Web Analytics Made Easy - Statcounter
Sign in Subscribe
Latest issue

Digital Sovereignty in Canada: Why Education Is the Place to Start

Red maple leaf on a wooden table
Photo by Micah Bratt / Unsplash

This post is based on a presentation I gave at our Open Source Practitioner Call in March 2026 and related collaborations with educators and students. Like conversations around AI, I find that everyone uses this term (digital sovereignty) to mean different things (and in many cases this is due to regionally-specific progress differences). The goal of this meeting was to find similar ground using comparison with the European Union and Canada.

We saw participant in this call from academia, government, non-profit as well as average Canadians like myself trying to figure out how to help the country move forward - faster.

Rapidly Evolving Political, Tech & Human landscape

Image collage: Tech layoffs chart (increasing) security lock logo, open source sustainability infographic, 51st state propaganda image of Canada with stars and stripes, Transgender risk map and RTO office sign. All to represent the overlapping challenges in this moment.
Disruption collage

We're in a moment of overlapping disruption political, technological, human. The rise of AI is reshaping work and opportunity. Layoffs and career instability are affecting people across the technology sector and beyond. And the political landscape, particularly the relationship between Canada and the United States, is shifting in ways that make our digital dependencies harder to ignore.

Groundswell of Realization and Demand

Just a few of the headlines, saying basically :News article collage: Why Canada Needs public cloud, How Canada could achieve digital sovereignty, Broadbent Institute signs letter to PM concerning Canada's Digital Sovereignty, 80 leading Canadians civil society groups ask Carney to protect Canada's Digital Sovereignty. Canada Digital Sovereignty now, 'elbows up for digital sovereignty Mastadon' 'Do something!'
The call for digital sovereignty is also everywhere


Out of this, a groundswell is forming. Open letters signed by 80+ prominent Canadians including Margaret Atwood and former Governor General Adrienne Clarkson - calling on the Prime Minister to defend Canada's digital sovereignty. OpenMedia's #KeepOurDataHome campaign similarly, pushing for strong data localization laws to keep Canadian data within our own borders. Communities organizing on the Fediverse under the banner Elbows Up for Digital Sovereignty. Op-eds in the Globe and Mail, CCPA, Policy Options, all published within weeks of each other last summer.

A lot of different things, which can probably feel pretty confusing to citizens trying to understand their role, and their choices. What does digital sovereignty actually mean? And what would it look like if we were sovereign? I tried to answer that, but looking at what's happening in Europe and Canada for comparison.

Two definitions, different stages of maturity

Both the EU and Canada published digital sovereignty frameworks in November 2025. Same moment of recognition, different scope and focus.

" the ability of individuals, businesses and institutions in Europe to act independently in the digital world, allowing for autonomous decisions about the use, governance, and development of digital systems without undue reliance on external actors in order to protect our European democracies and our European values."     - The EU's Berlin Declaration, signed by all 27 member states

The scope includes citizens, businesses, institutions, and democratic society. It explicitly names open source as important for sovereignty. It explicitly links sovereignty to protecting democracy.

"The GC’s capacity to exercise autonomy over its digital assets and services, ensuring the GC can manage and protect its digital systems, data and information regardless of where technologies are developed, hosted, or supported. It builds on earlier work on data sovereignty, extending the focus beyond data storage and jurisdiction to include operational resilience, system integrity and institutional control.” - Canada Digital Sovereignty Framework:

The scope defines sovereignty as "the GC's capacity to exercise autonomy over its digital assets and services." The scope is the federal government's own internal operations. Broader issues - the economy, innovation, competitiveness is out of scope.

The Berlin Declaration builds on a decade of groundwork: GDPR, the Digital Markets Act, Gaia-X, SURF. Canada published its first sovereignty framework the same month. We're at different milestones on the same journey. But the gap in ambition is worth understanding, because it shapes what happens next.

What both definitions share and what I think matters most is that sovereignty does not mean isolation. It means communities, institutions, and governments collaborating to build, own, and maintain the infrastructure we all depend on.

What Europe is doing

Europe is acting, in public and visible ways:

  • Germany's Sovereign Tech Agency has invested over €24.6 million since 2022 in maintaining critical open source infrastructure. Germany's ZenDiS (Centre for Digital Sovereignty) coordinates sovereign software development for public administration.
  • France announced in January 2026 that it will replace Microsoft Teams and Zoom across all government departments by 2027, led by DINUM, the government's digital services agency.
  • The Netherlands' SURF cooperative pools ICT infrastructure across more than 100 universities, colleges, and research institutions. SURF negotiates collectively, operates shared services, and is deploying Nextcloud as a sovereign collaboration platform across the majority of Dutch universities.
  • In December 2025, the EU launched the Digital Commons European Digital Infrastructure Consortium (DC-EDIC) — a legal entity through which France, Germany, the Netherlands, and Italy jointly build and operate shared open source infrastructure. All software developed through DC-EDIC defaults to free and open source licenses. This is the beginning of what some are calling a "Eurostack."
  • A proposed EU Sovereign Tech Fund would scale this continent-wide with an estimated €350 million over seven years.

  

Screenshot of the FOSDEM 2026 Open Source & EU Policy devroom schedule showing a full day of sessions including: Public Procurement for Digital Sovereignty panel, EU Cloud Sovereignty Framework, Fediverse and the EU's Digital Services Act, How to Engage with Policymakers as Civil Society, Solving Europe's Problems with Open Source, CRA overview, Could Compliance Costs Sustain FOSS, and Effective Standard-Setting."
FOSDEM had a whole track on this topic

And at FOSDEM 2026, the EU Policy devroom spent an entire day on these topics including a panel explicitly connecting the Fediverse and decentralized social media to digital sovereignty through the Digital Services Act, with MEPs and Fediverse community members at the same table. Researchers presented on Fediverse adoption in EU public administration. There was a talk specifically on "The Social Web and Digital Sovereignty" arguing that social networks should be recognized as fundamental infrastructure for sovereignty, not an afterthought.

The energy in these rooms felt urgent, and committed to progress - but also humble in that there is so much to learn still.

Where Canada is

As of January (2025), 60 per cent of Canada’s cloud market was owned by five American companies. The situation is even more pronounced in office software, with 93 per cent of this market owned by two companies – Microsoft (65 per cent) and Google (28 per cent) – as of last September. - How Canada could achieve digital sovereignty

Canada is moving, but earlier in the process and narrower in scope.

These are real steps. But there is no shared infrastructure being built outside of government. No open source commitment in the sovereignty framework. No equivalent to DC-EDIC or the Sovereign Tech Agency. No clear door for educators, researchers, creators, or open source practitioners who want to help build, or focus on maintainers of critical dependencies.

| | Europe (Berlin Declaration) | Canada (GC Framework) | |---|---|---| | **Stage** | Builds on a decade of GDPR, Digital Markets Act, Gaia-X, SURF | First sovereignty framework, published same month (Nov 2025) | | **Scope** | Individuals, businesses, institutions, democratic society | Government operations; broader economy acknowledged but out of scope for now | | **What they propose** | Shared assets: common AI, cloud, space infrastructure, public-private partnerships | Risk identification and controls: contractual, supply chain, and technical safeguards | | **Open source** | Explicitly named as important for sovereignty | Mentioned elsewhere (supplier diversification); not yet in the framework | | **Approach** | Building alternatives and reducing dependencies through investment | Identifying dependencies and strengthening management of existing vendor relationships | | **Collaboration** | Sovereignty through international partnership: "self-sufficiency is neither realistic nor desirable" | Acknowledges need for interoperability with trusted partners; framework focused internally as a starting point | | **People and skills** | Education, digital literacy, workforce development as foundational | Identifies internal GC workforce capacity gaps; broader digital literacy not yet in scope | | **Democracy** | Explicitly links sovereignty to protecting democratic institutions | Not addressed in this document; may emerge in broader policy |
My informal observations as a comparison of themes (full table text in alt)

Why education is the place to start

Education is arguably one of the most ideal places to show leadership on digital sovereignty. B.C.'s post-secondary system is already in a state of transition and it has existing infrastructure to build on.

BCcampus has supported open education across the province since 2012, with over 250 open textbooks and a community of practice spanning 20+ institutions. OTESSA connects researchers and practitioners across sectors. The relationships and culture that shared infrastructure requires already exist.

In British Columbia institutions appear to independently procure overlapping digital services across dozens of separate contracts - email, collaboration, video, grading, proctoring, AI tools - largely from U.S. companies. There's no provincial baseline (that I could find) assessment of what this costs collectively or what dependencies it creates. Procurement doesn't have a digital sovereignty or open source emphasis. There's no shared commons of sovereign technology.

"Bill 22 repealed the data residency requirements and now public bodies may disclose and store personal information outside of Canada." DLA Piper, December 2021 (source)

Tools like Respondus LockDown Browser, which takes control of student devices and records through their webcams store data under U.S. jurisdiction. Ontario's Privacy Commissioner found McMaster University's use of Respondus non-compliant with privacy law. Similar tools are in use across B.C. institutions.

Every new program deployed on these platforms deepens the dependency.

Recommendations for education as a blueprint

Build on Europe's efforts. Based on that, here are some concrete steps that draw on what Europe has already built for higher education:

Assess the duplication and dependency. Measure what institutions collectively spend on overlapping platform licenses, who controls and maintains the technology, where student and institutional data resides, and what risk is associated — including open source dependencies. This baseline allows for goal-setting around shared sovereign services.

Establish pooled digital infrastructure. Build on the work of the Netherlands' SURF cooperative, which provides shared services to 100+ universities through collective procurement. B.C. institutions currently procure overlapping services independently, each negotiating their own contracts for largely the same tools.

Adopt a digital sovereignty procurement policy. Before adopting tools that control student devices, record through webcams, or store data under foreign jurisdiction, require an assessment of sovereignty and privacy impact, and whether Canadian-controlled or open source alternatives exist.

Create a shared commons of sovereign technology as a new capability for BCcampus and B.C.'s open education community. Build on Europe's work through the EU Digital Commons consortium. Invest in open source dependency maintenance, inspired by Germany's Sovereign Tech Agency.

Seek federal co-funding by prioritizing open source tools and AI under Canadian institutional control. The federal government is investing billions through the Canadian Sovereign AI Compute Strategy and Budget 2025. The Canada-Germany Sovereign Technology Alliance and the Digital Sovereignty Framework signal where federal investment is heading.

Build new programs on sovereign infrastructure from the start. For new educational initiatives, start sovereign and expand rather than deepening dependency by defaulting to the same foreign platforms.

What's next

These are my observations, research with input from our practitioners call. I plan on attending Fossy in Vancouver in August and potentially present on this topic, if anyone is interested in collaborating !

I'm underemployed after being laid off by Microsoft last year - contract work keeps me going, but posts like this take time and care. If my writing is useful to your work, I welcome sponsorship. And if you're building in this space, I'd love to talk.

Subscribe to Emma's open notes

Sign up now to get access to the library of members-only issues.
Jamie Larson
Subscribe
Licensed under CC BY-SA 4.0