This is an opinion article. The views expressed belong to the author.
Last week, Luxembourg hosted the Luxembourg Governance, Risk, and Compliance (GRC) Summit 2026. Events like this are a reminder of why professional communities matter: people come together not only to exchange business cards, but to openly discuss some of the most pressing challenges facing our sector.
While many insightful talks and discussions took place, one topic clearly dominated this year: digital sovereignty.
Whether the discussion focused on cloud infrastructure, artificial intelligence, cybersecurity, or data governance, a recurring concern emerged. Europe, many argue, has become heavily dependent on technologies and services developed elsewhere. In recent years, geopolitical uncertainty has transformed sovereignty from a theoretical concept into a practical necessity.
Some participants raised the question of whether recent US political developments have accelerated this debate. However, most agreed the issue is structural rather than tied to any single political figure. Even if political relations improve, Europe will still need greater resilience, stronger control over critical infrastructure, and reduced dependency on foreign technology providers.
At the same time, European participants often emphasised that sovereignty is not only technical but also value-driven. Europeans, and Luxembourgers in particular, take pride in the European Union's regulatory approach. While sometimes criticised as overregulation, many view European rules as reflecting deliberate societal choices around privacy, accountability, and human rights. These values are increasingly embedded in European digital policy and products.
Yet, as I reflected on these discussions, I was left with a question: do we apply these principles consistently?
This week, many members of the same professional community will attend Nexus Luxembourg, where Israeli technology companies and startups are prominently represented. This raises a broader question worth discussing: if sovereignty, privacy, and European values are central criteria when evaluating technology, should they not apply equally regardless of where that technology originates?
Human rights organisations such as Amnesty International and Human Rights Watch have accused Israel of genocide in Gaza, citing the blocking of aid, civilian casualties, and the destruction of infrastructure. UN reports reference over 72,000 deaths, 1.9 million displaced people, and 77 years of lost development. Meanwhile, investigators and human rights defenders warn that Israel's AI-driven targeting systems, mass surveillance systems, and other technologies are enabling mass atrocities at an unprecedented scale.
While the EU takes pride in landmark regulations such as the GDPR and the AI Act, questions arise as to whether the principles underpinning these frameworks are applied consistently when it comes to technology partnerships and trade relations involving Israel.
Events such as Nexus Luxembourg 2025 have highlighted growing cooperation between Luxembourg and Israeli technology companies across sectors such as AI, cybersecurity, fintech, smart mobility, and space technologies. Recent investment announcements, including multi-billion-euro visions for "vertical AI" development across Europe, the United States, and Israel, further underline the depth of these ties.
However, some technologies grouped under the label of "vertical AI" have also been associated in public reporting with military and surveillance applications in conflict environments. This raises a difficult but necessary question for European and Luxembourgish stakeholders: how should dual-use technologies be assessed when they may be deployed in both civilian and military contexts, especially when the trade involves a geopolitically sensitive partner such as Israel?
The experience of the NSO Group illustrates the risks of insufficient early due diligence. The company's Pegasus spyware was marketed to governments as a tool for combating crime and terrorism, with assurances of strict safeguards. Subsequent investigative reporting, however, revealed cases in which the software was allegedly used to target journalists, activists, and political figures in multiple countries, including within Europe. Today, Luxembourg is still failing to close NSO offices despite sustained efforts from civil society to halt their activities.
This issue is therefore not only ethical, but increasingly legal and political.
At the international level, accountability debates surrounding Israel have intensified. Various proceedings and investigations are ongoing in international legal forums regarding alleged violations of international humanitarian law, including an ICC arrest warrant issued for the current Prime Minister of Israel and ICJ rulings on plausible genocide and confirmation of illegal occupation of territory. These developments inevitably influence how governments and institutions assess political, legal and economic risk.
At the European level, concern over EU-Israel relations has also entered formal political processes. A European Citizens' Initiative calling for the suspension of the EU-Israel Association Agreement has surpassed the threshold required for consideration by EU institutions, reflecting growing public debate about the alignment of trade relations with human rights commitments.
Meanwhile, Luxembourg is also engaged in broader discussions about its obligations under international law, including the responsibilities of states in relation to the prevention of genocide, as highlighted in three separate studies, two mandated by the Chambre des Députés and one conducted by civil society organizations. This topic has also been raised in several parliamentary questions from both the general public and the opposition parties.
If sovereignty means anything, it must include the consistent application of principles, even when it is politically or economically inconvenient. Otherwise, "European values" risk becoming rhetorical rather than operational, and digital sovereignty remains unachievable.
This is an opinion article. The views expressed belong to the author.
