Digital sovereignty is rapidly emerging as one of the most influential forces shaping technical architecture across Europe. Yet it is often misunderstood as a narrow data‑residency issue. In reality, sovereignty is about control, coercion resistance, dependency transparency, and the ability to sustain safe operations under stress. When framed this way, sovereignty naturally becomes a driver of trusted secure systems engineering.This session provides a practitioner‑level view of how sovereignty principles translate into real architectural and engineering decisions across heterogeneous infrastructure - including on‑premise systems, virtualized environments, containerized platforms, and hybrid‑cloud operating models. Drawing on real work with regulated industries and collaboration with research teams focused on post‑quantum readiness, the session shows how sovereignty thinking reveals hidden dependencies in identity, inter‑system trust, cryptographic governance, backup and replication chains, operational tooling, and disaster‑recovery patterns.The talk then uses post‑quantum cryptography (PQC) as a concrete example of an emerging, real‑world constraint that forces organisations to surface cryptographic dependencies and trust paths they often do not have fully mapped. Without requiring deep cryptographic expertise, attendees will learn how to use PQC planning as a practical lens to strengthen sovereignty and resilience outcomes.Participants will leave with a practical understanding of the key architectural considerations and steps involved in building sovereignty‑aligned, resilient systems, without dependence on a specific vendor ecosystem.Why This Matters Now Sovereignty expectations are moving from policy statements to architectural constraints that affect how systems are designed, operated, and assured - especially in regulated environments. At the same time, PQC planning is becoming a real programme (not a future research topic), and it exposes cryptographic and operational dependencies that directly impact both sovereignty and resilience.Session Takeaways Attendees will leave with:A crisp, engineer‑friendly definition of digital sovereignty, framed around control, dependencies, and failure modes - plus a simple set of questions that can be applied to any architecture.A practical way to trace a service’s dependency chain, highlighting where sovereignty and resilience issues typically concentrate (identity, key custody, access paths, data protection, recovery flows, third‑party operational influence).A clear understanding of why PQC readiness is emerging as a real architectural pressure point, what kinds of systems and trust relationships it typically touches (certificates, authentication flows, remote admin paths, and service‑to‑service dependencies), and how PQC planning can be used as a practical lens to reveal hidden dependencies relevant to sovereignty and resilience - without needing deep cryptographic expertise.A small set of cross‑platform design heuristics, including explicit trust boundaries, crypto agility as a principle, clear key lifecycle ownership, robust restore validation, and designing for intermittent connectivity or partial system loss - and how each reinforces sovereignty and resilience.A realistic next‑12‑months sequence of actions, such as discovery, dependency mapping, PQC scoping, early control validation, and resilience checks - with common pitfalls that derail real‑world programmes.Learning OutcomesParticipants will learn how to:Apply sovereignty‑by‑design principles to diverse technical environments and infrastructure models.Translate sovereignty requirements into operational resilience practices, including dependency mapping, HA/DR analysis, and control assurance.Use PQC planning as a dependency discovery lens (what to look for and why it matters) without going deep into cryptographic implementation details.Use adversarial and systems‑thinking approaches to uncover resilience gaps and hidden dependencies.Build a practical, phased approach for sovereignty‑aligned readiness activities across legacy and modern systems.Communicate the technical implications of sovereignty and PQC to engineering peers and executive stakeholders.Target AudienceInfrastructure and systems architectsPlatform and site‑reliability engineersSecurity and identity practitionersResilience, continuity, and risk engineering teamsTechnical leaders in regulated or sovereignty‑sensitive environmentsSession Format60‑Minute Technical SessionA guided walkthrough of sovereignty‑driven architectural thinking, practical ways to analyze resilience and system dependencies, and a clear explanation of how PQC readiness can act as a lens for revealing hidden architectural assumptions — illustrated with simple, concrete examples relevant to real environments.
