Dr. Argyri Panezi is an Assistant Professor at IE Law School where she teaches courses on IP law and contracts. Her current work focuses on cybersecurity law and policy, specifically on European critical infrastructures, and on legal innovation, specifically examining e-Justice developments within the EU. She also writes about copyright law, digitization, and law and AI. Argyri is also a research fellow at the Digital Civil Society Lab at Stanford University, where she explores the notion of critical digital infrastructure.

Argyri holds a law degree from the University of Athens, an LL.M. from Harvard Law School, and a Ph.D. from the European University Institute.

‍

Twitter - @paneziargyri

The increasing digital dependencies of critical infrastructures is a general phenomenon, witnessed around the globe. It is also a phenomenon that particularly concerns Europe. The EU wants to increase its strategic autonomy by reducing European infrastructures’ dependencies on mostly foreign and private digital systems. More specifically, according to its latest quest for ‘digital sovereignty’, the Union wants to build its own ‘European cloud’, to domestically capture the value of European data, and to boost its microelectronics production. Importantly, there are practical issues of security and legal liability lying behind this rather new concept of digital sovereignty. Reviewing the Union’s cybersecurity regulations and the Parliament’s and Commission’s latest communications and proposals, one can see that the EU legislator fears a scenario in which European Critical Infrastructures, for instance airports or public hospitals, rely on foreign cloud services for their critical functions. Who sets the security standards and who is responsible for cybersecurity breaches of European critical digital infrastructures? Is the Union’s ‘digital sovereignty’ narrative consistent with its legislative framework in place? Furthermore, what priorities has the EU regulator set in order to achieve the desired digital sovereignty? What obstacles must the Union overcome to succeed in its quest?

The paper begins with exploring the latest EU policies setting the ambitious goal of digital sovereignty for the Union. It asks: What is ‘digital sovereignty’ and how does the Union plan to achieve it? It also analyses a plethora of intersecting legislative acts and proposals – primarily EU cybersecurity laws and ongoing efforts for reform including the proposed NIS-2 Directive – to unveil the links but also inconsistencies that exist comparing those more concrete legislative efforts to the broader political narrative of digital sovereignty. In other words, the paper compares the legislative narrative to the political narrative, to understand and assess the meaning and consistency of this relatively new ‘sovereignty’ quest.