As international tensions rise, countries on the edges of the Western alliance are increasingly concerned about their reliance on external technology providers and the limited control they have over data and infrastructure. Poland, the largest of these countries, is now taking steps toward long-term strategic planning in response.
TEXT: MICHIEL VAN BLOMMESTEIN IMAGE: ENVATO
It is not often that the launch of a cloud region attracts political attention at the highest levels of government. Yet CloudFerro’s newest project, a data center in Łódź in central Poland, has done exactly that, drawing official praise.
Speaking at the launch, Finance and Economy Minister Andrzej Domański framed the investment as part of a broader national agenda. He described it as “an element of building real digital sovereignty, security and resilience,” adding that nearly every modern solution ultimately depends on cloud infrastructure. The implication is clear: control over cloud capacity is increasingly becoming synonymous with control over the digital economy itself.
CloudFerro’s project also highlights a key principle underpinning Poland’s approach. Sovereignty is not defined as isolation, but as the ability to decide where data is processed, under which legal framework, and by whom. As the company’s leadership emphasized, the question is no longer whether data will move to the cloud, but under whose jurisdiction it will be stored and processed.
Sovereignty as security policy
In Poland, digital sovereignty is shaped by factors that go beyond economic competitiveness. According to Piotr Mieczkowski, Managing Director of Digital Poland, the concept is closely tied to national security concerns. “For Poland, digital sovereignty is not only about competitiveness. It is deeply linked to national security and border defense,” he noted. “The country has digitized rapidly, and protecting large volumes of citizen data has become a critical priority, especially given its geopolitical position.”
We need to assess how much we spend on non-European IT providers and build frameworks that support open standards and local solutions
Piotr Mieczkowski
This position, on NATO’s eastern flank, directly influences the debate. The ongoing war in Ukraine and broader tensions with Russia have made cyber resilience a strategic necessity. As Mieczkowski explains, “The threat is constant, involving cyberattacks on government systems, probing of critical infrastructure, and disinformation campaigns. Digital sovereignty is increasingly seen as a defensive posture.”
This security dimension is also reflected in public opinion. According to recent research by Digital Poland, Polish citizens associate technological dependence with tangible risks such as infrastructure shutdowns, espionage, and supply chain disruption.
Structural dependence and economic impact
Despite growing awareness, Poland remains heavily dependent on non-European technology providers. Like much of Europe, it relies on US hyperscalers for cloud services and Asian manufacturers for hardware. This dependency has measurable economic consequences. Digital Poland warns that Europe’s reliance on external technology providers contributes to lower margins for local firms and a significant trade deficit in digital services. In Poland alone, this deficit is estimated at approximately €10 billion annually.
The broader European context reinforces this picture. A report by Think Tank Leaders Hub, a Polish institution promoting digital transformation, highlights that digital sovereignty is not about eliminating interdependence, but about managing it to ensure resilience and strategic autonomy. The complexity of global technology stacks means that dependencies in one layer can affect the entire system, from hardware to AI applications.
Achieving digital sovereignty is a multi-decade effort requiring tens of billions of euros
Piotr Mieczkowski
Mieczkowski points out that reducing this dependency requires coordinated action across several areas. “It means investing in domestic infrastructure, scaling European companies, and participating in joint initiatives that create viable alternatives,” he said. “We also need to assess how much we spend on non-European IT providers and build frameworks that support open standards and local solutions.”
Policy instruments and state intervention
Poland’s response combines infrastructure investment with regulatory and policy measures. One of the key initiatives is the National Cloud Operator, which aims to ensure that sensitive data is processed within Poland’s jurisdiction, even when working with global partners. At the same time, legislative changes are reinforcing cybersecurity requirements. The updated National Cybersecurity System Act, aligned with the EU’s NIS2 directive, introduces stricter standards for critical infrastructure. Poland has also taken steps to restrict “high-risk vendors” from participating in core telecommunications networks.
Public procurement is another important lever. The government’s new procurement policy emphasizes criteria such as data location, operational control, and security, with the aim of strengthening domestic providers and supply chains. Given that public procurement in Poland accounts for nearly €150 billion annually, this approach has significant market implications.
Investment scale and long-term horizon
Achieving digital sovereignty is a long-term and capital-intensive process. Mieczkowski calls it “a multi-decade effort requiring tens of billions of euros.” While difficult to quantify precisely, Poland has already allocated substantial resources to digital transformation. Under the National Recovery Plan, approximately 21 percent of nearly €60 billion in EU funding is dedicated to digital infrastructure, broadband expansion, and cybersecurity. This funding supports both public sector modernization and the development of domestic capabilities.
At the same time, private sector investments such as CloudFerro’s demonstrate that local companies are beginning to scale up their infrastructure offerings. These investments are critical for building what some policymakers describe as a “Polish stack,” aligned with broader European initiatives such as EuroStack. This is a developing EU-level framework aimed at strengthening European technological capacity across cloud, data, and AI layers.
Poland is generally more comfortable relying on localized US technologies than on less mature European alternatives
Piotr Mieczkowski
Balancing autonomy and alliances
One of the defining features of Poland’s approach is its balancing act between European autonomy and transatlantic cooperation. Unlike some EU member states that advocate for strict technological independence, Poland maintains a pragmatic stance. “The United States remains Poland’s key security partner,” Mieczkowski noted. “As a result, Poland is generally more comfortable relying on localized US technologies than on less mature European alternatives.” This position reflects both geopolitical realities and market dynamics. While European initiatives aim to strengthen local capabilities, global technology providers continue to dominate key segments of the digital economy.From debate to implementation
By building domestic infrastructure that operates under European jurisdiction while remaining integrated into global ecosystems, Poland is pursuing a hybrid model of digital sovereignty. It aligns with one of the emerging European policy scenarios: maintaining cooperation with global technology providers while developing local capabilities that can serve as a fallback in times of crisis. In this context, digital sovereignty is less about replacing existing systems and more about ensuring optionality and resilience. The goal is to maintain the capacity to act independently when necessary, without disengaging from global innovation networks. As Poland continues to invest in cloud infrastructure, cybersecurity, and regulatory frameworks, its approach offers a case study in how digital sovereignty can be operationalized. The transition is ongoing, but the direction is increasingly clear: sovereignty is becoming a core component of economic policy, security strategy, and technological development.