Europe has fallen so far behind the United States in developing digital infrastructure that it has effectively “lost the internet,” a senior European cybersecurity official has said. According to Miguel De Bruycker, director of Belgium’s Centre for Cybersecurity (CCB), it is now “virtually impossible” to store data exclusively within Europe, as digital infrastructure is controlled by US companies.
“We have lost the entire cloud segment. We have lost the internet, to put it bluntly,” De Bruycker said in an interview with the Financial Times. He added that demands to keep information “100 percent within the EU” are unrealistic: “You can keep dreaming. You are setting a goal that cannot be achieved.”
He noted that Europe’s cybersecurity architecture relies heavily on cooperation with the private sector, while most of the key players are American companies. “Everything in cyberspace is commercial. Everything is in private hands,” he said.
De Bruycker, who has led the CCB since its creation a decade ago, stressed that this dependence does not constitute a “major security problem” for the EU. However, he warned that Europe is missing out on critical technological domains whose development is now concentrated in the US and elsewhere. Chief among them are cloud technologies and artificial intelligence—tools that play a central role in protecting European states from cyberattacks.
To strengthen its innovation capacity and improve security, Europe needs to develop its own technological capabilities, De Bruycker said. At the same time, he argued that initiatives such as the EU’s Artificial Intelligence Act, which seeks to regulate a rapidly evolving field, effectively “stifle” innovation.
In De Bruycker’s view, EU governments should take a more active role in backing private initiatives aimed at building large-scale projects in areas such as cloud computing and digital identity. He compared the approach to the creation of Airbus, when European states jointly invested in the development of an aviation champion. “Decades ago, everyone supported the Airbus initiative. We need the same approach at the EU level in the cyber domain,” he said.
At the same time, as IT experts note, certain elements of critical digital infrastructure already exist in Europe. These include France’s OVHcloud and Germany’s Schwarz Digital.
In recent years, concern has been growing within the EU over dependence on American technology corporations, including Amazon, and calls to strengthen Europe’s “technological sovereignty” have grown louder. Yet, De Bruycker said, these debates are often “religious” in nature and lack practical focus. “I believe the EU needs to clearly define what sovereignty in the digital sphere actually means for us,” he said.
Rather than concentrating efforts on trying to rein in American “hyperscalers,” De Bruycker argues that the focus should be on building European solutions of its own. “Perhaps the energy should be directed toward building something ourselves,” he said.
Belgium, which hosts EU institutions and NATO headquarters, has in recent years found itself at heightened risk of hybrid attacks that authorities say are linked to Russia. After Moscow launched its full-scale invasion of Ukraine in 2022, the country experienced a rise in cyberattacks and airspace violations involving drones.
Last year, Belgium was hit by five waves of DDoS attacks, each lasting several days. In such assaults, compromised devices overwhelm the websites of companies and government bodies, temporarily knocking them offline. According to De Bruycker, as many as 20 different organizations were targeted each day, with the attacks typically carried out by “Russian hacktivists.”
While direct Kremlin involvement in these actions remains unproven, the attacks, he said, often followed anti-Russian statements by politicians. “Sometimes it is not even a Belgian official—it is an EU representative who says something in Brussels, and the attacks begin,” he explained.
Despite the rise in such incidents, De Bruycker does not consider them particularly destructive, stressing that their primary aim is destabilization. “It is temporary, no data are stolen. It is about disrupting the normal functioning of a website or portal,” he said.
After the start of the full-scale war against Ukraine, American hyperscalers played a crucial role in safeguarding data targeted by Russian attacks, De Bruycker noted. He also expressed confidence that cooperation with US companies in combating cybercrime would continue, even as the largest American IT corporations have moved closer to the administration of Donald Trump, which has repeatedly signaled its intention to scale back support for Europe’s security.