Digital sovereignty of the EU: digitalisation of Westphalian sovereignty or a new phenomenon?

Introduction The cornerstones of the EU's digital strategy are legal instruments such as GDPR, DGA, DSA, AIA, etc., which is not accidental. Data is the driving force and the "new currency" of digital relations, and their management becomes the key to strengthening the EU's digital autonomy. I t is becoming increasingly difficult to determine , what are the actual boundaries of the EU ’s sovereignty in the digital space as well as what is the place and role of the EU in the digital space in the light of growing influence of various transnational companies in the processes taking place in the digital world . In the context of the EU, the discussion about sovereignty is particularly difficult: when recognizing " digital sovereignty " as a derivative of " sovereignty " in relation to the EU, it brings the discussion to the area of the legal nature of the EU, the issues of transfers of powers from the EU Member S tates to the EU, which does not follow from the EU constituent documents, especially when the term “ sovereignty ” is not used in them at all. The question of understanding of the EU’s digital sovereignty through the prism of Westphalian sovereignty comes to the fore.

How is the EU’s digital sovereignty understood? Most scholars, considering the issue of digital sovereignty of the EU, defines it through the state-centric aspect or through the territorial dependence of the exercise of power in the digital world, which is not accidental. We used to understand sovereignty through the ‘Westphalian’ prism in international law: 1) Article 2 of the Draft Declaration of the Rights and Obligations of States; 2) Article 2 of the UN Convention on the International Law of the Sea (1928); 3) Article 1 of the Chicago Convention (1944); “A State is usually defined as a community consisting of a territory and a population subject to organized political power , and that such a State has a character and that such a State is characterized by sovereignty.“ (Arbitration Commission of the European Conference on Yugoslavia) When solving most issues of interstate relations, it is necessary to proceed from the fact that the State has exclusive jurisdiction over its own territory (Island of Palmas (1928)) .

Montevideo Convention on the Rights and Obligations of States of 1933 as a customary law. According to Art. 1 of the Convention, the “State" as a subject of international law must have the following elements: (1) permanent population; (2) defined territory; (3) government; and (4) ability to enter into relations with other States. A defined territory means a discrete territory that is different from other territories . The territory is a "container" over which the State exercises supreme and exclusive authority .

Cyberspace as a territory? The practice of international law shows that with the development of international relations, it is not the category of territory that changes, but rather the substantive aspect of this category. The evolution of the content aspects of the territory at the expense of air, sea and outer space makes it possible to include new spaces in the category of territory, such as, for example, cyberspace. The mere inclusion of cyberspace in the category of territory is not enough to determine the boundaries of digital sovereignty: it is necessary to understand on the basis of what principle the boundaries of the territory of states in cyberspace should be determined.

The problems of understanding cyberspace through the lenses of Westphalian sovereignty Unlike other categories of territory, cyberspace has a specific and multifaceted nature , which is somehow problematic through the classical (Westphalian) understanding of the territory and the already existing principles for determining such a territory. Cyberspace includes not only infrastructures, including servers, computers and/or communication cables, but also the “information field” that is created by such an infrastructure. Cyberspace, unlike other categories of territory, is no longer exclusive , since not only states, but also BigTech corporations turn cyberspace into their “own” territory, i.e. create business products, use cookies and software to collect data, conduct surveillance of users and monetize access to digital content, etc. All these are examples of drawing digital boundaries in cyberspace, and brings to the fore new risks, challenges and issues to the traditional Westphalian understanding of sovereignty.

The problems of understanding cyberspace through the lenses of Westphalian sovereignty International law is very slow to react to the changes in the modern world, trying to somehow adapt the existing legal regulation schemes related to traditional categories of sovereignty to cyberspace. The reason for the slow response lies not only in the lag of law from the development of digital technologies, but also in the “breaking” of traditional categories of sovereignty in cyberspace. The problem of the complexity of the regulation of relations developing in cyberspace has even caused the emergence of a number of nihilistic concepts claiming the impossibility of applying the category of territory and the concept of sovereignty to cyberspace due to its boundlessness and extraterritoriality.

The principle of territoriality in EU law The exercise of jurisdiction in the field of data protection in cyberspace in EU law does not occur in isolation from the criterion of territoriality. The GDPR, DSA and DMA often use the phrase " in the Union ", which may not necessarily imply a physical territory ( Salemink case). The principle of territoriality still remains an important “pivot” in the implementation of EU jurisdiction in the cybersphere. In particular, in the Lindqvist case, the CJEU pointed out that EU law does not apply indiscriminately to the entire Internet, and simply being in the EU and uploading personal data to a web page that can be accessed by anyone in the world with Internet access does not constitute the transfer of personal data to a third State. When revising data protection documents, there seems to be a transition from the category of " territory " to the category of " jurisdiction ", possibly somewhat weakening the link between the territory and the sovereign powers of the State to regulate cyberspace.

Closing remarks The development of cyberspace does not reduce the importance of the concept of " territory " as a sphere of exercising of the sovereign power of the state. The enrichment of the concept of " territory " throughout the historical development by including new spaces (air, sea and river vessels, space objects, scientific stations, diplomatic and consular missions, etc.) makes it possible to expand the content of this concept by including new spatial units that do not have a material aspect. Given the complexity of delineating the spatial contours of jurisdiction in cyberspace, the EU, relying on the criterion of territoriality, also uses a hybrid system of permissive principles when establishing its jurisdiction in cyberspace and substantiating the concept of its digital sovereignty (i.e. data localisation and extraterritoriality principles). This EU policy is more than understandable: dynamically and unusually developing digital relations in cyberspace require a flexible and adaptive approach to preserve their place in the digital world. However, the criterion of reasonableness and international comity should act as a deterrent. Although it is possible to include digital space under the category of territory, nevertheless, a new solution is needed at the international level. It is necessary to create universal norms and principles through international cooperation of leading states in the digital world, since the constant fragmentation of the digital world can lead to an information war, while human rights in the digital world are at stake. In such conditions, a Digital Westphal is simply necessary.