Breaking Free from Big Tech in 2026

74% of publicly listed European companies depend on US-based technology services. That number comes from Proton's 2025 Europe Tech Watch research, and it tracks across nearly every sector, from banking and pharmaceuticals to utilities and manufacturing. In some countries, the dependency is even higher. Sweden sits at 91%. Norway at over 93%. Ireland at 93%. These aren't fringe statistics. They describe the infrastructure that European businesses run on every day.

The dependency goes far beyond any single software category. Cloud infrastructure, productivity tools, communication platforms, identity systems, AI services, collaboration suites. From the operating systems on government laptops to the AI tools processing business documents, European organizations depend on a handful of American companies for nearly every layer of their digital stack. And this isn't just a European story. It's a global structural pattern. Europe simply has the strongest data to measure it and the sharpest policy response to address it.

When that software is a subscription service hosted on infrastructure outside your jurisdiction, governed by laws you didn't write, the question of who controls your data is not theoretical. It's operational. The US CLOUD Act gives American authorities the ability to compel US-based companies to hand over data stored anywhere in the world. And in the AI era, the concern goes further. Business data doesn't just sit in storage anymore. It becomes context for AI inference, training signal for models, and input to systems your organization didn't build and doesn't control.

The question isn't whether Europe should have alternatives. It's why, after 20 years of trying, it still doesn't.

Two Decades of Playing Catch-Up

Open source has been Europe's primary strategy for digital independence, and the effort deserves genuine recognition. Linux powers the majority of the world's servers. LibreOffice has over 400 million downloads. CryptPad, built in France with EU research funding, provides end-to-end encrypted collaboration that no commercial suite matches. Matrix, an open communication protocol, powers secure messaging for the German Bundeswehr and over 600,000 French government officials. The technology works. The community proved that.

Governments have acted on this. The German state of Schleswig-Holstein committed to migrating 30,000 workstations to LibreOffice. France's Ministry of National Education barred Microsoft 365 and Google Workspace for student data in 2022. France's Suite Numerique now serves over 500,000 civil servants across 15 ministries. The European Commission's IT strategy explicitly favors open source where viable.

And yet, after two decades of sustained effort, the dependency hasn't meaningfully declined. Linux on the desktop still sits at roughly 4% global market share after 30 years. The Open Document Format has been an ISO standard since the mid-2000s, and the overwhelming majority of organizations still run on Microsoft formats. The pattern repeats across categories. The technology exists. The adoption doesn't.

This isn't a failure of engineering. Open source produced remarkable software. But it's a structural mismatch. You can't fight a $3T ecosystem with software where everyone, including the competitor, can look underneath. Open source built the proof of concept. But displacing entrenched monopolies requires something different from proving the technology works.

The Transparency Paradox

Open source's greatest strength is transparency. Anyone can audit the code, find bugs, and verify security claims. That matters. It has produced some of the most reliable software in history. But transparency cuts both ways, and the risks are compounding.

When everyone can see the code, that includes adversaries. In March 2026 alone, a North Korean state actor compromised the Axios npm package (nearly 100 million weekly downloads), and the threat group TeamPCP hijacked LiteLLM on PyPI (3.4 million daily downloads) after first backdooring Trivy, a widely trusted open source security scanner. Months earlier, attackers broke into npm packages like chalk and debug, affecting packages with over 2 billion combined weekly downloads. Supply chain attacks through open source ecosystems more than doubled in 2025, with global losses reaching $60 billion. These aren't hypothetical risks. They're weekly headlines.

The AI era makes this worse. Open source code is scraped wholesale to train large language models. The companies that benefit most from this are the same Big Tech firms that open source was supposed to compete with. They take the community's work, feed it into proprietary systems, and sell the output back as commercial products. The code is open. The profit is not.

None of this means open source is broken. It means transparency alone is not a competitive moat. Open source catches bugs faster than closed alternatives. It enables auditing that proprietary software can't match. But when your strategy for digital independence relies entirely on software where every line of code, every vulnerability, and every architectural decision is visible to the very companies you're trying to replace, the structural disadvantage compounds over time.

Big Tech Takes, It Doesn't Give Back

There's a pattern that has played out for over a decade. Big Tech takes from open source and builds proprietary moats on top. Google built Chrome on the open source Chromium project, then used Chrome's market dominance to shape web standards in its favor. Microsoft embraced Linux and open source publicly, while building Azure, its proprietary cloud platform, as the commercial layer above it. VS Code is open source. GitHub Copilot, trained on open source code hosted on GitHub, is not. Amazon took Elasticsearch, forked it as OpenSearch, and runs it as a proprietary managed service.

The pattern is consistent. Adopt the open source project. Build proprietary services around it. Capture the revenue. The community does the foundational work. Big Tech captures the commercial value. And because these companies have the distribution, the sales teams, and the bundling strategies, they can outcompete the projects they took from. Microsoft doesn't just sell Office. It bundles it with Azure, Teams, Active Directory, and Copilot. That kind of integration is not something a grant-funded project can replicate.

Two decades of open source alternatives haven't displaced Big Tech because the playing field was never level. Open source writes the code. Big Tech writes the invoice.

Every Region Has Its Champions

Look at how other regions have handled digital sovereignty, and a pattern emerges. The United States has Microsoft, Google, Amazon, and the rest of the Big Tech stack, with combined revenues in the trillions and global distribution. China has WPS Office by Kingsoft with nearly 700 million monthly active devices, Alibaba Cloud and Baidu for infrastructure and AI, and WeChat for communication. Russia has MyOffice deployed across federal agencies as part of its import substitution program, alongside Yandex for search, cloud, and AI. South Korea has Hancom Office embedded in government and military use for decades, plus Naver and Kakao for search, messaging, and cloud.

None of these are open source projects. They're commercial products with defensible moats, backed by sustained investment and policy support. The regions that achieved sovereignty over their digital stack didn't do it by adopting an open standard and waiting. They built commercial companies.

The economic argument matters just as much as the strategic one. Regional technology champions reinvest into their local economies. They employ local engineers, pay local taxes, build local supplier ecosystems, and reduce strategic dependency on foreign jurisdictions. When a Swedish company builds software, that economic flywheel stays in Sweden. When the same organization pays for Microsoft 365, the money flows to Redmond. Multiply that across every company and government agency in Europe, and the capital outflow is staggering. Sovereignty isn't just about where data is stored. It's about where value is created.

Why the AI Era Changes Everything

Before AI, the sovereignty debate was mostly about storage and jurisdiction. Where does the data sit? Who can subpoena it? Those questions still matter. But AI has added a dimension that makes the stakes fundamentally higher.

Your documents are no longer just files in a database. They're context for AI inference. Every contract draft, financial model, customer database, internal communication, and strategic analysis becomes input to a language model. The question is no longer just "where is my data stored?" It's "who is my data training? Who has inference access? What jurisdiction governs the AI processing my most sensitive information?" When a European government ministry uses an American AI assistant to draft policy memos, the sovereignty implications go beyond data residency.

The political dimension is hard to ignore. In a world of shifting alliances, trade wars, and sanctions, depending on a foreign power's software stack for AI-assisted decision-making is a strategic vulnerability. Governments that wouldn't source military hardware from a rival jurisdiction are running their internal communications and analysis on software controlled by companies subject to that jurisdiction's laws.

For businesses, the calculus is similar. Companies that feed their data into Big Tech AI tools are building moats for their vendors, not for themselves. The more you use these tools, the more the vendor understands about your business processes, your competitive strategy, and your operational patterns. That information asymmetry doesn't serve the customer. It serves the platform.

Europe's Policy Without Product

Europe has built the strongest digital sovereignty policy framework in the world. GDPR set the global standard for data protection. The Data Act, effective September 2025, establishes new rules for data portability and interoperability. The NIS2 directive raises cybersecurity requirements across critical sectors. Gaia-X aims to build federated European data infrastructure. The CHIPS Act addresses semiconductor dependency. On paper, Europe is more serious about digital sovereignty than any other region.

But policy without product is regulation without leverage. Europe has no cloud hyperscaler. No search engine at scale. No social platform with global reach. No commercially competitive office suite built on European soil. The gap isn't limited to productivity software. It's systemic. GDPR protects privacy in theory, but if every company subject to GDPR still depends on American software for daily operations, the regulation protects user rights while the dependency undermines the sovereignty it was designed to support.

Proton proved that a European company can challenge Big Tech incumbents. Built in Switzerland, it took on Gmail and Google Drive with a privacy-first model and built a sustainable business doing it. But Proton is one company in one category. The broader digital stack, from productivity suites to cloud infrastructure to AI platforms, is still waiting for European alternatives that can compete commercially.

The Business Model Problem

The missing ingredient is not technology. It's not policy. It's not open source. It's a business model. Building commercial software that can compete with Big Tech at enterprise scale requires revenue, sales teams, enterprise support, compliance certifications, and the financial staying power to sustain that fight for decades. SOC 2 audits, 24/7 support infrastructure, government procurement navigation, accessibility compliance. These aren't features that get celebrated. They're table stakes for enterprise adoption, and they require sustained commercial investment.

Open source is essential infrastructure. Open formats ensure interoperability. Community-driven development surfaces ideas and catches problems that proprietary development misses. Any serious attempt at European digital sovereignty needs the open source ecosystem to be healthy and thriving. But the foundation is not the building. You need both. What's been missing is commercially sustainable products that support open formats, respect interoperability, and also build the defensible moat that makes long-term competition viable.

Grant funding can sustain research and development. Donations can keep servers running. But displacing incumbents that spend billions annually on product, distribution, and ecosystem lock-in requires more than better code. It requires a business that can go the distance.

Worth Building

This is why we're building Nodejam in Sweden. We believe Europe needs commercially viable alternatives to Big Tech's productivity stack. Not instead of open source, but alongside it. Products that can compete on their own terms, with revenue models that sustain the fight and architecture designed for what comes next.

The dependency isn't just about documents. It's about the entire digital infrastructure that European businesses and governments run on. Every internal communication, every contract, every financial model, every customer record, running on software controlled by companies in a different jurisdiction, subject to laws written by a different government, processed by AI systems built to serve the platform first. For a continent that has invested more than any other in digital sovereignty policy, the gap between ambition and reality is hard to ignore.

Office suites are where we're starting. The principle applies everywhere. This is going to take years. We're building for decades.