From Chips to Code: The Many Layers of Digital Autonomy


Beyond Open Software

Europe has learned to ask whether software is open. The harder question is whether the systems beneath it can still be understood, operated, replaced and negotiated when pressure comes.

For years, Europe’s digital autonomy debate has focused on software. Open source software reduces lock-in, increases transparency, strengthens security through auditability and helps build digital commons that cannot be fully captured by a single vendor.

This was necessary. But it is no longer enough.

Software does not run in the air. Cloud services are not abstract. Artificial intelligence is not only a matter of models and data. Code runs on processors. Data moves through networks. Digital services depend on machines, energy and people with the skills to operate them.

The digital economy was never immaterial. Europe simply learned to treat its material layers as someone else’s problem.

Autonomy should not be confused with self-sufficiency. Europe will not produce everything by itself, and it should not pretend otherwise. Modern economies are built on interdependence. But not all forms of interdependence are equal.

A dependency becomes strategic when there is no credible alternative, no realistic capacity to switch, and no room for negotiation. The problem is not dependence as such. The problem is being blocked.

Digital autonomy is the ability to understand, operate, replace and negotiate the technologies on which we depend. These four verbs move the debate beyond slogans. Can we audit the technology? Can we run it without permanent external control? Can we replace it if the relationship becomes unsustainable? Can we negotiate from a position of strength rather than necessity?

These questions must be asked layer by layer, because digital autonomy is only as strong as its least controlled layer.

The Layers Beneath the Code

The first layer is software. Here, Europe has made real progress. Open source is now widely recognised as a strategic asset. It allows public institutions, companies, researchers and citizens to inspect code, adapt it and share improvements.

But open source software can still depend on closed foundations. A public administration may use open software while running it on infrastructure it cannot control. A European company may build a transparent application while depending on opaque cloud services, proprietary hardware acceleration or non-European operational platforms. In such cases, autonomy has limits. The dependency has not disappeared. It has moved downward.

The second layer is cloud and operations. The cloud debate has shown that location is not control. Hosting data in Europe is not the same as controlling the infrastructure, operations, legal exposure or exit paths.

A truly autonomous cloud strategy must include reversibility, interoperability, open standards, transparent contracts and operational knowledge. Without open standards, switching providers remains theoretical. Without interoperability, competition becomes cosmetic.

Without operational skills, even a European cloud can become a black box. The third layer is hardware and computers. This is where the debate becomes uncomfortable,because hardware requires long-term industrial capacity: research, design, manufacturing and maintenance skills. It cannot be rebuilt overnight, and it cannot be summoned by political declaration once a crisis has already begun.

Yet this layer is becoming impossible to ignore. Artificial intelligence has made compute capacity a strategic infrastructure, not merely a technical resource. Training and running advanced AI systems requires specialised chips, high-performance servers, energy-intensive data centres and technical expertise. A continent that wants to regulate, deploy and shape AI must also ask who controls the computer on which AI depends.

This does not mean that Europe must manufacture every chip it uses. It does mean that Europe needs credible alternatives, bargaining power and technical understanding. It must fund research laboratories, hardware design teams and manufacturing capacity in Europe, and support European hardware actors before a crisis reveals that they are missing.

The fourth layer is connectivity. Data autonomy is not only about storage. It is also about circulation. Networks are physical systems. They depend on cables, routers, satellites, landing stations, repair capacity and regulatory frameworks.

Submarine cables are a powerful example of this invisible layer. They are absent from most public debates precisely because they usually work silently. But when they are damaged, threatened or politicised, their strategic importance becomes obvious.

A digital Europe that cannot protect, repair or reroute its communications is not fully autonomous. Resilience must include network infrastructure, not only software security.

Otherwise, Europe may have open code, protected data and ambitious regulation, but still depend on fragile paths it does not control.

From Dependency to Choice

This is where the open source movement has something essential to offer beyond software itself. Open source is not only a licensing model. It is a way of organising knowledge, trust and cooperation. It shows that critical technologies can be shared, audited, improved and governed collectively.

These lessons should now be applied more broadly. Open hardware will not replace factories, materials or investment. But open designs, auditable specifications and shared licences can reduce opacity, support cooperation and prevent critical knowledge from being locked inside systems that Europe can buy but not understand.

This agenda is not a call for withdrawal from the world. Europe needs partners, trade, international cooperation and global standards. But cooperation is stronger when it is based on choice rather than dependency.

The objective is not to do everything alone. It is to avoid being trapped, preserve the ability to operate under pressure, and offer trustworthy alternatives to others who also need room for manoeuvre.

Open source remains one of the foundations of this strategy. But it should no longer be treated as the final answer. It is the first visible layer of a deeper question.

Digital autonomy does not mean doing everything alone. It means not being strategically blocked.

About the Author

Gaël Lago is Director of Open Source Software Assurance at LINAGORA, where he leads initiatives to strengthen trust and governance in open technologies. With a background at the crossroads of technology and public policy, he advocates for a stronger European voice in digital strategy. A committed supporter of digital sovereignty, he actively promotes public investment, open collaboration, and the development of independent European digital infrastructures.