Let’s take a look at how European sovereignty and performance can – and must – go hand in hand, along with some tips for evaluating a sovereign cybersecurity solution.
European sovereignty, data and intellectual property protection
Data protection
Today, the amount of data generated every day is equivalent to the total amount of data generated between 1970 and 2010, according to a Schwartz Digits study on digital sovereignty in 2025.
Furthermore, a 2022 report by Thales indicates that 9.7 billion data sets have been stolen worldwide since 2013, and according to the Schwartz Digits study, nearly 64% of these come from the United States—the country where most hypervisors are based and to which European companies entrust most of their data.
But cybercrime and data theft are not the only risks facing companies: protecting intellectual property is also a challenge.
Intellectual property
By relying on American or Chinese hypervisors, major software and web service providers now include in their contracts the option of using all the data stored therein to train their AI models. This is the case, for example, with SAP and social network X or Meta, which, as with data security, creates risks for intellectual property.
Strategic and technological autonomy
The global impact of the Microsoft outage linked to the CrowdStrike incident in 2024 highlights the consequences of dependence on third-party tools, putting sovereignty and autonomy back at the heart of cybersecurity. This incident also showed how central a security solution such as EDR is to an information system. EDR is capable of isolating workstations, deleting files or directories, killing processes… and as we have seen, if it malfunctions or is manipulated by malicious actors, the consequences can be disastrous.
In addition to malfunctions, this dependence can lead to critical situations if the publisher decides to discontinue its services. This is the case, for example, with the Bing search engine, which has decided to restrict access to its public API in 2025, forcing some alternative search engines to invest in their own web crawling and indexing infrastructure.
Why sovereignty is essential for cybersecurity
In this context, the importance of sovereignty is obvious, and not just for governments or public institutions!
It is not only a matter of data security, but also the need to be technologically and economically autonomous.
Furthermore, relying on a sovereign provider that develops its solution and hosts its data in Europe (as HarfangLab does), where laws regulate the use and protection of personal data, ensures compliance with local regulations like GDPR, NIS 2, DORA, etc. It also ensures a close and trusting relationship while promoting the growth of a sovereign economy and ecosystem.
But as we have seen, sovereignty is not the only criterion for choice; the performance and robustness of a solution remain paramount. So how do you choose among the security platforms on the market?
Quality criteria for a cybersecurity sovereign solution
A workspace security platform must meet the following criteria to validate its quality and compliance.
Threat detection
A security solution must be able to detect basic (cybercrime) and advanced (persistent attacks) threats based on signatures, behaviors, indicators of compromise (IOC), etc., while limiting the number of false positives and offering whitelist configuration options to avoid alert fatigue.
The ability to customize detection rules should allow the tool to be adapted to the cyber context in order to deal with specific threats that may target each organization (espionage, ransomware, etc.).
Threat analysis and contextualization
A workspace protection platform is built to ease the burden on analysts with data that is easy to explore and correlate for quick and effective investigations. This requires transparency in detection rules and alerts to understand what triggered them, as well as a user-friendly interface and the ability to navigate easily through the data.
Automation features
Automating certain tasks such as quarantining, file deletion, blocking, remediation, and network isolation allows analysts to focus on priority or complex analysis and investigation tasks rather than spending time sorting through alerts, with the help of artificial intelligence, among other things.
Integration of artificial intelligence
AI plays a central role both in detecting threats unknown to virus databases and in assisting analysts in navigating the platform and finding information. The software provider must ensure the security of its users’ data and be transparent about its working methods and detection processes. Unknown threats identified by AI must enrich overall detection capabilities and enable analysts to improve their knowledge of the cyber context. They must therefore have access to detailed information on how the engine works and the context of alerts.
Data storage
A cybersecurity solution processes an organization’s sensitive data and must ensure its protection and confidentiality by guaranteeing storage and processing in a trusted environment. From this perspective, only European players can protect against the scope of extraterritorial laws such as the Cloud ACT or FISA in the United States, or the Chinese Intelligence Law, thanks to the fact that data is stored locally.
Interoperability and connectors
Tools designed to protect a workspace are generally integrated into an existing information system and cyber ecosystem. Openness, access to an API, and connectors with other solutions (SIEM, SOAR, NDR, SOC, Threat Intelligence platforms, etc.) enable seamless integration and optimal operation.
Deployment options
For organizations operating in sensitive sectors (public institutions, industry, defense, essential service providers, etc.), an On-Premises – or even Air-gapped – deployment may be mandatory.
If this is the case, it is important to ensure that the solution offers the same features as the SaaS version and that these features do not depend on third-party or cloud services to function, in order to be truly On-Prem.
Update options and processes must also be planned in advance to ensure complete fluidity, compliance with technical requirements, and data confidentiality: remotely, on-site, or via a secure link, how often, and with what impact.
User experience
The implementation of a workspace protection platform must be completely transparent to users. In other words, it must have zero impact on endpoint performance. Remember to check the weight of the agents and their RAM and CPU consumption to maintain the performance of workstations and servers once the security solution is in place.
Roadmap and developments
Threats are constantly evolving and improving, and a cyber solution must keep pace. Therefore, a vendor must listen to the needs of its users and offer not only adequate fixes, but also regular updates in line with market expectations. The ability to follow the announced roadmap is also crucial to avoid accumulating technical debt… and disappointment.
Peer reviews and feedback
Reviews – such as Gartner Peer Insights – and discussions with peers can be a key source of information on product and support quality, as can labels that certify the quality and compliance of the product and production processes.
Cybersecurity quality standards
To help you navigate the range of cybersecurity offerings available, you can check.
Certifications and qualifications
- ANSSI (France) – HarfangLab is the first EDR certified by ANSSI
- BSI (Germany)
- ENS Alta (CCN – Spain)
- Dutch Approval (AIVD – Denmark)
- Cyber Essentials
- Etc.
Evaluations
- MITRE ATT&CK Evaluations
- SE Labs – HarfangLab’s EPP obtained certification in 2025
- The CyberHive Matrix
- EDR Telemetry Project – HarfangLab is one of the top performers
- Etc.
Association membership or event participation
- European Cyber Security Organisation (ECSO)
- European Alternatives
- Botconf
- EuroStack
- Etc.
So, what does the future hold for sovereign cybersecurity in Europe?
The future of European sovereignty for cybersecurity solutions
“European sovereign cybersecurity solutions are technically equivalent to those of well-established US publishers, we just have fewer marketing resources!
However, if we want to build a strong European ecosystem, it is essential to give visibility to sovereign players and adopt European solutions. This further requires easier access to financing to support providers capable of competing with the American market.
The harmonization of the legislative and regulatory framework and the pooling of certifications currently underway will also contribute to greater clarity regarding constraints and offerings.
The key point to remember is that without European purchases, there can be no robust sovereign ecosystem. It is therefore our collective responsibility to build this ecosystem together.”
Pierre-Louis Mauratille, Chief Operations Officer – HarfangLab
Did you know that more and more IT security decision makers
consider sovereignty as a priority? Find out data breakdown by country
and many other insights into European cybersecurity trends:
More articles
MSSP and MDR: using experts to manage an EDR
Why use an MSSP? What role does it play? What are the benefits and what can you expect?
How cybersecurity solutions manage their own vulnerabilities
Vulnerabilities have increased by 38% in just one year, according to a 2024 report by Advens CERT. While organizations are…
Critical National Infrastructure (CNI) and Data Protection: from supply chain attacks to On-Prem defenses
Companies and public organizations are routinely targeted by cybercriminals and state-sponsored organizations alike, with attacks spanning ransomware, espionage-motivated intrusions, and…
MITRE ATT&CK to evaluate an EDR
MITRE ATT&CK delivers more than a framework for evaluating detection capabilities, threat hunting, risk management, and threat intelligence – it…