The European Commission’s ‘State of the Digital Decade 2025‘ report is an annual barometer of ambitions and realities in the Union’s digital landscape. This year’s edition, while pointing to progress, is first and foremost a sober assessment of the fundamental challenges.
The document identifies 12 key areas that will determine whether Europe becomes a digital leader or remains in the shadow of technological powers outside the continent. The conclusions are clear: without strategic investment in infrastructure, cyber-security and competence, European digital sovereignty will remain a mere political buzzword.
Foundations: infrastructure dependency and the race for computing power
Europe’s digital aspirations are overshadowed by its deep dependence on key suppliers. Analysis shows that more than 80% of digital products, services and infrastructure originate outside the EU. This statistic underpins the first and most important vector identified in the report: sovereign computing power.
Without its own scalable resources in the cloud, edge computing and supercomputing (HPC), the Union will not be able to control its digital future. The report emphasises the need to accelerate funding processes and project deployment to meet strategic cloud and artificial intelligence objectives.
The problem of dependency also extends to physical infrastructure. The international submarine cables, referred to as the digital arteries of Europe, require increased redundancy and the creation of coordinated repair mechanisms.
The same is true in space, where EU projects such as IRIS² (Infrastructure for Resilience, Interconnectivity and Satellite Security) are expected to make the continent independent of external satellite constellations.
However, growing computing power comes at a price. The Commission warns that energy consumption in data centres could increase by 70% by 2030. This makes it imperative that planning for digital growth is inextricably linked to an energy strategy based on renewable sources and efficiency.
The Shield: cyber security in the quantum age
The second pillar on which the report is based is cyber security. The European Union already has an advanced legal framework in place, such as the NIS2 Directive or the CRA (Cyber Resilience Act) and CSA (Cybersecurity Act). However, legislation is only the beginning.
The key now is to implement them effectively, including managing the risks associated with high-risk providers in 5G networks.
At the same time, a new existential threat is on the horizon: quantum computers, capable of breaking current encryption standards. Europe already has a post-quantum cryptography (PQC) roadmap with the goal of migrating systems between 2030 and 2035, but national implementation strategies are lacking.
Time is running out, as data captured today can be decrypted in the future.
Cyber-hygiene in the SME sector remains a weak link. European SMEs often lack advanced technology and knowledge, making them an easy target and increasing the vulnerability of the entire supply chain.
Network and people: uneven adoption and the skills gap
The report also highlights the slower-than-expected pace of upgrading the network itself. Although 5G network coverage is growing, adoption of its fully autonomous version (Standalone) is low. This is hampering the development of advanced services and delaying preparations for the 6G era.
Similarly, the implementation of fundamental internet standards such as IPv6 (crucial for scalability) or DNSSEC (a secure domain name system) is similarly uneven, generating systemic risk.
Progress can be seen in the area of digital public services and e-identity, but here too there is the problem of technological dependence on external platforms. However, the human factor remains the biggest challenge. There is a shortage of nearly 300,000 cybersecurity professionals in Europe and the overall number of ICT experts is insufficient.
