Lucie Kadlecová’s Cyber Sovereignty offers an ambitious and timely intervention into one of the most pressing questions in contemporary international relations: how sovereign states assert authority and control in the borderless, decentralised realm of cyberspace. Drawing on Stephen Krasner’s seminal typology of sovereignty, Kadlecová systematically maps how democratic states are adapting foundational concepts of governance to the unique characteristics of cyberspace.
Kadlecová employs Krasner’s fourfold framework—Westphalian (exclusion of external actors), international legal (recognition under international law as equals), domestic (internal authority and control), and interdependence (regulation of transborder flows)—to explore how each type of sovereignity plays out in cyberspace. A key analytical strength is her use of Krasner’s distinction between authority (the mutually recognised right to govern) and control (the ability to enforce decisions), which she uses to clarify how different types of sovereignty function in the digital domain. Westphalian and international legal sovereignty emphasise authority; interdependence sovereignty centres on control; and domestic sovereignty relies on both.
The book is organised around four case studies—Estonia, the Netherlands, Turkiye, and the United States—each illustrating a different sovereignty type. Estonia’s pioneering “data embassy” initiative, involving encrypted backups of state data housed in foreign territories yet under full Estonian jurisdiction, exemplifies a digital-age application of Westphalian sovereignty. By ensuring the continuity of state functions through technical redundancy, Estonia asserts sovereignty beyond its physical borders.
The Netherlands serves as a model of international legal sovereignty in cyberspace. Through initiatives like the Hague Process, the Global Forum on Cyber Expertise, and the Global Commission on the Stability of Cyberspace, the Dutch government has led efforts to define norms for responsible state behavior in cyberspace. Kadlecová shows how the Netherlands acts as a cyber norm entrepreneur, shaping global governance through diplomacy and multistakeholder engagement.
More controversial is Kadlecová’s selection of Turkiye to represent domestic sovereignty in a democratic context. She traces the evolution of Turkiye’s internet legislation beginning in 2007, which initially focused on child protection but expanded significantly over time to enable broad censorship and content removal. By 2016, these powers were used to suppress dissent in the aftermath of the coup attempt. Kadlecová presents this as a cautionary tale of how domestic legal authority can morph into authoritarian digital control when checks and balances erode.
The US case illustrates interdependence sovereignty through its exclusion of Huawei from its digital infrastructure. Kadlecová highlights how the US exercised control over cross-border technology flows for national security reasons and worked with private industry to build alternative supply chains. This example shows how modern sovereignty in cyberspace often depends on public-private partnerships and collective trust networks.
At its core, Cyber Sovereignty defends the continued relevance of the state in a digitally interconnected world. Kadlecová argues that sovereignty is not obsolete, as cyber-libertarians once hoped, but is instead evolving to meet the domain’s demands. Across her case studies, she shows that legal authority and technical capacity must be combined to enforce state preferences online. Estonia’s legal-technical hybrid for data protection, Turkiye’s law-based censorship paired with infrastructural control, and the US’s integration of legal tools and supply chain strategies, all underscore this interdependence.
For policy audiences, including Australian readers, Kadlecová’s analysis is highly relevant. Australia faces similar challenges around digital sovereignty, cyber defence, and foreign technology dependence—particularly amid escalating US-China technological rivalry. The book’s argument that liberal democracies, not just authoritarian regimes, assert cyber sovereignty through diverse strategies, resonates with Australia’s own initiatives on data localisation, platform regulation, and critical infrastructure protection.
That said, the book would have benefited from conceptually differentiating cyber sovereignty from adjacent notions such as digital sovereignty (autonomy over digital platforms and services, often emphasised by the EU), data sovereignty (control over data generated within national borders), and network sovereignty (grassroots or Indigenous control over communication infrastructure). While Kadlecová’s deliberate focus on democratic states helps balance a literature often dominated by discussions of Chinese and Russian models, it also limits the book’s global applicability. Excluding authoritarian and hybrid regimes from the analysis omits key dynamics shaping the future of cyberspace governance, including alternative models of internet control, infrastructural dependency, and digital colonialism.
This limitation becomes particularly evident in the chapter on Turkiye. By focusing only on the 2007–2016 period, Kadlecová excludes developments after the 2016 coup under the rationale that the book examines only democracies. This framing is problematic, as Turkiye exhibited signs of competitive authoritarianism as early as 2013, particularly during the Gezi Park protests and subsequent government crackdowns. Moreover, the post-2016 period marks the most intense phase of digital repression. This includes the introduction of the Social Media Law (2020) and Disinformation Law (2022), which enabled authorities to impose data localisation, mandate content removal, and fine or block non-compliant platforms. Simultaenously, the state has deepened its control over online narratives through loyalist networks, troll farms, and influencer campaigns—a dimension absent from Kadlecová’s analysis.
Furthermore, the treatment of Turkiye’s political trajectory is overly linear and lacks engagement with the Justice and Development Party’s (AKP) populist discourse, identity-based securitisation, and the ideological framing of cyber sovereignty as part of a civilisational project—often articulated through the rhetoric of “native and national technology.” In this context, it is worth noting that earlier scholarship—including my own 2019 article on Turkiye’s cyberspace governance—has addressed similar developments and could have added historical and geopolitical depth to Kadlecová’s account.
Despite these limitations, Cyber Sovereignty is a significant contribution to the study of international cyber governance. It challenges the myth of a post-sovereign cyberspace and provides a clear, well-structured account of how state power adapts to digital realities. For Australian policymakers, the book offers timely insights into how legal innovation, technological capacity, and public-private coordination must converge to secure national interests in an increasingly contested digital domain.
This is a review of Lucie Kadlecová‘s Cyber Sovereignty: The Future of Governance in Cyberspace (Stanford University Press, 2024). ISBN: 9781503638549.
Tuba Eldem is an Associate Professor of Political Science at Fenerbahce University and the Director of FBU’s Centre for Cyberspace Studies.
This review is published under a Creative Commons License and may be republished with attribution.
