However, these advantages can often come with some risks. In the current political climate, an ever-increasing risk is our reliance on foreign-owned technology infrastructure, and particularly our reliance on American technology providers.

Many of the technology and cloud services employed by organisations in Ireland are provided and hosted by technology giants such as Microsoft, Google, and Amazon. These companies, while offering impressive technology, are US-based organisations and therefore are primarily governed and answerable to US laws. 

As a result, Irish businesses and public bodies are vulnerable not only to technical faults or cyber threats, but also potentially to political decisions made in Washington that are beyond our control.

Concerns around digital sovereignty, which is the ability to maintain control over your own data, infrastructure, and critical technologies are not new. However, in recent months, these concerns have moved from being theoretical to potentially becoming a reality. 

In February of this year, US president Donald Trump issued sanctions against the chief prosecutor of the International Criminal Court (ICC), Karim Khan. According to the Associated Press, “The February order bans Khan and other non-Americans among the ICC’s 900 staff members from entering the US, which is not a member of the court. 

"It also threatens any person, institution or company with fines and prison time if they provide Khan with 'financial, material, or technological support'.”

It appears in response to these sanctions, Microsoft cancelled Mr Khan’s email address, resulting in him having to migrate his email services to a Swiss based provider, Proton Mail. According to reports in the South China Morning Post, Microsoft recently suspended cloud-based services to some Chinese organisations such as the Guangzhou-based Sun Yat-sen University, and a genomics company called BGI Group.

This potential threat should not be just a concern for organisations, it should matter to individuals as well, particularly those who would be considered high risk, such as political activist or journalists. 

Those who rely on cloud platforms for digital services such as email, online storage of documents, storing photos, and other important services could find themselves locked out without notice if they fall foul of foreign sanctions or legal orders. 

While the risk may seem remote, the Khan incident shows geopolitical decisions can directly impact the ability of individuals and organisations to access online digital services regardless.

As relationships between the EU and the US become increasingly tense, fuelled by the threat of a tariff war, trade disputes, regulatory differences, and diverging privacy standards, Irish individuals and organisations could easily find themselves caught in the crossfire, resulting in the legal and contractual protections they once had being threatened.

At the core of the threat is that many jurisdictions have laws that often conflict with EU and Irish laws, in particular with relation to data protection and privacy laws. The US has laws such as the Clarifying Lawful Overseas Use of Data (CLOUD) Act and the Foreign Intelligence Surveillance Act (FISA), which give US government agencies sweeping powers to access data stored or process by US technology firms, even if that data is stored in datacentres here in Ireland or anywhere else in the EU. 

This can clash directly with the EU’s own General Data Protection Regulation (GDPR), which is designed to protect personal data and uphold European values of privacy and accountability.

The European Court of Justice has already struck down two major transatlantic data-sharing agreements, the EU–US Safe Harbor, which was struck down in the Schrems case, and the subsequent Privacy Shield agreement, which was struck down in the Schrems II case, because of these concerns.

The potential risk to Irish businesses is not just about privacy and data protection. A sudden loss of access to key cloud services, whether resulting from technical issues, political interference, sanctions, or legal orders, could disrupt many Irish organisations. 

Critical information such as emails, documents, customer data, could all be inaccessible in an instant. The financial consequences for Irish organisations would be devastating as they scramble to recover data or migrate to alternative providers.

Across the European Union, there has been a growing push for digital sovereignty to ensure our digital infrastructure is controlled in a way that reflects European values, laws, and priorities. 

The European Commission’s GAIA-X project is a bold attempt to build a secure, transparent and European-led cloud ecosystem. France and Germany are already investing heavily in national cloud solutions. Ireland, as a country whose economy relies on technology, should follow suit and not fall behind in this movement.

All organisations, from the local coffee shop relying on cloud-based point-of-sale systems or to the software development company hosting its entire infrastructure in the cloud, should take stock of the various technologies and services they rely on and determine which ones are crucial for their ongoing operations. 

Should any of these technologies or services not provide some level of digital sovereignty or contingency, then the risks to the business need to be understood and preparations made for the possibility of disruption.

This doesn’t mean ditching everything overnight. But it does mean taking concrete steps such as, determining if alternative Irish or EU providers can be sourced, reviewing existing contracts and data-sharing practices to clearly understand any potential exposure to loss of service, encrypting sensitive data so it can only be accessed by those authorised to do so, and having contingency plans in place to ensure the ongoing operations and survival of the business if services are ever suspended or disrupted. 

In practical terms, this means reviewing your organisation’s business continuity and digital resilience plans to ensure the risk of political interruption to services is included.

Ireland’s digital economy has been a great success story, but that success must not come at the cost of control. We cannot afford to build our future on platforms that could be switched off by another government. 

Nor can we afford to rely on providers whose governments may hold us to ransom, breach our laws, compromise our values or invade our privacy. If we want to protect our data, uphold our laws, and maintain the trust of our citizens and customers, we must take back control of our digital infrastructure, before the next crisis forces our hand. 

The ransomware attack against the HSE in 2021 demonstrated clearly the impact a major interruption in digital services can have. Let’s not wait for another crisis to remind us of what we should have protected.

• Brian Honan is a recognised international expert on cybersecurity. He is chief executive of BH Consulting, an independent advisory firm on cybersecurity and privacy based in Dublin