Prague, the cobblestones of this city have absorbed centuries of upheaval. Empires have risen and collapsed within sight of its bridges. Governments have been installed and dismantled without warning. If there is one thing Prague understands better than almost anywhere else on the European continent, it is what it costs to lose control, and what it takes to build something that endures.

by Kasun Illankoon, Editor in Chief at Tech Revolt

[For more news, click here]

It was not lost on me, then, that the city played host this spring to SUSECON 2026, an annual gathering hosted by SUSE, the global enterprise open source company and one of the most consequential voices in the conversation about how technology infrastructure should be owned, governed, and trusted. What unfolded over those days was not a typical enterprise technology conference. It was something closer to a reckoning, one that the rest of the world, particularly those outside Europe, is only beginning to grasp.

The theme that cut through every keynote, every breakout session, and every candid hallway exchange was digital sovereignty. But in Prague, that phrase carried none of the abstraction it tends to accumulate in policy papers and panel discussions elsewhere. Here, it was operational. It was urgent. And it was already well underway.

Europe Did Not Wait for Permission

Let me say this plainly, because I think it is the most important observation I brought back from Prague: Europe is not debating whether to pursue digital sovereignty. It is executing on it. The question being asked on the ground, in conversations with enterprises, government technology officers, and infrastructure architects, was not whether to reduce dependency on foreign-controlled technology stacks. It was how fast, and at what cost.

This is a function of both history and geography. European institutions have long operated under a regulatory and cultural framework that treats data, infrastructure, and technology control as matters of public interest, not simply market preference. The General Data Protection Regulation was not an accident. Neither is the EU AI Act. These are expressions of a coherent philosophy, one that holds that the systems on which societies depend should be legible, auditable, and ultimately accountable to the people and institutions they serve.

SUSE, founded in Germany in 1992 and now one of the most recognised names in enterprise Linux and cloud-native infrastructure, embodies that philosophy in structural terms. Its European incorporation is not a marketing position. As one research analyst put it pointedly during the conference, it is a jurisdictional fact that now matters to regulators, government agencies, and any enterprise subject to data residency requirements in ways it simply did not two years ago. Being subject to European law, and being able to demonstrate that credibly, is becoming a competitive advantage in a world where the legal and political environment of a vendor's home country is now part of the procurement calculus.

That calculus is shifting fast. And the rest of the world is beginning to notice.

The Sovereignty Gap Is Wider Than Anyone Wants to Admit

One of the more striking pieces of data to emerge from SUSECON came from SUSE's own research: while 98% of enterprises say they now prioritise digital sovereignty as a strategic goal, only 52% have moved from ambition to active execution. That gap, nearly half of the global enterprise market caught between intention and action, is the most honest diagnosis of where the technology industry actually stands right now.

The organisations that have crossed from aspiration to implementation are, disproportionately, European. They have been pushed there by regulation, by procurement requirements, by the lived experience of operating under data localisation laws, and by a geopolitical environment that has made the risks of dependency concrete rather than theoretical. What took European institutions years of regulatory pressure and cultural inclination to confront is now arriving on the doorstep of organisations in Asia, Latin America, the Middle East, and, increasingly, North America, not because of European influence, but because the same underlying forces are now global.

Export controls on semiconductors and advanced computing infrastructure. Trade restrictions that can overnight change the accessibility of software ecosystems. The increasing use of technology platforms as instruments of foreign policy. These are not European problems. They are structural features of the current geopolitical moment, and no region is insulated from them. The difference is that Europe, for all its regulatory complexity, had the framework in place to respond. Others are now scrambling to build one.

Resilience Is Not a Feature. It Is a Foundation.

Beyond sovereignty, a second theme ran through the conversations in Prague with equal urgency: resilience. Not resilience in the narrow engineering sense of uptime and redundancy, though those matter too. Resilience in the deeper sense of organisational and technological durability, the capacity to absorb disruption, adapt to changing conditions, and continue to function when the environment changes around you in ways you did not predict and cannot control.

The organisations I spoke with were making a distinction that I think deserves wider attention. There is a difference between a system that is optimised for performance under normal conditions and a system that is built to remain functional under abnormal ones. The past several years have delivered abnormal conditions at a pace that has overwhelmed planning cycles. Supply chain shocks. Regulatory pivots. Vendor acquisitions that restructured pricing and support terms overnight. Political developments that made previously reliable technology relationships suddenly uncertain.

The enterprise response, at least among the most forward-thinking organisations represented in Prague, has been to treat resilience as a design requirement rather than an insurance policy. That means diversifying infrastructure. It means demanding portability and avoiding proprietary lock-in at the architecture level. And increasingly, it means choosing open-source foundations precisely because open source, by its nature, does not disappear when a vendor's strategic priorities change or a geopolitical border shifts.

SUSE's own positioning reflects this directly. The company has spent the past several years building what amounts to a sovereignty-native infrastructure stack, spanning Linux, Kubernetes, edge computing, and now AI, with an explicit design principle that enterprises should be able to run their workloads anywhere, own their own data, and switch or adapt without catastrophic switching costs. The launch at SUSECON of the SUSE AI Factory with NVIDIA, a turnkey platform designed to let enterprises and governments deploy sovereign AI at scale, was the clearest articulation of that strategy to date.

Open Source Is the New Infrastructure of Trust

Here is what has changed, and why I think the conventional framing around open source is now insufficient. For years, the case for open source in the enterprise rested primarily on economics and flexibility. It was cheaper than proprietary alternatives. It was customisable. It had a large developer community. Those advantages remain real. But they are no longer the primary reason serious organisations are choosing open-source infrastructure.

The primary reason is trust, specifically, the kind of trust that can only be established through transparency. The ability to inspect source code is, in an environment where supply chain integrity is a board-level concern, an assurance that no proprietary audit can fully replicate. The ability to run software on infrastructure you own, in a jurisdiction you control, without dependency on a vendor's continued availability or commercial goodwill, is a form of resilience that closed systems structurally cannot offer.

This is the conversation happening in Prague. And it is a conversation that organisations in Singapore, in Sao Paulo, in Riyadh, and in Chicago are beginning to have, often prompted by the question of what happens if the platforms they currently depend on become inaccessible, or more expensive, or simply less aligned with their interests than they once were.

Europe did not invent this problem. But it is further along in building the answer.

What I Am Taking Back to the Newsroom

Journalism has a responsibility to report not just what is happening, but what it means. What I observed at SUSECON 2026, and what I am bringing back to Tech Revolt's coverage for the rest of this year, is a conviction that the technology sovereignty conversation is no longer a European story, or an open-source story, or a regulatory compliance story. It is the central story of enterprise technology in 2026.

The organisations that are building for sovereignty and resilience today are not doing so because they are ideologically committed to open source or because European regulators told them to. They are doing so because they have concluded, after a period of significant and often painful experience, that dependency is a form of risk they can no longer afford to ignore. That conclusion is spreading. The only question is whether it spreads fast enough for organisations to act before the circumstances that make action necessary become unavoidable.

Europe, for better or worse, has been living with those circumstances for longer than most. The rest of the world is beginning to catch up. SUSECON 2026, in a city that has learned more than most about the cost of relying on powers you cannot control, felt like the moment that catching up became genuinely urgent.

The cobblestones of Prague have seen this kind of inflection before. I suspect the technology industry has not.

__________________________________________________________________________

*Tech Revolt covered SUSECON 26 in Prague as an independent media outlet. No vendor paid for this coverage or reviewed this piece prior to publication*