to do.

  • Sovereignty as power: Lausas’s philosophy moves beyond mere compliance to focus on strategic control. It’s a vision where independence is the ultimate business advantage. "When you build your own infrastructure, you have the power to customize it and do exactly what you want," Lausas said. "You don't have to wait for jurisdiction decisions and other things that can take months or even years."

That freedom is a direct response to the tangible risks of dependency. Lausas said relying on foreign cloud providers creates a strategic vulnerability that goes straight to the bottom line. It’s not just about legal jeopardy; it’s about financial survival in a volatile world.

  • The price of dependency: "If you build a business on a foreign cloud and operate on a small profit margin, sudden policy changes like trade wars or customs adjustments can eat all of that profit," he explained. For companies already entangled in this web, Lausas suggested a pragmatic path forward that begins with a simple question: "Where are we dependent?" He advised a phased migration, where companies can run parallel systems to de-risk the transition. The goal is to firewall the most critical assets like sensitive company contracts or pre-publication university research on secure, sovereign infrastructure.

But Lausas warned that many leaders fall for a dangerous and widespread misconception about data security. "The most common misunderstanding is that having servers in Europe is enough. It's not," he stated definitively. "Jurisdiction rules over location." This means that if a cloud provider is a U.S. company, American laws like the CLOUD Act still apply, regardless of server location—a reality recently highlighted when Microsoft admitted it couldn’t fully protect European data from U.S. authorities.

Jurisdictional complexity doesn't end with US law. Lausas points out that even within Europe, risk levels vary dramatically. "You cannot just deploy wherever in Europe. You have to know the local laws, because countries like Germany and France have their own all-access intelligence laws," he said. "The key is to find out which countries don't." He points to nations like Finland and the Netherlands as safer havens for truly secure deployment.

  • The trust factor: For organizations that navigate these complexities, the reward is more than just compliance. It’s a powerful market differentiator. "The most obvious opportunity is the trust factor," Lausas noted. "Your customers can be certain that their data is secure, that it's in Europe, and that it's not being transferred out." Building that trusted infrastructure requires the right tools. Lausas is putting this into practice, with North Atlantic recently joining the NVIDIA Connect Program to help clients build on secure, high-performance hardware. It’s a reminder that true sovereignty is a full-stack endeavor, from legal frameworks down to the silicon.

  • Europe's long game: This focus on building a secure foundation from the ground up is what Lausas said will ultimately be Europe’s greatest strength. "Maybe the start is slower because it's harder to build with these regulations. But when things go wrong in other countries because they lack these safety features, people will see that it wasn't such a bad idea after all."