Europe’s tech sovereignty alarm: Finland warns the continent may never escape US software and China hardware

Finland’s Security and Intelligence Service chief Juha Martelius warned in an interview with POLITICO that Europe may never achieve full technological independence. Martelius argued that Europe is structurally dependent on software originating in the United States and hardware supplied by China. He framed this as a security and sovereignty problem, suggesting the risk of infiltration grows when critical systems rely on foreign stacks. The warning lands alongside EU moves aimed at tightening digital governance, including bans on “nudification” apps that can generate non-consensual sexual content. Separately, EU and US lawmakers are also pushing restrictions around online harms, from “cookie fatigue” mitigation to proposed bans on digital gambling ads targeting minors. Strategically, the Martelius warning highlights a persistent dilemma for European policymakers: achieving cyber resilience and sovereignty while still depending on global supply chains for software and semiconductors. The power dynamic is asymmetric because US firms dominate much of the software layer, while China remains deeply embedded in hardware manufacturing and components. Finland’s posture signals that intelligence services are treating technology dependence as an ongoing threat vector rather than a one-off procurement issue. The EU’s regulatory direction on AI-generated sexual abuse and attention-design practices (“cookie fatigue”) suggests Brussels is trying to reduce both harm and the leverage that large platforms can exert over users. In this context, the beneficiaries are likely European compliance and security ecosystems, while the losers are vendors whose products sit at the center of cross-border digital infrastructure without transparency or enforceable controls. Market and economic implications are most visible in cybersecurity, compliance tooling, and the broader “sovereign tech” supply chain. If European governments accelerate efforts to diversify away from US software and China hardware, demand could rise for domestic or allied alternatives in cloud, endpoint security, identity, and secure-by-design development. The EU’s ban on “nudification” apps also points to higher compliance costs for AI developers and app distributors, potentially affecting AI content platforms and ad-tech workflows. On the US side, bipartisan legislation to ban digital gambling ads targeting under-18s could reshape ad targeting and measurement practices in digital marketing, with knock-on effects for ad-tech and gaming-related advertising budgets. While the articles do not provide explicit price figures, the direction is toward higher regulatory and security spend, and potentially higher capex/opex for firms operating in Europe. What to watch next is whether Finland and other European intelligence or security agencies translate Martelius’s warning into concrete procurement rules, risk scoring, or mandatory security attestations for foreign technology. Key indicators include new guidance on software bill of materials (SBOM) requirements, stricter vendor risk assessments, and any EU-level initiatives that tie market access to transparency for AI and platform behavior. For the EU’s “nudification” ban, watch for enforcement timelines, definitions of prohibited functionality, and whether regulators target model providers, app developers, or distribution channels. For the “cookie fatigue” plan and the proposed US gambling-ad restrictions, monitor implementation details that could affect consent management vendors and ad-tech targeting systems. Escalation would look like coordinated restrictions on specific categories of foreign tech in critical sectors; de-escalation would be visible only if credible certification regimes reduce perceived infiltration risk without broad bans.

Geopolitical Implications

• 01

  Europe is treating technology dependence as an intelligence and security issue, not just an industrial policy challenge.

• 02

  US software dominance and China hardware integration create leverage points and persistent cyber-infiltration concerns.

• 03

  EU AI governance is moving toward outcome-based and distribution-based restrictions on harmful tools.

• 04

  Cross-Atlantic online-harm regulation may converge even as sovereignty debates intensify.

Key Signals

• —SBOM and vendor certification requirements becoming mandatory in critical sectors.
• —Enforcement timelines and liability targets for the EU “nudification” ban.
• —Implementation details for “cookie fatigue” rules affecting consent-management vendors.
• —US legislative progress on banning under-18 digital gambling ads and its enforcement framework.