Dries Buytaert Questions “Buy European” as a Durable Digital Sovereignty Strategy

Recent debate around European digital sovereignty has prompted Dries Buytaert to question whether “Buy European” is a reliable measure of long-term control in software systems. In a blog post co-authored with Nicholas Gates, senior policy advisor for Open Forum Europe, and published on 15 April 2026, Buytaert argues that ownership and geographic location alone do not guarantee durable independence.

The argument matters because current European policy discussions often treat data residency, company headquarters, and operational control as indicators of sovereignty. Buytaert and Gates contend that these measures can change quickly through acquisitions or infrastructure shifts, making them weak tests of long-term resilience.

The post uses Skype as an example of this instability. Although the service began with European founders, engineers, and headquarters, it later changed hands through acquisitions by eBay and Microsoft before being shut down in 2025. The case is used to show how sovereignty based on ownership or jurisdiction can erode over time.

The authors place particular emphasis on licensing. They argue that open-source software offers a structural advantage because users retain the legal right to fork and maintain the software independently. The post cites the shift from MySQL to MariaDB during Oracle’s acquisition of Sun Microsystems as an example of how licensing can preserve continuity through corporate change.

The analysis also points to supply chain dependencies as a separate weakness. Centralised services such as code hosting platforms and package registries can become single points of failure, even when the software itself is open source. In that framing, resilience depends not only on licence terms but also on the infrastructure required to distribute and maintain software.

The post refers to the European Commission’s Cloud Sovereignty Framework and the proposed Cloud and AI Development Act as important policy efforts. Even so, the authors argue that these initiatives do not yet fully measure whether sovereignty can survive ownership changes or disruptions in critical infrastructure.

Buytaert and Gates conclude with two policy recommendations. They call for open-source licensing to become a requirement for mission-critical procurement at the highest assurance levels and for stronger supply chain resilience assessments where dependencies cannot be replaced quickly. Their broader argument is that digital sovereignty should be judged by durable control, not by short-term compliance alone.