Should Poland Follow France’s Path? On Data Sovereignty That Cannot Be Put Off Until Tomorrow

Home Solutions for business Should Poland Follow France’s Path? On Data Sovereignty That Cannot Be Put Off Until Tomorrow

France has made its position clear: sensitive data must remain within the country. Can Poland take equally decisive action? Or perhaps the real question is: can we afford to keep postponing it?

“Data is the new oil” – a phrase repeated for years by technology visionaries – has ceased to be a futuristic metaphor. It has become a hard business reality. Like any valuable oil, data requires protection: ideally through our own refineries, our own pipelines, and our own control over the entire value chain.

Meanwhile, Poland – a country proud of its IT specialists who create groundbreaking AI solutions in Silicon Valley – watches as our national “digital gold” flows in a wide stream to data centers in Ireland, Germany, or the United States. We are asking ourselves the same question France asked – and answered – a decade ago: can we afford this?

A French Precedent That Cannot Be Ignored

France did not wait for global security incidents or political ultimatums. More than a decade ago, anticipating European regulatory trends, it made a decision that at the time seemed radical: sensitive data, especially medical data, must remain on national territory. Not in a cloud “somewhere in Europe.” Not with a trusted NATO partner. In the country itself.

This was a strategic decision. Citizens’ data – particularly the most personal data – was recognized as an element of state sovereignty. Control over critical infrastructure was not treated as an option, but as a necessity.

Importantly, France did not declare American technologies to be “bad.” It did not block Microsoft or Google. It simply set a condition: if you want to operate in our market with sensitive data, you must play by our rules. And those rules are simple: the data stays here, under our jurisdiction and control.

Poland: Late, but (Hopefully) Not Too Late

Let’s be honest – Poland is late. By how much? It is hard to say, but while the French healthcare system has been operating on secure, local infrastructure for years, Polish institutions are only beginning to debate whether a problem even exists.

And it does – a serious one.

An example: financial reports of a Polish public company are sent to servers in Ireland. The company is subject to Polish law and accountable to Polish regulators, yet its most sensitive information “lives” under the jurisdiction of another country. Absurd? Unfortunately, this is everyday reality.

And this is only the tip of the iceberg. When, not so long ago, VMware – a tool underpinning a significant part of Poland’s IT infrastructure – increased its licensing fees tenfold, the industry realized something it should have understood much earlier: dependence on foreign Big Tech is not a strategy, it is a noose around the neck. A noose that someone else can tighten at any moment – not necessarily out of malice, but due to a change in business model, a merger, a corporate policy shift, or, as recent years have shown, a change in government policy on the other side of the Atlantic.

Mindset: The Greatest (Unfortunately Internal) Barrier

We have the technology. We have people – among the best in Europe. We have companies – proven, operating at the highest level. So what stands in the way of Polish digital sovereignty?

Paradoxically: ourselves.

The Polish IT market struggles with a problem no algorithm can solve – a lack of mutual trust. When a Polish company presents a solution, the first question is: “Is it as good as the American one?” When an American company presents a solution, there is no question – there is acceptance.

This asymmetry leads to absurd situations. A Polish integrator delivers a project for a Polish institution, using Polish know-how, Polish engineers, and local infrastructure. Yet the invoice is issued by a foreign corporation that, in practice, merely “stamps” the project. Because then the project is considered “credible.”

On top of that comes the syndrome of “eternal testing.” Every new government, every new administration, every new ministry wants to start from scratch. Discussions, conferences, reports, analyses, white papers – and then more discussions. Meanwhile, time is slipping away. And money is slipping away as well – billions of złoty spent on licenses that could have built Polish solutions instead flow into the budgets of foreign corporations.

“It’s Just Data” – The Greatest Misunderstanding of the Decade

The biggest mistake in thinking about data sovereignty is treating data as an ordinary commodity. “Fine, the data is in Ireland, but we can download it at any time. What could possibly go wrong?”

Everything.

Data is not static files on a disk, but streams, algorithms, and interconnections. It is the infrastructure that processes, analyzes, and interprets it. It is the people who have access to it. It is the jurisdiction that determines who can access it and when.

Every contract with an American technology corporation includes provisions that, if necessary, grant the U.S. government the right to access data – legally, formally, and in accordance with U.S. law. Even if the data is physically stored in Europe, American companies may be required to disclose it upon request by U.S. authorities (the CLOUD Act). Will this ever be used? Maybe yes, maybe no. But the mere existence of such a possibility should alarm anyone responsible for the security of critical infrastructure.

In the era of artificial intelligence, data is not just information. It is the ability to predict, model, and influence. Whoever controls data controls the future. And this is not science fiction – we are talking about algorithms that already predict consumer behavior, optimize supply chains, diagnose diseases, and assess creditworthiness.

The Polish Cloud: A Dream or a Realistic Scenario?

Can Poland build its own state cloud? Technologically – without a doubt. Economically – if we stop spending billions on foreign licenses and start investing in local development, also yes.

The problem lies elsewhere: in coordination, decision-making, and long-term strategy.

Imagine a scenario in which several of the largest Polish IT companies – proven, with years of experience and their own top-tier data centers – sit down with representatives of the public administration. The goal? To build a distributed infrastructure network that ensures security, redundancy, and independence.

Not one gigantic data center costing two billion złoty (which would likely still have to be operated by one of the Big Tech companies), but a network of smaller, distributed facilities managed by Polish companies, under Polish jurisdiction, and in line with Polish security standards.

Utopia? In many countries, this is already reality. Estonia – a country smaller than a single Polish voivodeship – has built a digital infrastructure admired by global powers. Austria is withdrawing Microsoft from public institutions. Denmark is developing its own educational solutions.

Why shouldn’t Poland be able to do the same?

Topic that may interest you

How to Calculate the TCO of an On-Premises Server Room vs. Colocation

Data Security – The Foundation of a Modern State

We are
a member of

Company listed
on WSE

We are
a member of