Stop playing catch up with the US, Europe!
Europe keeps trying to out-build the frontier. The leverage sits one layer down: verifying what the technology does, through the technology itself.
By the time Europe finishes funding its own AWS, its own foundation model, its own consumer platform, its own next-frontier equivalent, the American gap hasn't closed. It's compounded. A decade head start, continuous reinvestment. You don't outrun that by running faster in the same direction.
Stop copying what already exists, double down on what Europe does that nobody else does.
ASML is the obvious example, because it's already real. They don't compete with Nvidia, they make Nvidia possible, and that position gives them control over leading-edge chip manufacturing that no chipmaker can route around. The most powerful seat in the industry belongs to the company that built the thing underneath.
The real question is what Europe's ASML play looks like across digital strategy. Not just AI. Cloud, platforms, identity, whatever comes next.
The framing mistake
Every European tech sovereignty debate assumes the same binary. Cloud: build AWS alternatives or accept dependency on AWS. AI: build sovereign foundation models or accept dependency on OpenAI. Social: build European platforms or accept dependency on Meta. Identity, payments, productivity software, same binary every time.
Both sides treat the problem as ownership.
The structural risk lives one layer deeper. Europe can't see inside the technology it runs on.
When Facebook's algorithm pushes political content, European regulators find out through investigative journalism. When an AI model trains on copyrighted work, rights holders find out through litigation. When AWS holds government data, the rules are contractual, not cryptographic. Contracts get renegotiated. Cryptographic audit trails don't.
The accountability gap is the vulnerability. Across every digital domain.
A different position
ASML's position in the chain works as a model for what Europe could build across digital infrastructure. They sit underneath every chip maker as load-bearing infrastructure, and that position buys them control no single chip company has.
Europe has the same kind of position available in digital accountability, if it chooses to build for it.
The regulatory foundation already exists. A decade of GDPR, the AI Act, the Data Governance Act, DORA, the Digital Services Act. Europe has spent that decade writing the legal architecture for how digital systems should behave. The architecture lives in legal text though, not in software. Enforcement means audits, fines, and reporting obligations, all backward-looking.
The technical primitives exist too. Zero-knowledge proofs, cryptographic audit trails, privacy-preserving computation. The tools to verify what a system is doing without accessing the underlying data are mature enough to deploy today, not in five years.
And Europe has something American tech companies want: access to high-value public sector contracts through tax authorities, financial regulators, and government agencies. Used well, that's real negotiating power.
What's missing is the connective layer. Software that takes regulatory requirements and turns them into real-time cryptographic verification, baked into the foreign technology Europe depends on.
Three gaps across three domains
Start with social platforms. Regulators want to understand how Facebook's algorithm makes promotion decisions. Facebook hands them documentation and occasional audits. There's no mechanism for independent, real-time verification that the algorithm behaves as Facebook describes. A privacy-preserving audit trail, embedded in the platform and queryable by authorised regulators without exposing user data, would close that gap permanently.
Next, cloud. When a European government stores data in AWS, legal contracts govern who can access it. Those contracts get enforced in court, months after the fact. Cryptographic access controls and audit trails, where every data access is logged, signed, and independently verifiable, make compliance structural instead of contractual.
Then, AI training data and copyright. When a model gets trained, data provenance is invisible to rights holders and regulators. Audit infrastructure that records what data went in, when, and under what licence, queryable later by authorised parties, turns copyright enforcement from litigation into verification.
None of these require Europe to build its own cloud, its own platform, or its own foundation model. They require embedding accountability infrastructure into the systems Europe already uses.
Europe's structural advantage
The compliance instinct that looks like a competitive handicap in Silicon Valley terms is the entry point. American tech culture treats regulation as friction. European institutions treat it as a design requirement. That's why European companies are further along on this layer than their American counterparts, and why European regulators have both the motivation and the authority to require it.
At mintBlue we've been working in this direction for years. Research with the Belastingdienst on real-time audit trails for tax. Justitie en Veiligheid on sharing fraud signals without exposing the source. Photo authentication for government identity. All early-stage, all pointed at the same idea: accountability built into the process from the start.
These are digital accountability explorations across domains as different as tax, justice, and identity. The primitives port.
The same cryptographic primitives behind the Belastingdienst tax-audit research can let a European regulator verify an AWS access log. The same zero-knowledge patterns we're exploring with J&V to share fraud signals without exposing sources can let a data protection authority check Facebook's promotion logic. The Dutch public-sector work is the same work that applies to the foreign systems Europe currently can't see inside, across domains, across frontiers.
The pattern is portable.
If European regulators make real-time accountability infrastructure a condition of market access, and if that infrastructure is technically credible enough to verify behaviour rather than produce paperwork, then dependency on American and Chinese technology stops being a strategic vulnerability and becomes a manageable arrangement.
You don't need to own the rails. You need to verify where the train is going.
An alternative path to sovereignty
Europe has the option to build the accountability layer that sits between European institutions and the foreign technology they run on, providing cryptographic guarantees about what that technology does, through the technology itself.
That position compounds as any frontier gets more powerful and less transparent. AI this happening now
The regulatory foundation is there, the technical primitives are there, the institutional credibility is there. The open question is whether Europe treats compliance as a constraint to manage or as infrastructure to export.
ASML sits underneath every chip company in the world. Europe has the same seat available across digital infrastructure.

