Catch the Replay: Paul Timmers on European Strategic Autonomy in the Digital Age

Paul Timmers Special Guest Lecture "European Strategic Autonomy in the Digital Age" University of Miami Institute for Data Science and Computing, Friday October 21, 2022, 12:00-1:00 PM ET via Zoom

Catch the Replay: Paul Timmers on European Strategic Autonomy…

IDSC was pleased to host Oxford Internet Institute’s Dr. Paul Timmers for a special guest lecture on Friday, October 21, 2022, via Zoom. Delving into the background of the current European situation, in his talk “European Strategic Autonomy in the Digital Age,” Dr. Timmers began with how sovereignty has become a top concern. If you missed the talk watch the video . . .



Sovereignty has Become a Top Concern

Back around 2017, a debate began in Europe over increasing concerns around the terms “sovereignty” and “strategic autonomy”  because of the mix of three forces. The ‘sharp edge’ of that Dr. Timmers stated comes in when we talk about digital technologies, about chips, about content technologies, about cloud, etc.

  • Rising international tensions including, at that time increasing tensions between the US and Europe and China, between Europe and Russia, and the transatlantic (which has reduced now). International tensions have not gone away because now Europe is at war. Dr. Timmers had a PhD student, he said, whose parents had to flee Ukraine. The war is directly affecting people where Dr. Timmers lives, very nearby, in The Netherlands. People have to save on energy, rush into getting enough storage of liquid gas and that kind of thing, and awaiting how it will be when the weather gets colder. And who knows what is going to happen, Dr. Timmers observed, a thousand kilometers to the east where Putin is threatening, including with nuclear weapons.
  • Digital transformation and dominance is something that is radically changing ways of living, and the ways governments are operating, the ways Democracy is exerted. Dominance is an issue in Europe where a lot of the technologies are coming from the US or China, and the big tech companies are not European companies, they are companies from other parts of the world.
  • Global threats War (already mentioned), cyber crime (ignoring borders between countries), climate change (same story), and the approach of Covid/the pandemic.

Altogether, Dr. Timmers related, governments felt they were losing control, losing their grip on sovereignty. Sovereignty, Dr. Timmers explained, is a word that does not have a positive connotation because it can be associated to all kinds of things over state control, etc., but, he said, he will explain how we are looking at it here for this lecture. Now, we are seeing a ”sovereignty gap” where the capability of states is eroding, actors are not playing by the rules (Russian, Iran, North Korea), new entrants/groups are using cyber technologies to upset the international system of states, and new global tech platforms are taking over tasks that previously belonged to governments in the sovereign domain (for example, the identification of citizens).

Origins of Sovereignty

Going back to the origin of the term sovereignty in the 17th Century, Dr. Timmers touched on The Treaties of Westphalia (1648), which brought peace and established the system of sovereign states (map from He also touched on the subsequent work of the philosophers Bodin (started to define sovereignty is about and that they can be a “sovereign”, which later got identified with the “sovereign state”), Hobbes (the social contract: the relationship between the state and the citizens), and Rousseau (who brought in popular democracy). To the democratic part of the world, Dr. Timmers that is what democracy is all about, there is a democratic relationship between the citizens and the state. image "Europe in 1648 After the Treaties of Westphalia"

The European Union

Switching to a present-day map [Nations Online Project (2022), EURID (2021), EC (2022)], Dr. Timmers spoke on the evolution of today’s European Union (27 member states) and how its member states collaborate based on law/treaties. These treaties give a basis for economic, consumer and citizen interest, and international collaboration and trade. This Union affords joint benefits of a collective identity, for example, in the jointly managed url suffix “.eu”. This is in addition to the country’s domain name (such as .us), and affords collaboration with organizations like ICANN (Internet Corporation for Assigned Names and Numbers) and have a voice there. The .eu goes beyond national sovereignty, which remains intact.  Another joint benefit is something like the EU Covid pass, Dr. Timmers offered, now recognized worldwide.

European Union Map from

Strategic Autonomy

Next, in looking at defining the highly contested and always evolving term of “sovereignty”, Dr. Timmers considered power, authority, and recognition, breaking it down into internal legitimacy (the two-way agreement between citizens and their government) and external legitimacy (recognition by third parties—not a given, for example how Russia does not recognize Ukraine). As to what is included in sovereignty, what “belongs to us”, Dr. Timmers lists: territory, natural and digital resources, people, values, and culture. Digital resources would include health or genetic data. To realize sovereignty, Dr. Timmers explained, you need strategic autonomy. It’s a term that comes from the military domain, meaning you have the capabilities, capacities, and control to realize your sovereignty. If you have strategic autonomy, you have the ability to defend your territory, guard your digital and natural resources, and to safeguard your legitimacy, etc..

Strategies for Strategic Autonomy

Dr. Timmers breaks down how to realize strategic autonomy into 4 ways:

  • Autarky | Do it all on your own—try to be self sufficient (very hard). This might work for large countries like the U.S. and China, but it does not work for Europe, it’s too divided, too small.
  • Risk Management | Do the best to defend your sovereignty, to have strategic autonomy and be strong whether its in health, digital, defense, finance, or materials, and hope for the best, but this is risky to national security and economic security.
  • Strategic Partnerships | Work together with other like-minded parties.
  • Global Collaboration | Moving threats to the global level. Dr. Timmers provided an example where a number of scientists and enlightened politicians gathered and developed the international agreement “The Montreal Protocol” (1987), that banned CFCs addressing the hole in the ozone. This hole threatened every country, so the ban on CFCs benefitted everyone, although, he shared, it’s only now, 30 years later, that we are starting to see the hole closing. This is a way to work together, globally, and help everyone in their sovereignty where no one is threatened, but the joint threat is, ultimately, countered. But you have to be patient, he observes, global common approaches take a long time.

Strategic Autonomy Fallacies

    • “Don’t go for protectionism.” | Some people see strategic autonomy as a way to be protectionist. Sensible politicians, Dr. Timmers observed, don’t talk about protectionism in this area. Protectionism is usually used in a somewhat manipulative sense for debate, but people are more realistic, it is not a desired strategy to realize your strategic autonomy.
    • “We can have it all.” | Digital, financial, health, materials, etc., having it all is not realistic, will take too much money to realize these capacities.
    • “Let’s take back control.” slogan | As in Brexit, for example. Shot down eloquently by Martin Wolf of the Financial Times who said you can’t take back control on something you never had. For example, there is some talk in Europe to take back control on the basic cloud. “Europe was never strong on basic cloud,” Timmers said. “It’s not a matter of taking back control, it’s, rather, a matter of looking at the future of cloud services and trying to be a player in future cloud services.”

Strategic Autonomy Risks

    • When you have a hammer . . . everything looks like a nail. Everything can be labeled with “strategic autonomy.” You can go overboard. How do you demarcate? How do you limit the debate? If you want to protect yourselves against the pandemic, do you need to have vaccine strategic autonomy, or would you say that’s actually resilience issue—a rather important one—to protect yourself  actually a resilience issue.
    • Limited governmental capability and capacity Government plays an important role, but strategic autonomy is complex.
    • The EU has limited legal mandate and hard power | If the EU wants to do something regarding national security, legally, they need all the member states to come along.
    • Beijing effect | What is the influence coming from China in setting rules and norms across the world that might threaten strategic autonomy in the US and in Europe?

EU Digital Sovereignty—A Dilemma of Choice

What are the priorities you should address? There is so much that you can consider as being pretty important for your sovereignty, that’s important to safeguard your economy, the jobs of the future, to safeguard your society, to make sure that your democracy is not threatened. There is a lot that you need to keep in your hands, and so there is a dilemma of choice. How do you prioritize, for example, the platforms over the basic technologies?

Paul Timmers, Dilemma of Choice

And a Dilemma of Digital Dependency | Digital Dependency Index

Europe is very dependent on technologies coming from outside. With these charts, Dr. Timmers illustrated on how various countries have reduced their digital dependency, and what their strategic autonomy gap is compared with the U.S.  (SOURCE: Maximilian Mayer and Yen-Chi Lu (2022) Digital Autonomy? Measuring the Global Digital Dependence Structure. Bonn. Center for Advanced Security, Strategic and Integration Studies.)

Figure 7, Change of DDI Value (Equally Weighted) between 2010 and 2019 (in percentage points), Maximilian & Yen-Chi, Konrad Audenauer Stiftung (2022) Figure 8. Change of autonomy gap vis a vis USA between 2010 and 2019 (in percentage points) Maximilian & Yen-Chi, Konrad Audenauer Stiftung (2022)

Strategic Autonomy and EU Digital Policies (timeline)

Around 2017, the strategic autonomy debate came up because of geopolitical threats, digital transformation, and global threats. In the past, there was very little attention on strategic autonomy, it wasn’t even in the European vocabulary. What did appear was “resilience,” a necessary but not sufficient condition for sovereignty, which also requires having things under your own control. Back around 2013, Dr. Timmers worked on a critical infrastructures cyber law (called the “NIS1“, the Network and Information Security Law, in Europe). He was focused on making sure that critical infrastructures like water, transport, and electricity would not be going down because of cyber attacks—a risk management approach. Later, debates came up on strategic autonomy, and on 5G security (2019), which was: Can you still buy Huawei equipment? That was more about the threat to governments from equipment that contained Chinese hardware and software, which brings in the risk of espionage, and starts to get very close to national security, so, too, full sovereignty.

By 2020, new initiatives on cloud and cyber security became much more sovereignty-oriented. In the last year or two, proposals have come up around platforms, such as the Digital Markets Act (regulating access), around social media (Digital Services Act). Digital Wallet law and the digital identity wallet (in which you have your Covid Pass, driver’s license, professional certification, etc.) combined to get a better grip on who your citizens are and what their rights are, something governments need to be more involved. Most recently, other laws that have arisen include the EU Chips Act, the EU Defense Fund, and the EU Data Act. Investment, collaboration standards, regulations, that are either already decided or are in the process of political negotiation. Very recently a Cyber Resilience Act was put in place—essentially ICT supply chain security. A topic that got a lot of attention, was the SolarWinds hack. In addition, Europe and the United States have Critical Dependencies on other countries, in particular China, for certain critical materials—rare earth—and reducing that dependency, he said, is going to be the subject of a future initiative that will come soon. The general trend, Dr. Timmers surmised, is from just resilience to full sovereignty. This debate on strategic autonomy, he predicted, is not going away for the next ten years because of the importance of external threats and geopolitics.

Semiconductors Value Chain

The EU Chips Act is a main example of a strategic autonomy initiative. It’s more about creating a basis for your sovereignty than about semiconductors. There’s the EU Chips Act, a U.S. Chips and Science Act—all of the major economies are paying significant attention to semiconductors. Semiconductors is a complex industry. The value chain includes what attracts the most attention—the semiconductor manufacturing (the “fabs”). They are thriving on chip design that needs sophisticated design tools and intellectual property. Complex materials are combined to ultimately produce the silicone wafers. The resulting chips go to OEMS like Apple (who are putting it in an iphone), or to car manufacturers—everyone knows cars contain many, many chips; even your coffeemaker contains more than 10 chips.


Paul Timmers' Semiconductors Value Chain illustration

Complex Interactions to Produce Wireless Video Chips

There are a wide variety of activities and complex interactions between the companies producing semiconductors—for example ASML, is a big semiconductor producer in Europe, the foundries—which are the fabs like TSMC in Taiwan, the fabless manufacturers that ordering the chips—like NVidia, Broadcom, and Qualcomm. that are ultimately also then producing the end products, and all others that play a role here. What’s striking is this cooperation between very different types of companies. It’s an industry that’s very much used to relationships and cooperations. And this is happening globally.

Paul Timmers-Complex Interactions to Produce Wireless Video Chips


Global Interdependencies

Over the years, the semiconductor industry has become a global industry for all sorts of reasons that turned out to be the best way to distribute these various functions and not based on geography.  Geography, territory, sovereignty, and strategic autonomy all belong together so the industry has gone in a different direction toward geopolitics, sovereignty, and strategic autonomy because it distributes all across the world. Below is just a small example of the set of components for and iPhone Pro Board (not complete) that are coming from all over the world. These global dependencies have been upset recently, which has led to a supply chain crisis.

Paul TImmers- Global Interdependencies in Semiconductor production


European Presence in Supply Chain

Europe is worried because it realizes that over the years, like the United States, its share in semiconductor manufacturing, in particular, has been reducing. The US went from 30% to 10%. Europe went from about 25% to only 7%. Europe is also not much present in Chip Design (8%), certainly not in the Design Tools and IP (2%), which are largely coming from the US, a bit more in Material and Silicon Wafers (14%), and relatively well present in Manufacturing Equipment (21%) (in the news re ASML in the Netherlands). So, Europe’s position is not only not so strong, but has been getting weaker in fabs manufacturing over the years. This is creating a real challenge for the future of the economy and society in Europe as semiconductors are needed for any economic activity and you need to have some grip on it. This got more worrisome with the supply chain crisis and the chip supply crisis that hit last year. Car manufacturing even had to be stopped in some cases.

Paul Timmers-European Presence in Supply Chain

Issues in Semiconductors

  • The US, EU, and Japan have a shrinking share of semiconductor manufacturing, especially in fabs. Manufacturing has been concentrated, largely,  in Egypt, Taiwan, and South Korea.
  • The chips supply chain crisis came on the heels of the pandemic’s vaccine-production crisis. It showed if you have a very large dependency and something goes wrong, you can get into big trouble. Today, in Europe, we have an energy supply chain crisis because Putin is cutting off the supply of the gas, and we are trying to restore at least a degree of strategic autonomy in energy.
  • There are geographic international dependencies in the industrial ecosystem between companies of various natures—some of the relationships are more friendly than others.
  • The industry is very sensitive to capital, skills, and talent. TSMC is now investing in the US and their main worry is the supply of talent.
  • A lot of new advanced technological developments are coming up. You need to stay at the forefront of these developments if you want to have strategic autonomy.
  • Regarding sustainability, this is not a clean industry. It uses a lot of energy, a lot of water, a lot of space, and there is a lot of risk for pollution, so the planet also needs to be taken care of when we talk about semiconductors.

The EU Chips Act

The European Commission (the law proposer in Europe) proposed an EU Chips Act (similar to the US Chips Act) to confront the semiconductor shortages so the supply crisis and to strengthen Europe’s technological leadership. This happened in February 2002 [SOURCE: “Digital sovereignty: Commission proposes Chips Act to confront seminconductor shortages and strengthen Europe’s technological leadership” | Brussels, 8 February 2022.

The Chips Act has three pillars:

  1. Chips for Europe research and development, which is about research and development, and pilots. The front end of it
  2. The Security of Supply Fabs. The middle part, the production
  3. A Monitoring and Crisis Response mechanism, to deal with shortages

Pilar 1. Chips for Europe Initiative

    • There is substantial investment in research and development, for example, in quantum technologies for chips, photonics, less than 2 nanometers, design software . . .
    • Production pilot lines where you try out the next generation of production before it goes into the fab
    • Virtual design platforms where people can work together and share design tooling and work together on designs
    • The is a large collaboration that involves 28 countries, including, for example, Israel. There are 25 European countries + 3 others that collaborate on these kind of issues.

Pillar 2. Security of Supply (the bigger financial/fab part)

    • Investments of $30 Billion dollars, leveraging further private investment with an estimated total of $160B that might come out but that’s not guaranteed because you never know if this leveraging actually works.
    • Investment in fabs
      • Investments are in Integrated Production Facilities (Intel, for example, produces for itself from beginning to end. Intel is the largest investor in Europe. They have promised to invest $68 billion over the next 10 years in European fabs.)
      • Open EU Foundries (can work for others)
    • State Aid making it easier to get money from States.
    • There has to be a first-of-its-kind criterion. Meaning that, for example, you can get money under this scheme, or favorable investment conditions only under the following conditions:

Paul Timmers First of a Kind

To qualify: Innovation in substrate material, higher efficiency (so low energy consumption), increased performance, less load on the environment, or substantial integration in packaging.

Pilar 3. Monitoring and Crisis Response

    • Mapping the supply chains:
    • Toolbox to deal with chips supply crises
      • Monitoring, Reporting, Intervention You need to monitor what is happening, understand your supply chain, and intervene.
    • Supply obligations in crisis situations (Pillar 2 companies, the fabs, can be asked to produce specific chips in crisis situations.)

EU Chips Act — USA CHIPS (& Science) Act

Comparing—very briefly and superficially—what is happening in the US and the EU, in the EU the budget is $43 Billion plus leverage (may be four times as much with state aid support and private support).  In the EU, you see a network of competence centres that address the skill shortage. You see research and development in topics like quantum, less than 2 nanometers (<2nm) chips, and low-power chips. And, special for Europe, there is a risk capital fund to help smaller companies scale up. In the US—again, a very superficial comparison—the budget appears to be larger, there is $53 Billion plus tax credits. But, effectively, to how much it works out, it might be comparable. The subtlety is in the types of investments and the leverage that is happening; the way you can create a multiplication factor out of the state, the national, or the European investment.  There are also regional tech hubs that address skills, research and development—probably similar topics but differently formulated—more around wireless, AI, and next-generation computing. And special to the US is that the US has introduced ‘guardrails’ around China. Companies that are getting support have to accept restrictions in their dealings with China. This is not something you have in Europe. This is really geopolitics, where countries in the EU and US want to work together in this area (there is a trans-Atlantic agreement in that), they may still get into diplomatic discussions regarding China.

This is a strategic partnership collaboration/initiative that increases capabilities, capacities, and control, but . . . the total investment needs for the EU and probably for the U,S likewise—in order to get back to the levels of presence and production levels of the past—are much larger, maybe around $300 Billion, a lot more than the amounts previously discussed.  There may be subsidy raises. Are the US or EU offering more? Will companies choose either the EU or US, or perhaps Japan, or South Korea or Taiwan, who are also offering a lot? Is this an efficient way of working, or are we destroying specialization, which is one of the landmarks of this being such a fantastic industry? If everyone wants to do their own thing, are we going to have a lot of duplication? And, in all realism, there will be remaining chokepoints. There will be dependencies that are outside the EU and the US, on materials, for example.  What are we going to do about those? They can be geopoliticized, they can become securitized, they can get militarized, they can become a geopolitical tool. And we will have to sort that out.

Countries, Companies, Citizens Must Respond to Geopolitics of Strategic Autonomy

If you look at the geopolitics of strategic autonomy, it has to be taken seriously. It concerns countries and the way they make their rules but also they way to do their own governments, the way they organize their democracy, which can be undermined. And, of course, they are international actors.

Companies are very much affected, evermore by geopolitics whether they want it or not. They are feeling it as a company in itself but also as a partner in the industrial ecosystem. They may get rules imposed but they can also get very attaractive incentives that pull them in one direction or the other, but, perhaps, with strings attached—like the guardrails on China. Some companies are  really geopolitical actors, they are so large in this, when I talk, for example, about the digital platforms.

Then, ultimately, citizens, because this is really citizens in their own autonomy through which they express the legitimacy of Democracy, their own control on data and their identity, their digital selves that they will have—already now but even more so in the Metaverse, for example.

The Sovereignty Challenge is Here to Stay

Whether we like the word or not, it’s here to stay. It’s a lot about national security, economic security, safeguarding democracy. It is about our freedom, now, here, towards our future.  Hear the full lecture on YouTube