Digital Sovereignty and Taking Back Control: From Regulatory Capitalism to Regulatory Mercantilism in EU Cybersecurity

Benjamin Farrand, Helena Farrand Carrapico*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

26 Citations (Scopus)
16 Downloads (Pure)


In recent years we have been able to observe the emergence and mainstreaming of a EU discourse on digital sovereignty, which highlights the importance of gaining back control of EU digital infrastructure and technological production, based on the EU’s perceived loss of economic competitiveness, limited capacity to innovate, high degree of dependence on foreign digital infrastructures and service providers, and, related to all these factors, difficulty in providing EU citizens with a high level of cybersecurity. Bearing in mind that a considerable percentage of these infrastructures and service providers are under private sector control, the present article asks how this sovereignty discourse conceptualises the role of the private sector in EU cybersecurity. Drawing from a Regulatory Capitalism theoretical model, this article proposes that the EU has instead entered a Regulatory Mercantilist phase where it seeks to reassert its control over cyberspace, impose digital borders, accumulate data wealth and reduce its dependence on external private sector actors whose values may not reflect those of the EU order. A new approach to cybersecurity is emerging, in which the non-EU private sector can be perceived as much of a threat as foreign powers, and from whom digital sovereignty must be secured.
Original languageEnglish
Pages (from-to)435-453
Number of pages19
JournalEuropean Security
Issue number3
Early online date9 Sept 2022
Publication statusPublished - 2022


Dive into the research topics of 'Digital Sovereignty and Taking Back Control: From Regulatory Capitalism to Regulatory Mercantilism in EU Cybersecurity'. Together they form a unique fingerprint.

Cite this