Europe at a Digital Crossroads: Sebastiano Toffaletti on Cybersecurity, Data Sovereignty, and the AI Race

As Europe grapples with rapid digital transformation, new regulations, and intensifying global competition, small and medium-sized enterprises (SMEs) are both the backbone of innovation and among the most vulnerable.

In an exclusive conversation, Sebastiano Toffaletti, Secretary General of the European DIGITAL SME Alliance, discusses the challenges and opportunities that lie ahead, from cybersecurity and data sovereignty to standards, intellectual property, and emerging technologies.

Cybersecurity: Beyond Standards

Europe’s long-standing model of collaboration between policymakers and industry has given the region a strong foundation for cybersecurity and software standardisation.

“Regulators set the ‘what’, while industry defines the ‘how’,” Toffaletti explains. “This has worked well, because standards can evolve faster than legislation.”

But new laws such as the AI Act and Cyber Resilience Act are testing that system. “Standardisation has become a battlefield between large U.S. vendors, European SMEs, and civil society. The result is tension, delay, and uncertainty for companies that need clarity,” he warns.

For Toffaletti, the solution lies in stronger SME representation. “Europe should guarantee a minimum level of SME participation in standardisation groups. Initiatives like CyberStand, which funds SME experts, are a crucial step.”

Still, he insists that standards alone are not enough: “Many smaller firms lack access to timely threat intelligence. We need trusted channels for sharing vulnerabilities and attack patterns, building on platforms such as SME ISAC, and this intelligence must feed back into the standards process.”

Data Sovereignty and Privacy

On data and privacy, Toffaletti points to two major challenges. The first is Europe’s dependence on foreign cloud providers. “As long as most of our data is hosted on U.S. hyperscalers, true sovereignty is impossible. Citizens’ data will always be subject to foreign jurisdictions,” he notes.

The second is unequal access to data. “Large corporations often hide behind ‘user privacy’ to avoid sharing data with SMEs , even when the Data Act provides secure and lawful mechanisms. This locks smaller firms out of service markets where they could innovate.”

The way forward, he argues, is stricter enforcement and investment in European infrastructure: “Privacy and innovation must go hand in hand, not be weaponised to maintain dominance or dependency.”

Regulating AI and Blockchain

When it comes to AI and blockchain, Toffaletti stresses the need for balance. “Europe must strike a balance between trust and competitiveness,” he says. Yet Europe still lags behind. In 2024, only 13.5% of SMEs were using AI tools.

“The AI Act rightly aims to promote trustworthy AI, but without harmonised standards, regulatory sandboxes, and clear guidance, SMEs will struggle once obligations kick in by August 2026,” he cautions. “The cost and complexity of compliance could push innovators out of the market just as AI adoption accelerates worldwide.”

He adds that regulation alone won’t be enough. “Europe needs an ambitious digital industrial policy, to build demand for European-made technologies and reduce dependencies. Only then can Europe reclaim leadership in the next wave of innovation.”

Standards as Strategic Tools

Standards are often dismissed as technical details, but Toffaletti insists they are far more: “Standards are the backbone of Industry 4.0. They are strategic enablers of innovation and competitiveness.”

He points to examples across industries. In construction, Building Information Modelling (BIM) allows seamless collaboration across the value chain.

In manufacturing, the TRE-E consortium adopted the ETSI oneM2M Smart Lifts standard, connecting nearly 40,000 lifts to the cloud, cutting costs, improving efficiency, and keeping SMEs active participants.

Similarly, ETSI’s Digital Twins task force has created common specifications that enable deployment across manufacturing and smart cities.

Intellectual Property for the Digital Age

For intellectual property, Toffaletti believes Europe must adapt. “Copyright should remain the primary safeguard for software and data-driven innovation, with patents used only where copyright is insufficient,” he explains.

But there’s a problem: “Today, most software patents in Europe are held by non-European firms. That’s a sovereignty risk. We need a smarter, balanced approach that empowers European SMEs, not locks them out.”

Research and Innovation: Lessons from Horizon

Horizon 2020 demonstrated the value of structured collaboration but also exposed key flaws. “Networks were fragmented, SME participation was limited, and many research results never made it to market,” Toffaletti recalls.

The follow-up programme, Horizon Europe, has introduced reforms such as lump-sum funding and better mechanisms to track research uptake.

But Toffaletti remains cautious: “The real test will be whether these improvements genuinely strengthen the bridge between research excellence and industrial application, and bring SMEs fully into the ecosystem.”

Europe’s Digital Path Forward

For Toffaletti, the overarching message is clear: Europe’s digital success depends on empowering its SMEs.

Whether in cybersecurity, data sovereignty, AI, or standards, he argues, small innovators must not be left behind.

“If Europe wants to reduce dependencies, shape global standards, and reclaim leadership, it must build an ecosystem where SMEs are not just participants, but drivers of the digital future.”