The Law of 7 October 2016 for a Digital Republic had sketched out digital sovereignty, proposing a dedicated Commissariat - a project that was abandoned.

Nearly ten years on, the subject remains as topical as ever. Donald Trump's return to the White House has rekindled concerns about access by US authorities to data processed by cloud giants. On the Chinese side, the 2017 Intelligence Act is raising similar concerns. The Irish Data Protection Authority recently sanctioned TikTok, notably because of the accessibility of European data by staff based in China.

In this context, IT architecture is not just a technical issue, but also a legal one. A number of risks need to be anticipated:

• The protection of personal data, with the risk of the European authorities banning certain transfers. A Schrems III is possible.
• International sanctions and export controls, which may block data flows to certain countries or entities.
• Access to data by foreign authorities, outside of mutual legal assistance mechanisms.
• Extraterritorial application of foreign laws, particularly in the fight against corruption.

The EU is aware of these issues and is preparing to publish its international digital strategy. A draft document revealed by Politico admits that complete technological decoupling is not realistic. Cooperation will continue to be necessary. To strengthen its sovereignty, the EU is therefore banking on European technological solutions and the diversification of its partnerships. Examples include a digital trade agreement with Singapore and a letter of intent signed with Japan on quantum technologies.

In this changing environment, IT Departments need to anticipate geopolitical and regulatory hazards, such as the interruption of data flows, increased customs duties and export restrictions.

A key legal tool: the hardship clause. It allows a contract to be renegotiated in the event of an unforeseeable change. If renegotiation fails, the parties can agree on a way out or take the matter to court.

For long-term IT contracts, a well-drafted hardship clause is a lever for risk management. It should specify the triggering events, the notification procedure, the renegotiation process and the adaptation or exit mechanisms.