Seven lessons Europe can learn from Ukraine to strengthen its digital sovereignty

Europe has been increasingly speaking about digital sovereignty as a necessary condition for security and competitiveness. This matters in an era of an ever more digitalised economy.

This need exists for Ukraine as well. Moreover, Ukraine is following this path under the harshest possible conditions: war, blackouts, physical destruction and massive cyberattacks.

Read more about how Ukraine’s experience can benefit European Union countries in the article by Tetiana Khabibrakhmanova of the Ukrainian Alliance for Digital Sovereignty: Digital sovereignty the Kyiv way: where Ukraine can serve as a model for the EU.

Digital solutions in Ukraine have become one of the mechanisms of state survival in the times of war. Data management, access and protection have been shaped under the constant threat of compromise. Infrastructure has had to operate amid physical destruction, blackouts and cyberattacks.

Ukraine developed these components in an environment where planning horizons were measured in weeks, and digital policies were implemented without lengthy testing – even when the cost of mistakes could be high.

This forced experience helped shape a set of core principles.

1. Service continuity is a basic requirement, not an option.
Geographically distributed data storage, the migration of systems to cloud environments (even when data is stored abroad), and pre-designed backup models allow Ukraine to keep critical registries and digital services functioning even under devastating circumstances.

2. Digital independence cannot exist separately from a country’s security architecture.
In Ukraine, digital tools are used daily for defence-related tasks: resource tracking, logistics, supply coordination and interaction between the military and state institutions.

3. A digital state must be able to change access rules as threat levels shift.
At the start of Russia’s invasion, Ukraine temporarily closed parts of its registries, changed access regimes, strengthened system segmentation and revised approaches to information disclosure. Registries were later reopened gradually, but under new security standards.

4. Competitors are in the same boat and must cooperate.
Competition gives way to cooperation under threat conditions.

5 Speed as an element of resilience.
During the full-scale war, Ukraine’s government adapted platforms to wartime needs within weeks. This demonstrates the speed and adaptability of digital policymaking without a loss of control.

6. The triangle of trust: state, business and civil society.
Volunteer IT initiatives, private companies and government bodies often operate as a single network.

Such a level of integration is difficult to "install" administratively, but it can be developed through policies of openness, interoperability and partnership.

7. A realistic assessment of risks.
Ukrainian management decisions are made in an environment where attacks on data centers, communication disruptions, or system breaches can occur at any moment. As a result, practical measures that ensure continuity are prioritised: backups, redundancy of critical components and rapid restoration of services and data after failures.

Overall, sovereignty in the digital world is measured primarily by a state’s ability to maintain control over data, operate under destruction, recover quickly and retain governance under pressure.

Ukraine’s experience cannot be transferred as a ready-made manual for other countries. However, it can serve as a practical framework for European digital sovereignty policy: anchoring requirements for data jurisdiction and access, investing in backup systems and infrastructure substitutability, developing cross-provider disaster-recovery models and rehearsing scenarios for the operation of public services under crisis conditions.