InsightsSovereignty

Technology Sovereignty: Why Mastering Your Digital Destiny Is No Longer Optional

February 26, 2026
14 min read

In November 2025, the Government of Canada published its Digital Sovereignty Framework, defining it as “the capacity to exercise autonomy over its digital infrastructure, data and intellectual property.” This is not an abstract concept reserved for geopolitical debates. It is an operational, strategic, and financial issue that affects every public, parapublic, and private organization in Quebec.

And the signals are clear: the model of delegating everything externally without building internal capabilities has reached its limits.

A Quebec Reality: Twenty Years of Ignored Warnings

The problem is not new. As early as 2006, the Quebec Auditor General documented that IT outsourcing spending had risen from 26% to 55% of total IT expenditures in a single decade, a ratio “much higher than what is found in other government organizations internationally.” The VGQ concluded that strategic positions were being entrusted to external resources, causing a loss of institutional expertise.

Five years later, the VGQ's report on IT contracts drove the point home: “frequent outsourcing can, over time, lead to the stagnation of internal expertise, or its outright loss.” The report also revealed that contracts received an average of only 1.9 bids, that the incumbent vendor almost systematically won the next contract, and that an external consultant cost between $400 and $950 per day, compared to $215 to $475 for a public servant.

As the SPGQ summarizes: “the Quebec Auditor General has been raising concerns about outsourcing for the past 20 years.” Twenty years of warnings, and yet, the situation has only worsened.

In Canada: A Framework That Names the Real Issues

The federal framework identifies five fundamental challenges that resonate directly with the reality of our organizations:

  • Market concentration: a small number of global technology giants dominate supply, creating concentration risk and limited flexibility.
  • Insufficient internal capacity: organizations have limited ability to design, manage, and secure complex digital systems in-house.
  • Supply chain vulnerabilities: dependency on global suppliers exposes organizations to security risks beyond their direct control.
  • Jurisdictional complexity: laws like the U.S. CLOUD Act (2018) allow authorities to access data held by American companies, regardless of where that data is stored in the world.

The federal government formalized this in its Digital Sovereignty Framework: it is more important than ever to adopt a made-in-Canada approach to technology.

The Hidden Cost of Dependency: Billions in Overruns

Technology sovereignty is not just a matter of principle, it is a matter of billions. Federally, the Phoenix pay system , built by IBM for $309 million, has cost over $4.8 billion in a decade, affecting 483,130 public servants. In Quebec, the Dossier Santé Québec ballooned from $563 million to over $1.4 billion. The SAAQ's CASA program (SAAQclic): from $81 million to $329 million for a single delivery phase. The RENIR network: from $144 million to over $350 million, while 78% of emergency responders refused to use it.

This is not an accident, it is a pattern. According to the Parliamentary Budget Officer, outsourced IT services cost 22 to 26% more than if they were delivered in-house. Worse: the final value of federal IT contracts averages more than double the original amount, an inflation of 115%.

When code does not truly belong to the organization, when it was developed by external teams without knowledge transfer, without adequate documentation, without aligned architectural standards, costs explode silently. And the bill always arrives eventually.

The Shift Toward Sovereignty Has Begun

The movement is no longer theoretical. In February 2026, the Gallant Commission recommended creating a “centralized entity specialized in state digital transformation” and “reducing dependency on consultants and external firms.” Its finding: projects exceeding $50 million or spanning more than 5 years should require Cabinet authorization.

The SFPQ summarizes the structural diagnosis: “the public service as a whole suffers from a recurring deficit in internal IT resources.” Even more damning: “the skyrocketing cost of projects is directly attributable to the shortage of IT workers.” The internal expertise deficit creates a dependency where external suppliers “take full advantage to overbill.”

At the same time, Quebec published its Digital Sovereignty Policy Statement, which explicitly aims to “reduce technological dependency and strengthen the autonomy of the digital ecosystem” through promoting open-source software, developing custom solutions, and investing in strong Quebec digital expertise.

The Levers to Take Back Control Exist

One of the historical arguments against technology insourcing was the complexity of governing internal development. That argument no longer holds, federal and provincial policies confirm it.

The federal government, in its Open First Whitepaper, acknowledges that vendor lock-in is both a “technical handicap” and an “economic handicap,” and that “the lack of an interoperability framework and open standards poses a significant risk to the sustainability of solutions.” The Government of Canada Digital Standards explicitly prescribe to “use open standards and solutions to avoid lock-in.”

Policy as Code allows organizations to encode these governance, security, and compliance rules directly into development pipelines. Instead of manually checking whether a deployment meets standards, after the fact, automated guardrails validate it before every production release.

This is the end of the false dilemma between speed and governance. With the right frameworks in place, your internal teams can innovate faster than external teams, because they understand your business context, your technical debt, and your regulatory constraints.

What Technology Sovereignty Really Means

Technology sovereignty does not mean doing everything alone. As the Government of Canada's Digital Sovereignty Framework defines it, sovereignty is “the capacity to exercise autonomy over its digital infrastructure, data and intellectual property.” Quebec adds that this sovereignty aims to “reduce a government's dependency on foreign companies.” The viable approach is managed interdependence: diversifying suppliers, demanding interoperability, and above all, building the internal capacity to understand, evaluate, and direct your own technology trajectory, otherwise, as Carleton University's Robert Shepherd warns, what emerges is “ a shadow bureaucracy of private consultants” where “very few competencies remain” internally.

In practice, this means:

  • Audit your current dependency: identify areas where you could not switch providers without prohibitive costs or delays. This is the starting point of any technical contract diagnosis.
  • Implement continuous alignment monitoring: beyond Policy as Code frameworks, ensure independent, real-time verification that deliverables, internal or external, meet contractual commitments and organizational standards.
  • Require independent technical validation: ensure that an objective external perspective validates the soundness of your technology choices and dependencies, free from conflicts of interest.
  • Insource progressively: start with the most strategic and well-understood functions, then gradually expand the internal perimeter, including independent validation at each phase.

The V.I.A. Approach

At V.I.A. Solutions, we validate the technical soundness of your technology choices and dependencies through independent advisory and validation:

  • Strategic Scoping: rigorous definition of needs and requirements before any RFP, to prevent drift from the start.
  • Technical Contract Diagnosis: audit of dependencies (vendor lock-in, proprietary APIs, closed technologies) integrated into contractual analysis. Identifying risks before they become costs.
  • Technical Realignment (Search & Rescue): when a project drifts, independent diagnosis and corrective actions to get the project back on track.
  • AI Strategy & Governance: guidance on AI adoption, use case evaluation, responsible governance, and an implementation plan adapted to the organization's reality.

The question is no longer whether your organization should master its technology destiny. The question is: how long can you afford to wait before getting started?

Ready to validate your next project?

Let's discuss your challenges. A 30-minute consultation to assess how independent technical validation can secure your project.