July 09, 2026

The Kill Switch and the Long Arm

This article was originally published in Lawfare.

Presenting the European Commission’s technology sovereignty package in June, Henna Virkkunen stated that one of its aims was to ensure that “nobody has a kill switch” over Europe’s critical systems. In the same press conference, Virkkunen—the commission’s executive vice-president for tech sovereignty, security, and democracy—singled out the U.S. CLOUD Act as a reason American cloud and artificial intelligence (AI) providers would struggle to reach the new rules’ most stringent sovereignty requirements.

But much remains undecided: The EU’s rules are still being written, and the biggest investments are still only plans. An assurance offered now can shape those choices but if offered later would change little.

Virkkunen’s comments reflect a major concern driving Europe’s sovereignty push: that reliance on American technology exposes Europe to the American government. But she fuses two different kinds of U.S. power—a distinction drawn sharply in the scholarship on weaponized interdependence, and one built into U.S. law itself. One is the kill switch, which disables or degrades a system by cutting off the access or updates it needs to keep running, through sanctions or export controls. The other is the long arm, which can force a U.S. provider to produce data it holds abroad, or to assist foreign intelligence surveillance.

Read the full article in Lawfare.

View All Reports View All Articles & Multimedia