BRUSSELS — Where a company is headquartered, how many of its R&D staff are based in Europe, or whether its software is open source are not meaningful indicators of digital sovereignty. That is BSA's pointed message to the Franco-German Digital Sovereignty Task Force, whose consultation closes today.

The Task Force has been developing sovereignty criteria that would, in practice, function as origin-based restrictions, tying procurement eligibility to workforce thresholds, subcontracting location, and company registration. BSA's submission addresses each proposed indicator directly, concluding that no minimum thresholds should be imposed on any of them, and that the location of a company's registered office is simply not a relevant sovereignty criterion.

"What protects Europe is the ability to govern, audit, and mitigate risk, not where a company files its corporate papers," said Thomas Boué, VP & Director General, Policy – EMEA at BSA. "Criteria of this kind raise costs, reduce access to best-in-class security solutions, and risk conflicting with the EU's international trade commitments."

BSA identifies interoperability and open standards as the most effective tools for genuine resilience, and calls for procurement frameworks that reward security outcomes and accountability rather than geographic origin — consistent with positions BSA has advanced on the Cloud and AI Development Act and in its paper Keeping the Door Open: The EU's Path to Digital Sovereignty.