Digital Sovereignty: The fortress Is not the resource
But in the control of the infrastructure
Looking at Infrastructure or governing how it operates? It may seem like a simple question, but it is not.
Inspired by history, I would like to offer a perspective drawn from a distant event, because history often has a great deal to teach us.
This story is about a critical infrastructure that has always been central to society and, for that very reason, has become one of hackers’ preferred targets in recent years: water supply systems.
In 97 AD, Emperor Nerva entrusted Sextus Julius Frontinus with one of the most important responsibilities in the Roman Empire: the management of Rome’s aqueducts. Following this appointment, Frontinus wrote an official report specifically dedicated to an investigation of the city’s hydraulic infrastructure. It is the only official report from the Roman era to have survived to the present day: De Aquaeductu Urbis Romae (“On the Aqueducts of the City of Rome”), written by Sextus Julius Frontinus in two books at the end of the first century AD.
Managing the water supply was a critically important administrative responsibility. Water had been reaching Roman cities for centuries, and the aqueducts were, in every respect, among the greatest achievements of Roman engineering.
When Frontinus began his work, he discovered something unexpected:”Inveni praeterea quosdam ductus minus quam in commentariis contineretur erogare.”
That is: “I found that certain conduits were delivering less water than was recorded in the official registers.”
The volume of water that should have reached Rome ought to have been significantly greater than the amount that was actually available. What was remarkable was that there was no shortage of water at the sources, nor were there leaks in the infrastructure. Instead, somewhere along the distribution network, someone had begun diverting more water than they were entitled to through unauthorized diversions, fraudulent concessions, and fictitious privileges.
The problem was not the infrastructure itself, but its control.
Until that moment, attention had been focused on the water—that is, the resource. Frontinus shifted the focus to the aqueduct.
It was clear that power did not lie in the resource itself—which at that time was abundant—but in the ability to control it, transport it, and distribute it. And no one understood this better than the Romans.
The real competitive advantage was not the raw resource, but the infrastructure itself, the capability to operate it, and—before anything else—the authority to decide how it should be used and managed, or even whether its supply should be shut off.
Does this remind us of anything?
Consider the case of Anthropic. It does not matter where the data resides, where the provider is headquartered, or which flag flies above the data center. What truly matters is who can flip the switch, who governs the infrastructure, and who has the authority to decide whether it should be turned off.
Artificial Intelligence—like every other strategic technology—is becoming a geopolitical asset. Even if the controversy surrounding Anthropic and the Pentagon were to subside, fundamental questions regarding the distribution of power have now emerged.
We are supposed to live in a free-market economy where private companies—subject to specific agreements and commercial transparency—generally enjoy the freedom to determine the conditions under which they provide their products. Yet it is becoming increasingly clear that sovereignty no longer depends solely on data ownership, but also on control over infrastructure, cybersecurity, networks, energy, and computing capacity.
We need to rethink both our reasoning and our strategy. The assumption that merely using something means we control it is clearly flawed. Owning the data does not mean controlling the infrastructure that makes it accessible, just as using a platform does not mean governing how it operates. Likewise, integrating an artificial intelligence model into business processes does not mean having control over its future availability.
When we talk about resilience, business continuity, or digital sovereignty, the real question—paraphrasing Julius Frontinus—is not how much water reaches us, but which aqueducts we depend on, who governs them, and how.
Cybersecurity has always had one overriding objective: preventing attackers from getting in—a challenge that remains fundamental. Today, however, that necessity is accompanied by an increasingly complex geopolitical landscape, leading us to another question: who has the power to prevent us from continuing to operate?
This is certainly a question about resilience, but it is equally a question about informed choice.
And this inevitably brings us back to digital sovereignty. Yet discussing it at conferences is no longer enough. We must implement a concrete strategy that recognizes the technological excellence within our own country and challenges the assumption that the “market leader” is always the only viable choice.
Gyala aims to contribute to this shift in perspective: we work with local partners, we develop 100% Italian technology, and we place infrastructure governance at the center of every security decision.