What Europe understood first
The European Union has invested heavily in cross-border collaboration projects. The stated goal is not merely to break free from the major American platforms. It is more ambitious than that: to develop global standards for digital sovereignty that belongs to everyone, not just a select few.
It’s a vision I’ve seen come to life during my travels in Europe, at events where digital sovereignty wasn’t just a conference topic. It was an operational priority. Organizations with protocols, tool selections, and internal policies. Not an aspiration, but a practice.
What Europe has learned the hard way is that the billions invested and the policies adopted do not necessarily change behavior. Institutional willpower is not enough when habits have been ingrained for 20 years.
That’s where it comes in handy for us.
What some organizations have actually done
Some French cities have decided to take action. They have phased out Microsoft tools and replaced them with open-source alternatives: NextCloud for storage and collaboration, Mattermost for internal messaging, and LibreOffice for office productivity. These are actual, documented migrations—not pilot projects.
This is no small matter. These are major decisions, backed by dedicated resources and clear political will. And they have worked—in the sense that they were carried through to the end.
But here’s what these organizations have also learned along the way:
Open-source alternatives require technical expertise to function properly. NextCloud doesn’t set itself up automatically. Mattermost needs a skilled administrator to remain stable. LibreOffice creates friction with partners who stick with Microsoft Office, which is still used by the vast majority of organizations.
It takes a strong motivation to break free from the major platforms. It’s not impossible. But it doesn’t come for free—neither in terms of money nor organizational effort.
Why this matters to us, Quebec’s small and medium-sized businesses
We don’t have the budgets of French cities. We don’t have the IT teams of large European organizations. And we don’t have 15 years to devote to a transformation project.
But we can draw some concrete lessons from their experience.
The first lesson is that digital sovereignty isn’t a matter of will. Europeans have had plenty of that. What has made progress is the approach. What has held things up is the lack of a clear roadmap.
The second lesson is that starting with “which tool am I replacing” is the wrong place to begin. The organizations that do best start differently. They first ask a more fundamental question: What do I have, and what am I protecting?
The real question to ask
Before discussing alternatives to Microsoft or AWS, we need to answer a few simple questions:
What data is critical to my organization? Who has access to it? Where exactly is it stored? Which provider hosts it, under what contract, and what are the cancellation terms?
Most of the small business owners I meet haven’t answered these questions. Not because they don’t care, but because they’ve never had the chance to stop and ask them systematically.
This isn't a criticism. It's an observation. And it's the most useful starting point.
Once we know what we have, we can decide what to protect first. Some data requires immediate attention. Other data can remain in the current environment without significant risk. And certain tools can be phased out gradually, following a realistic two- to three-year plan, without promising a complete migration within six months.
Key Takeaways from the European Journey
Europe has taught us an important lesson: good intentions aren’t enough. What makes a difference is the approach.
We don’t have to repeat their mistakes. We don’t have to devote 15 years and billions of dollars to a project that misses the mark. But we have everything to gain by learning from their experience—taking what works and avoiding what doesn’t.
For an SME, this translates into a pragmatic approach:
First, an honest assessment of what we have. What tools, what data, what vendors, what dependencies. Not to change everything overnight, but to get a clear picture.
Next, prioritize sensitive information. Customer data, financial information, and strategic communications. These are the first things to protect, before even considering the tools.
Finally, a realistic plan. Not a promise, but a plan. With milestones, resources, and expectations that reflect the organization’s reality.
It's not spectacular. But it works.
Digital sovereignty isn't just for large organizations
This may be the most important lesson from the European experience. Even the most ambitious projects, led by governments with considerable resources, have run into the same obstacles as any small or medium-sized business: inertia, friction, and the complexity of change.
What sets organizations that make progress apart is that they don’t start out with the goal of replacing everything. They start out with the goal of understanding what they have. And they proceed in the right order.
This is an approach that’s accessible to small and medium-sized businesses. It doesn’t require a large infrastructure budget or a dedicated IT team. All it takes is a plan and the decision to get started.
To receive the weekly analysis on AI and digital transformation for SME leaders, sign up for L’Architecte.
Sources: Euractiv FR, European Commission and sovereign cloud criteria, March 2026. Comptoir Open Source, Digital Sovereignty: A Strategic Challenge for Europe, March 2026. Cigref, Study on Cloud and Business Software Spending in Europe, 2025.
