Skip to content

NIS2 and Digital Sovereignty: Why Mid-Market Companies Must Review Their Dependencies

The bottom line: Mid-market companies must clarify data location, access rights and jurisdiction as binding criteria when selecting security partners, rather than blindly relying on US or Israeli providers.

AI is accelerating cyberattacks, making even smaller companies attractive targets. At the same time, growing dependence on non-European security providers creates new risks — legal, regulatory and operational.

Europe’s structural dependency runs deeper: cloud platforms, vulnerability databases such as CVE, threat intelligence and hardware/software components largely originate from the United States. European cybersecurity companies are chronically underfunded, while a lack of venture capital facilitates acquisitions by US tech conglomerates. Regulation and procurement have so far given digital sovereignty only marginal consideration — exceptions such as BSI requirements for 5G networks remain rare. The lever for change lies in public procurement standards: whoever makes European solutions mandatory in critical areas creates the necessary demand and thus the financing foundation for European providers.


Source: www.it-daily.net · Published 25 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.

Share on: