Description
Private companies are now central to cybersecurity management and resilience across Europe. Never has public-private cooperation been so important to national security policy. The success or failure of cybersecurity depends crucially on this relationship and its ability to steer complex technologies. Yet there is a remarkable dearth of knowledge about this process at the national level and how it can be theorised. Whilst the literature on the European Union (EU) as a cybersecurity actor has surged in recent years, in particular following its ‘technologically sovereignty’ turn (Farrand et al 2024; Barrinha and Christou 2022) we know much less about the European nation-state landscape. Here, private companies not only provide key ‘public’ services, including cybersecurity, but also shape policy (Carrapico and Farrand 2016). This interplay between public and private actors creates what has been described as "hybrid sovereignty" (Srivastava 2022), where traditional notions of state sovereignty are redefined through collaborative and interdependent governance frameworks. Our paper aims to expand the concept of hybrid sovereignty by further exploring how it can operationalised to explain the dynamics present in the field of European cybersecurity, in particular comparing ‘idealised sovereignty’ and ‘lived sovereignty’.
