Digital Sovereignty: A Challenge for Developing Democracy

by

Lika CHIMCHIURI[1]

CyJurII Scholar

On 20 August 2025

 PDF available.

Abstract

     One of the fundamental principles of international law is the principle of sovereign equality of states. It is the quintessence of the UN Charter, according to which no powerful state has the right to subjugate a weak one or to place itself in a privileged position. All sovereign states are juridically equal before international law.

  And the modern world, characterized by cyberspace, artificial intelligence, and digital economy, creates new opportunities as well as threats. In the world, many platforms have changed their appearance, acquired a new form, and expanded further. Among them, the classical definition of the principle of sovereign equality of states was expanded and added digital sovereignty, which is the right of a party to control its own digital space without interference from others. This innovation is a great challenge for states in general, and especially for developing democracies in the Global South, such as parts of Africa, Latin America, and Asia. The states are still at the stage of development, and the democratization process is still ongoing.

  The purpose of the article is to explore the stages of development of the concept of sovereign equality in developing countries alongside the digital revolution, why securing digital sovereignty is important for democratization, and why it is difficult to defend it in the global South.

Keywords: Digital Sovereignty, State Sovereignty, Developing Democracy, Global South, Cyber Security.

Introduction

  The rapid development of technologies is creating a new digital age, which is closely related to the states. Digital space has opened up a wide area for countries, virtual communication has become possible, digital diplomacy has come to the fore, and online platforms have covered trade between countries, the economy, etc. At the same time, a new type of crime, cybercrime, has emerged, which threatens digital sovereignty, especially in countries undergoing democratization.

  Digital sovereignty presents both an opportunity and a challenge for a developing democratizing state. Through it, a state can independently control and protect its digital infrastructure, which is important for cybersecurity and for defending against interference from foreign countries or corporations. It also helps in managing economic policy independently. Countries can control the personal data of their citizens, among other things. However, all of the above is subject to harsh interference from outside forces. Developing countries are an easy target for them, as their defense is relatively weak. This is the purpose of this article: to investigate why the digital sovereignty of developing countries in the process of democratization is violated, why we should protect it, and what gaps we find in this process.

  The topic uses research methods such as the legal research method, and we will talk about how digital sovereignty is protected through international legal norms and their implementation in the domestic legislation of developing countries. Also, we will use the method of dogmatic research, by which we will get acquainted with the recommendations of famous scientists regarding digital sovereignty and make an analysis based on them.

  Topics include threats to digital sovereignty, how it is being protected in developing countries, how it affects democratic governance and development, and what can be done to better protect it.

1. The Concept of Digital Sovereignty

  The concept of sovereignty emerged in Europe in the late Middle Ages, when philosophers discussed the internal and external independence of states and the effective exercise of state power.[2]

  The sovereignty of states is a basic constitutional doctrine of the law of nations that governs a society composed primarily of states that, in principle, have unified jurisdiction. If there is international law, then the dynamics of state sovereignty can be expressed in law.[3]

     Digitization poses new challenges to the concept of state sovereignty, in particular through the necessary protection of secret or relevant data and a high level of technological dependence on the producers of other states, which may call state sovereignty into question. Today's society and governance, or economic and political discussion, without digitization, is unimaginable. Digitization can be seen as an evolutionary stage of the industrial revolution. [4]

     Digital sovereignty by understanding sovereignty in cyberspace. At the first stage of the growth of the Internet, the idea of a sovereign space independent of the state emerged, which had to be created without territorial boundaries and with its own rules for users, i.e., people. This was intended to create an opposition to the traditional pretensions of the Westphalian model. With state encroachment on the Internet, activists have sought a dedicated space, cyberspace, free from state regulation and state sovereignty.[5]

  The concept of data sovereignty is also important in terms of data security. Data security is as much a concern for citizens as it is for companies or government institutions. In this context, companies focus on digital law and data protection aspects, while the state discussion is more aimed at protecting national security. In addition, the state is assigned a role in protecting the data of its citizens, since citizens in the nation state demand the right for the state to protect their rights. Absolute data sovereignty means being able to decide again at any time how data is stored.[6]

     Digital transformation is seen as a threat to national sovereignty for several reasons. First, a few powerful companies like Google and Facebook control the Internet and major parts of everyday life. They make huge profits from collecting data and targeting ads, and their influence on markets and people's lives has grown. This dominance has blurred the lines between private companies and governments, especially when it comes to areas such as law enforcement. Many countries, especially in Europe, are pushing for stricter regulations on these companies to limit their power.

  Second, the 2013 Snowden revelations revealed how US and other Western governments and tech companies have used their vast resources to collect and control massive amounts of data. Rather than address these concerns by creating global rules to limit this power, some countries, such as Germany, have begun to focus on creating national digital spaces. They are designed to give countries more control over their communications and data, preventing interference by foreign powers.[7]

  Finally, Europe and Germany are seeking digital policies that reflect their values, different from the US model that promotes capitalism and individualism, and China's centralized, authoritarian approach. Europe aims to create its own independent digital framework that reflects European standards and ideals and provides an alternative to both the US and Chinese systems.[8]

2. Challenges of Digital Sovereignty in the Global South

  Global South countries such as Australia, China, India, Iran, Arab states, African states, etc. They focus on digital sovereignty and aim to protect their security, as well as the security of citizens and social stability. Furthermore, they want to support local industries.

  China is leading the charge on digital sovereignty, increasing state control over the Internet, and demanding that data be kept within the country. Vietnam and other countries are imitating and following his footsteps in this matter.

  China was one of the first countries to formulate the concept of digital sovereignty. In 2015, Chinese President Xi Jinping defined digital sovereignty as the right of each nation-state to choose its own path of cyber development and its own regulation and Internet policy model, without interference from other countries.[9]

  The Great Firewall, a combination of legislative measures and technologies enforced by the People's Republic of China, stands as a robust tool for domestic Internet regulation, achieving internet censorship by blocking access to designated foreign websites and deliberately slowing down cross-border internet traffic.

  China's cyber sovereignty efforts have both a domestic and an international component, and they will result in an internet that will be less open and more controlled. The Chinese government and the ruling Communist Party assert cyber sovereignty, asserting control over all digital resources within China, spanning servers, user data, technical infrastructure, and tech firms operating both domestically and internationally.

  China passed the China Data Security Law (2021), which aims to protect "state sovereignty, security and development interests". The law allows the Chinese government to conduct national security audits of firms operating in China that collect user data. It prohibits extraterritorial access and imposes legal liability on entities that violate China's laws and interests by processing data abroad.[10]

  However, there have been reports that China is conducting cyber espionage on other countries. Allegations of its espionage have grown in recent years, with many countries accusing China of cyber-espionage, cyber-attacks, and other covert operations. These claims indicate that China has engaged in various espionage activities, including cyber attacks and human intelligence operations. In 2023, the first major escalation of these allegations erupted when the United States shot down a Chinese-owned "spy" balloon.[11]

  In February 2023, when a suspicious balloon was detected moving from China into US airspace over Canada, the US requested information from the Chinese government through the Beijing embassy. Chinese officials described the situation as a "civilian aircraft used for meteorological activities". US officials rejected China's claims of meteorological activity because the balloon could "maneuver". The balloon in question was dropped on February 4, 2023.[12]

  The latest development between the two countries was TikTok CEO Shou Zi Chew’s defence in the US Congress against the complaints that his company provided data to China and spied for the benefit of China. Chew suggested that ByteDance, TikTok’s parent company, is “not owned or controlled by the Chinese government “.  Apart from the US, allegations of spying activities related to TikTok were also made in Canada, England, the Netherlands, France, Denmark, Belgium, Norway, New Zealand, India, and Taiwan. Consequently, several governments took a series of measures regarding this application.[13]

  Regarding Australia, the 2020 Australian Cyber Security Strategy aims to "encourage new sovereign Australian cyber capabilities and companies" and "promote innovation in sovereign cybersecurity research and development." However, the overall picture is an attempt to balance national security interests with a liberalized trade agenda. Australia still does not require data localization: its national hosting strategy does not mandate domestic ownership and control or the localization of government data, and it has recently been amended so that non-Australian-owned and based companies can qualify.[14]

  Of course, the mentioned trends reached Africa and Arab countries and found a corresponding response from them. Let's take Africa. Many African countries' digital space is heavily dependent on foreign firms - mostly from the West, but more recently also from China - and African countries have little control over the data and infrastructure they depend on but do not benefit from economically.

  Digital sovereignty, as used by African governments, is typically framed as an extension of national sovereignty and has firm roots in the political conception of sovereignty promoted by China.

  The policies that do, such as the African Union’s Digital Transformation Strategy for Africa, South Africa’s draft Data and Cloud policy, and Rwanda’s Data Revolution Policy, stress economic self-determination by ensuring local ownership and control over locally generated data. There is a growing trend to replicate the Chinese data governance model, which requires all servers to be located within a country’s borders, providing the state with easier access to information. Governments in Nigeria and Senegal increasingly connect digital sovereignty with protecting or increasing the role of the state. Governments are also looking to address their concerns about political control and the economic benefits of the Internet flowing out of their countries.[15]

  As for Arab countries, in recent years Arab countries have launched strategic initiatives to assert control and autonomy in the digital sphere, emphasizing the quest for digital sovereignty. The motivation behind these efforts is based on the desire to protect national interests, protect cultural values, and navigate the evolving challenges posed by the interconnected nature of the global digital landscape. Various Arab countries have implemented measures to regulate and manage the use of the Internet within their borders. These initiatives include several strategies, including the development of a legal framework, the creation of regulatory bodies, and the implementation of technological solutions to monitor and control digital activities. One prominent example is internet censorship during the Arab Spring, where several governments, such as Egypt, attempted to restrict access to social media platforms such as Facebook and Twitter. These actions illustrate the difficulty of managing digital space during periods of social and political upheaval.[16]

  The complex structure of Arab countries' digital sovereignty projects demands critical thought on the delicate balance between protecting national interests and creating an open, interconnected digital environment. As these nations manage the intricacies of digital governance, the ongoing debate on the implications for individual freedoms, information access, and the global nature of the internet remains important to molding the future of digital sovereignty in the Arab world.

  Serious violations of digital sovereignty often involve cyber-attacks, espionage, or manipulation of digital infrastructure. These cases highlight the importance of strengthening cyber defenses, creating strong international legal frameworks, and deepening cooperation among countries to protect the digital space. Developing democracies, in particular, remain vulnerable to these types of breaches because their digital infrastructure is not fully developed to be able to defend itself and ensure security. Consider a few more examples of this, apart from China and the Arab Spring, which we mentioned above, namely the Indian Government's cyber espionage allegations and the Stuxnet attack on Iran.

  India is looking to increase its control over data, but focuses more on economic benefits than security. Although the country had planned a law to require data to be stored locally, this has been paused. The government is focused on protecting important infrastructure and data, especially after incidents of data breaches, and wants to boost its digital economy and hosting capacity.

  There is limited evidence of India’s ability to carry out cyber-attacks, though a former National Security Advisor has said India can conduct major cyber warfare and sabotage. Some security researchers agree, but there’s no clear proof that India has officially carried out such operations. However, non-state actors based in India, like ‘Dropping Elephant,’ have been linked to cyber activities such as hacking and espionage. These groups, possibly working without direct government involvement, use simple methods like social engineering rather than sophisticated techniques. [17]

  India’s armed forces are starting to build their cyber capabilities. In 2021, the Indian Army held its first hackathon to improve its cyber warfare skills. Participants took on challenges such as secure coding and offensive cyber skills to prepare for more advanced cyber operations in the future.[18]

  As for Stuxnet, it was a powerful cyber-attack that targeted Iran's nuclear program, but it operated within the limits of traditional cyber power. It didn’t directly destroy anything but created conditions that led to the damage of about 1,000 centrifuges used in Iran’s Natanz nuclear plant. Stuxnet’s main action was infecting computer systems, not causing physical harm by itself. [19]

  What made Stuxnet unique was how it pushed the boundaries of cyber power abilities. It spread widely but only activated on specific machines. It took advantage of four security weaknesses in Microsoft systems, including two that were unknown at the time, to control Siemens machines that operated the centrifuges. While it showed false signals of normal operation, it secretly caused the centrifuges to break. [20]

  This was the first time a cyberattack with such a sophisticated package—able to spread, hide itself, and attack on its own—was used against a specific target for a strategic or political outcome. Stuxnet damaged 1,000 centrifuges out of Iran’s 9,000 at Natanz, which significantly slowed their nuclear progress. The attack also hurt Iran’s confidence in its ability to maintain its nuclear program. It raised fears about the reliability of their equipment and the possibility of hidden threats.[21]

3. The Future of Digital Sovereignty

  Digital sovereignty is both a key tool and a threat to democratic governance. Governments must control the influence of the Internet on their people. However, at the same time, controlling the Internet offers governments enormous power over the lives of their citizens.

  Digital sovereignty has two faces - we can use it both to protect citizens and to control them. Digital sovereignty can strengthen the government's authority, giving it the power to control the Internet and Internet spaces that were previously invisible to the state. Thus, rules relating to digital sovereignty can be used to protect or otherwise limit the rights of citizens, so lawmakers in the global North and South must carefully anticipate and create laws that maintain a balance between security and control.[22]

  As we have already mentioned, digital sovereignty means exercising control over the Internet, which is the ambition of world leaders. In this way, they will protect their country from the interference of foreign countries and companies. In the past, there was a question whether the Internet should be regulated or not, but today the answer is clear, its regulation is necessary, and every state should do it. A new question arises: how should the Internet be regulated?

  Digital sovereignty is essential to protect personal space, ensure consumer safety, promote competition, and promote fairness. Developing countries should try to keep up with the digital economy. However, even when countries try to protect human rights and freedoms through digital sovereignty, they often hide the raw facts of rights violations from the world.[23]

  Prominent human rights expert Louis Henkin has expressed concern that digital sovereignty poses a major risk of totalitarian control. While digital sovereignty may be a geopolitical necessity against both foreign governments and foreign corporations, digital sovereignty also allows a government to assert enormous power over its own citizens and thus deserves precise control.[24]

  The politics of sovereignty in the digital age must take into account both geopolitics and technology. These two areas shape and balance each other. Public policy can have many objectives, which may include protecting and strengthening sovereignty in the digital age; that is, we are looking for a policy of digital strategic autonomy. It is a new form of policymaking that differs from the past because it uniquely addresses strategic autonomy and responds to the nature of digital technologies.[25] 

  Digital technologies are characterized by the speed of development, the scale of their influence, the systemic effect they have on the economy or society, and they have the opportunity to combine several technologies and obtain huge competitive and financial advantages. Examples of this are large technology companies that can invest billions in data collection and analysis, are not only AI companies, but also cloud companies with huge computing capabilities, as also increased by the Digital Humanism initiative. They are also leaders in cybersecurity and the next generation, quantum computing, and Artificial General Intelligence (AGI) race.[26]

  These big tech companies, with such massive capabilities to control technology and invest billions, influence marketing and more, are inevitably seen by governments as a threat to digital sovereignty.[27]

  The future of digital sovereignty must focus on the balance between government control and the protection of people's personal data. As countries strive to protect their data, new regional norms will affect how data is exchanged between countries. Technological advances such as blockchain and AI can enhance transparency and accountability, but also create security challenges. Collaboration between governments, technology companies, and civil society is critical for digital sovereignty to foster innovation while protecting human rights and democratic values. This dynamic landscape requires adaptive policies to address evolving complexities.

Conclusion

Norms of international law, organizations, and associations that are directly related to digital sovereignty, such as the ITU and the Budapest Convention, support state control over cybersecurity issues and help states to form international cooperation and fight against cybercrimes. The World Trade Organization (WTO), whose interests include digital trade, also maintains a balance between global e-commerce and national sovereignty.

  In addition, as already mentioned, we have regional alliances such as the African Union's Digital Transformation Strategy, which aim to localize data and control digital infrastructure, and we also have China's doctrine of cyber sovereignty, which supports strict state control over digital space and data. Notably, the United Nations Group of Governmental Experts (UNGGE) clearly states that the state has sovereignty in cyberspace and calls on countries to control their information and communication technology (ICT) infrastructure so as not to violate the norms of international law. The European Union's GDPR sets standards for data protection, which has implications for global digital sovereignty. From the point of view, we should also not miss the Tallinn Manual, which concerns international law concerning cyber operations and strengthens state sovereignty in cyberspace, and many others.

  Despite all of the above, the dominance of technological giants, cyber espionage, cyber attacks, and the increasing sophistication of artificial intelligence make it very difficult for states to control their digital sovereignty, especially in developing democracies. Proper implementation of completed norms, there may not be proper awareness in the society on how to protect oneself from such attacks, the state does not have the appropriate infrastructure, difficulty in repelling attacks. Or, not being economically independent enough and having to depend on foreign companies, which is certainly negative for the country, such countries are easy targets and sweet licks for cybercriminals; besides, many other threats characterize the vulnerability of digital sovereignty. But let's now talk about the recommendations of what can be done in developing democracies to avoid these threats.

  It is essential for developing democracies to develop strong national cybersecurity frameworks and create cybersecurity policies that enable them to define digital sovereignty, provide mechanisms to respond to cyber attacks, and protect their infrastructure.

  It is also vital for them to reduce their dependence on foreign tech companies. This requires governments to make appropriate investments in local data centers and cloud service providers to encourage domestic industries to develop their own platforms and technologies.

  By implementing a data localization policy like China's, by mandating that data collected within the country be kept domestically, developing democracies can protect sensitive information and limit foreign access.

  It is also necessary to deepen regional cooperation, which can create protection mechanisms against cyber threats. To protect digital sovereignty, developing democracies must invest in creating a digitally-skilled workforce that understands cyber-attacks and can respond accordingly. Also playing a formidable role is digital diplomacy, which enables emerging democracies to actively participate in global discussions on digital governance.

  With the above examples and recommendations, developing democracies will be able to secure their digital spaces, economic independence, and will be able to create a more autonomous and secure digital landscape.

References

1.     Basu, A. (2022). India’s international cyber operations: Tracing national doctrine and capabilities. United Nations Institute for Disarmament Research (UNIDIR).

2.     Chander, A., & Sun, H. (2023). Digital sovereignty as double-edged sword. In A. Chander & H. Sun (Eds.), Data sovereignty (pp. 72–88). Oxford University Press. https://doi.org/10.1093/oso/9780197582794.003.0004

3.     Crawford, J. (2019). Brownlie’s principles of public international law (9th ed.). Oxford University Press.

4.     Internet Society. (2022, December). Navigating digital sovereignty and its impact on the internet. https://www.internetsociety.org

5.     Kaloudis, M. (2021). Sovereignty in the digital age – How can we measure digital sovereignty and support the EU’s action plan? New Global Studies, 15(2), 227–244. https://doi.org/10.1515/ngs-2021-0015

6.     Milevski, L. (2011). Stuxnet and strategy: A special operation in cyberspace? Joint Force Quarterly, 63, 2–4. https://upress.ndu.edu/Portals/68/Documents/jfq/jfq-63.pdf

7.     Pohle, J. (2020). Digital sovereignty: A new key concept of digital policy in Germany and Europe. Konrad-Adenauer-Stiftung e.V.

8.     Saaida, M. (2024, January). Digital sovereignty. ResearchGate. https://www.researchgate.net/publication/377019471

9.     Timmers, P. (2024). Sovereignty in the digital age. In H. Werthner et al. (Eds.), Introduction to digital humanism. Springer. https://doi.org/10.1007/978-3-031-45304-5_36

10.  Yüksel, Ç. (2023, April). Chinese espionage: A world menace? TRT World Research Centre.

[1] Young researcher, LL.B, LL.M, Assistant to the Rector of Sokhumi State University. Young researcher, United Nations Representative & Delegate for CIRID – ECOSOC NGO Accredited to: UNOG (Geneva), UNOV (Vienna) and UNHQ (New York)

[2] Kaloudis, Martin. "Sovereignty in the Digital Age – How Can We Measure Digital Sovereignty and Support the EU’s Action Plan?" New Global Studies, vol. 15, no. 2, 2021, pp. 227-244, https://doi.org/10.1515/ngs-2021-0015, p. 3

[3] Crawford, James. Brownlie's Principles of Public International Law. 9th ed., Oxford University Press, 2019, p. 1001

[4] Supra note 2, p. 4

[5] Supra note 2, p. 7

[6] Supra note 2, p. 8

[7] Digital sovereignty A new key concept of digital policy in Germany and Europe Julia Pohle Imprint Published by: Konrad-Adenauer-Stiftung e. V. 2020, Berlin, p. 6

[8] Id., p.7

[9] Saaida, Mohammed. "Digital Sovereignty." ResearchGate, Jan. 2024, www.researchgate.net/publication/377019471. Accessed 13 Oct. 2024, p. 8

[10] Id., p. 10

[11] Id.., p. 12

[12] Id.., p. 14

[13] Yüksel, Çağdaş. Chinese Espionage: A World Menace? TRT World Research Centre, April 2023, p. 5

[14] Id, p. 6

[15] "Navigating Digital Sovereignty and Its Impact on the Internet." Internet Society, December 2022, www.internetsociety.org. Accessed 13 Oct. 2024, pp. 8-9

[16] Supra note 9, p.12

[17] Basu, Arindrajit. India’s International Cyber Operations: Tracing National Doctrine and Capabilities. UNIDIR, 2022, p. 9

[18] Id., p. 10

[19] Milevski, Lukas. "Stuxnet and Strategy: A Special Operation in Cyberspace?" Joint Force Quarterly, no. 63, 4th quarter 2011, upress.ndu.edu/Portals/68/Documents/jfq/jfq-63.pdf, p.2

[20] Id., p.3

[21] Id., p.4

[22] Chander, Anupam, and Haochen Sun. "Digital Sovereignty as Double-Edged Sword." Data Sovereignty, edited by Anupam Chander and Haochen Sun, Oxford University Press, 2023, pp. 72-88, DOI: 10.1093/oso/9780197582794.003.0004, pp. 2

[23] Chander, Anupam, and Haochen Sun. "Digital Sovereignty as Double-Edged Sword." Data Sovereignty, edited by Anupam Chander and Haochen Sun, Oxford University Press, 2023, pp. 72-88, DOI: 10.1093/oso/9780197582794.003.0004, pp. 3

[24] Id., pp. 4

[25] Timmers, Paul. “Sovereignty in the Digital Age.” Introduction to Digital Humanism, edited by H. Werthner et al., Springer, 2024, https://doi.org/10.1007/978-3-031-45304-5_36, p. 18

[26] Id., p. 16

[27] Supra note 23, p. 5