By Kai Steuernagel (Deutsche Telekom) and Vladimir Braquet (Orange), Sylva Developer Day, Amsterdam, March 27, 2026
Sovereignty is one of the most talked-about concepts in European tech today. It appears in policy documents, keynote slides, and strategy decks across the continent. But what does it actually mean for the people building and operating telco cloud infrastructure? And more importantly, what does it take to get there?
At Sylva Developer Day in Amsterdam, closing out an energizing KubeCon + CloudNativeCon Europe 2026 week, we took the stage to tackle this question head-on. Our message was simple but deliberate: sovereignty is more than trusted hosting. It’s a multidimensional challenge, and open source, specifically Sylva, is one of the most powerful levers we have to address it.
Defining sovereignty, for real
Digital sovereignty in Europe is about the ability of European states, institutions, and citizens to control their own digital infrastructure, cloud services, data, and networks, independently of external powers, in line with European laws and values.
That definition sounds clear enough even when focussing on European Sovereignty. Actually this doesn’t end at the border of the European Union but can be seen similarly for other regions and countries of the world.
When you start breaking the statement further down, you realize it spans at least three major dimensions:
- There’s a governance and legal dimension: organizational EU legal entities, physical location of infrastructure and data processing, compliance with EU laws and regulations.
- There’s a technical dimension: data access, protection, and management, interoperability, and portability.
- And there’s an operational dimension: supply chain independence for both hardware and software, having the right people in key operational roles, and proper role-based authorization.
While Sylva can not directly influence the governance and legal dimensions, the other two are clearly touched by Sylva. .
The nuanced reality
During our session, we explored the relationship between sovereignty and concepts that are often conflated with it. Is sovereignty about security? Yes and no, it doesn’t define specific security measures, but it demands that security prevents access or influence from outside the territory. Is it about data privacy? Again, yes and no, it doesn’t define data protection classes, but it requires that all data stays within territorial boundaries. Is it about critical infrastructure? Same nuance, it doesn’t define what counts as critical infrastructure, but it requires protection against external influence.
These distinctions matter. They reveal that sovereignty isn’t a checkbox you tick with a single certification or hosting decision. It’s a posture, an architecture, and a set of capabilities that need to be built and maintained over time.
The hard questions
We also didn’t shy away from the difficult cases. Even if your data is hosted in your own country, is it immune to extraterritorial requests? Cloud certifications don’t always answer that question. Even if a solution is deployed locally without legal control of the provider, what happens if software upgrades stop being provided? The recent history of licensing shifts at companies like HashiCorp, Bitnami, and VMware has shown that dependency on a single vendor’s business model can become an existential risk overnight.
And the challenges go deeper. Can your organization cope if a third party stops fixing security vulnerabilities or providing updates? What if a SaaS platform you depend on, like GitLab or GitHub, restricts access? Can you run your AI and observability stack without access to specific chipsets?
These are not theoretical scenarios. They are risks that European telcos face today. And they are precisely why sovereignty must be built into the architecture, not bolted on after the fact.
The hardest frontier: hardware and software independence
Two areas stand out as particularly challenging. On the hardware side, sovereignty extends beyond servers, switches, and routers to the chipsets themselves. Even European hardware vendors largely build on x86 architectures delivered by Intel and AMD. That’s why Sylva is working to validate ARM architecture support, expanding the range of options and reducing dependence on any single chipset ecosystem.
On the software side, open source helps enormously, but control and understanding of the source code is key. Take Kubernetes as an example: the top ten contributors are all US-based companies (though three do operate out of Europe). Open source makes the code available, auditable, forkable, and fixable. But it doesn’t make it free in the sense of effort, understanding the code requires skills, and contributing actively is what earns credibility and influence over the roadmap.
How open source helps, and how Sylva goes further
Open source provides the foundation for sovereignty because it gives organizations the theoretical ability to fork, extend, fix, and audit the code they depend on. No single entity owns it, and no single entity can pull the rug out from under you. But perhaps its greatest power is that it enables easy cooperation between companies. No single company can realistically develop and sustain a full telco cloud solution alone over the long term. Open source provides a legal and operational framework to pool resources and strengths across organizations.
Sylva takes this further in several concrete ways. At its core, Sylva is built on open-source projects like FluxCD and ClusterAPI, and several Sylva contributors are active members of those upstream communities. The stack is designed so that CAPI providers, operating systems, and Kubernetes distributions can be swapped; there is no vendor lock-in by design. Sylva itself lives under Linux Foundation Europe governance, with multiple companies sponsoring and contributing. That neutral governance model eliminates the risk of a single company changing its policy and pulling the ecosystem in an unwanted direction.
The bottom line: contributing to Sylva means gaining more control over your dependencies. That’s sovereignty in practice.
Eyes wide open: the risks we’re managing
We believe in being transparent with our community, so we also shared the ongoing risks Sylva is navigating. We need more core contributors, the project is growing, and the codebase needs more hands and more expertise. Our testing infrastructure is evolving as the Equinix open-source program winds down, and we’re actively migrating our CI pipeline to a multi-cloud setup including Leaseweb in particular. And we’re mindful of our own dependency on GitLab, we’re verifying that our assets are properly backed up and identifying alternatives should migration become necessary.
These aren’t weaknesses, they’re the honest realities of building critical open-source infrastructure. And by naming them openly, we invite the community to help solve them.
Sovereignty is a team sport
If there’s one takeaway from our session, it’s this: sovereignty is not something you buy off the shelf. It’s something you build together, by investing in open-source communities, contributing code and expertise, and designing architectures that give you real options when the unexpected happens.
Sylva is that architecture. And this community, growing, diverse, and increasingly global, is what makes it resilient.
We left the stage in Amsterdam energized. The conversations that followed, in the hallways, over coffee, and into the evening, confirmed what we already felt: the Sylva community understands what’s at stake, and it’s ready to build the sovereign, open, and resilient telco cloud that Europe needs.
Get involved, because in open source, every contribution counts.
