The Strategic Shift to European Cloud and Why This Matters for Our Collective Resilience,
Presented by Kristof Tuyteleers, CISO of DNS Belgium, at BE-CEC on June 23, 2026 in Auberge du Pêcheur , Sint-Martens-Latem.
On June 23, during the BE-CEC gathering at Auberge du Pêcheur in Sint-Martens-Latem, one keynote stood out for reframing cybersecurity in a way that many in the audience had not fully considered before. In his presentation, Kristof Tuyteleers, CISO of DNS Belgium, challenged conventional thinking about digital resilience and brought attention to one of the internet’s most critical yet often invisible layers: the Domain Name System (DNS).
His central message was both simple and profound: digital sovereignty is no longer a theoretical discussion for policymakers or futurists. It is a pressing operational reality. Every organization, from banks and hospitals to governments and logistics providers, increasingly depends on a global digital infrastructure that is highly concentrated in the hands of a few dominant technology providers. That concentration creates efficiency, scale, and innovation—but also introduces strategic vulnerabilities.
Kristof argued that resilience today can no longer be measured only through firewalls, endpoint detection, or ransomware preparedness. Organizations must also understand their structural dependencies—especially dependencies that sit deep in the internet’s architecture and remain largely unnoticed until they fail.
As he explained, DNS is exactly such a dependency.
Most executives rarely think about DNS. It works silently in the background, translating human-readable domain names into IP addresses so systems can communicate. But that invisibility creates dangerous complacency.
Kristof described DNS as the “frontline of resilience and sovereignty.” If DNS fails, digital services may still technically exist, but they become unreachable.
That distinction is critical.
A banking platform may be fully operational. Government services may continue running in data centers. Healthcare systems may remain available. Cloud workloads may still process transactions. Yet if users cannot resolve the domain names required to access those services, the practical result is identical to a complete outage.
No ransomware.
No malware.
No AI attack.
Just DNS.
That scenario formed one of the most compelling parts of the keynote. Kristof asked the audience to imagine a future crisis in which Europe’s critical digital services remain online, but Europeans can no longer reliably reach them because control over foundational internet layers has shifted beyond their influence.
Suddenly, the issue becomes far larger than IT.
It becomes a matter of sovereignty.
The presentation deliberately moved beyond technical considerations. Kristof positioned digital sovereignty as a strategic governance issue.
In recent years, boards have become familiar with concepts like energy security and supply chain resilience. Executives understand the dangers of overdependence on single suppliers or politically unstable regions. The pandemic, geopolitical conflicts, and economic disruptions have reinforced those lessons.
Kristof argued that cloud infrastructure and DNS must now be evaluated through the same lens.
The question is no longer whether digital dependencies matter.
The real question is whether organisations understand those dependencies before they become a crisis.
This is especially relevant in Europe, where increasing geopolitical tensions raise difficult questions about long-term reliance on foreign hyperscalers and non-European infrastructure providers.
Kristof did not frame this as an anti-cloud argument. Quite the opposite. He acknowledged the immense benefits of hyperscalers: scalability, automation, operational efficiency, security tooling, and access to scarce technical talent. For many organisations, cloud migration remains a rational and beneficial decision.
But efficiency alone cannot be the only metric.
Resilience requires optionality.
And optionality requires control.
One of the most thought-provoking moments came when Kristof discussed what he referred to as the growing risk of “tech monoculture.”
The internet was originally designed for redundancy and decentralization. Its architecture aimed to eliminate single points of failure and ensure continuity even under severe disruption.
Yet today, much of the digital economy has become concentrated around a handful of global providers.
This concentration introduces a paradox.
Organizations often migrate to large cloud providers to improve resilience. But if enough organizations rely on the same providers, resilience at the system level may actually decrease.
A failure, policy change, regulatory conflict, geopolitical dispute, or service disruption affecting one dominant provider could have cascading consequences across sectors.
Kristof connected this directly to digital sovereignty.
If critical infrastructure depends heavily on foreign-controlled platforms, then European resilience becomes increasingly influenced by foreign policy decisions, external regulatory disputes, and geopolitical developments beyond Europe’s control.
He summarized this risk bluntly: dependence can quietly evolve into strategic vulnerability.
To explain why this matters, Kristof offered important historical context.
He revisited the creation of Internet Corporation for Assigned Names and Numbers (ICANN), which emerged from a U.S. government initiative to transition management of the internet’s naming and addressing systems into a globally represented nonprofit structure.
This history illustrates a key truth: control over internet infrastructure has always had geopolitical implications.
That reality becomes more visible during times of global tension.
Kristof suggested that Europe should reflect on whether its current level of dependency aligns with long-term resilience goals.
He drew a powerful analogy with Europe’s decision to build its own satellite navigation system, Galileo, after decades of reliance on the U.S.-controlled GPS network.
Europe recognised that strategic autonomy in navigation mattered.
Another example is the global supply chain.
The same logic increasingly applies to digital infrastructure.
If sovereignty matters in space, energy, and supply chains, why would it not matter in cloud infrastructure, DNS, and data governance?
One reason Kristof’s presentation resonated strongly was that he spoke not just as a theorist but as someone actively making difficult infrastructure decisions.
DNS Belgium manages critical components of Belgium’s domain ecosystem, including the .be namespace, alongside .brussels and .vlaanderen.
As a not-for-profit organization with roughly 43 employees, DNS Belgium oversees more than 1.7 million .be domains, plus thousands of .brussels and .vlaanderen registrations. It operates registry databases, WHOIS and RDAP lookup services, authoritative DNS, DNSSEC, and anti-fraud initiatives designed to strengthen Belgium’s digital ecosystem.
Availability is paramount. Failure is not an option.
Kristof emphasized that DNS Belgium is deeply risk-averse—and intentionally so. The organization continuously monitors risks across infrastructure, regulation, security, and geopolitics.
This risk-based approach has led to a major strategic decision.
DNS Belgium is moving its registration platform away from Amazon Web Services (AWS).
Importantly, Kristof made clear this is not due to dissatisfaction with AWS as a technology provider. In fact, he acknowledged strong service quality and capabilities.
The driver is geopolitical risk. That distinction matters.
The decision reflects a broader shift in risk assessment: even if a provider is technically excellent, dependency risk may still become unacceptable if control lies outside strategic comfort zones.
DNS Belgium’s registration platform processes critical operations, including 500 to 800 new domain registrations per day as well as transfers and administrative changes. Any disruption would impact core internet services.
The migration decision followed extensive evaluation criteria, including:
This illustrates a new procurement mindset.
Infrastructure selection is no longer purely about performance and cost.
Strategic resilience is becoming a selection criterion.
Kristof also linked his message to European regulation, especially NIS2 Directive and Critical Entities Resilience Directive.
These frameworks are forcing organisations to rethink operational resilience at a systemic level.
Historically, many cybersecurity programs focused heavily on direct threats:
Those remain important.
But NIS2 and CER broaden the perspective.
Organisations must now understand dependencies, supply chains, third-party risks, and cascading failure scenarios. This includes cloud dependencies. It includes DNS dependencies. It includes systemic concentration risk.
Kristof suggested that boards should begin asking more difficult questions:
Who controls our critical infrastructure?
Where are our hidden single points of failure?
What happens if geopolitical conditions change overnight?
Can we continue operating if access to a dominant provider becomes restricted?
Do we understand the strategic implications of our architecture choices?
These are no longer abstract governance questions.
They are resilience questions.
A recurring theme throughout the presentation was the danger of invisible concentration.
Many organisations believe they are diversified because they use multiple SaaS tools, security vendors, and cloud services.
But deeper analysis often reveals hidden centralisation.
Multiple “independent” services may still rely on the same DNS providers, the same cloud backbones, the same certificate infrastructure, or the same identity providers.
This creates systemic fragility.
Kristof urged attendees to map dependencies beyond immediate vendors.
The real risk often lies one or two layers deeper.
That is where hidden single points of failure emerge.
And because these dependencies are abstract, they rarely receive sufficient executive attention.
Until something breaks.
As co-founder of the European TLD ISAC, Kristof strongly believes resilience cannot be built in isolation.
Cybersecurity has increasingly become collaborative.
Threat intelligence sharing, sector coordination, and collective preparedness are essential because infrastructure risks often span entire ecosystems.
A failure in foundational internet services affects far more than one company. It affects communities. Economies. Nations.
This is why Kristof emphasised the need for stronger European collaboration around digital infrastructure.
Sovereignty does not necessarily mean isolation or rejecting global technology.
It means ensuring Europe retains sufficient control, redundancy, and strategic autonomy to remain resilient under stress.
That nuance was important.
The presentation was not a call for digital protectionism.
It was a call for informed strategic balance.
One of the most striking observations from Kristof’s keynote was that the shift toward European cloud is already happening.
Organizations increasingly recognise that resilience discussions must include:
According to Kristof, feedback from stakeholders, vendors, and peer organisations has strongly validated DNS Belgium’s direction.
Many are beginning to ask the same questions.
Many are reaching similar conclusions.
The industry appears to be moving toward a more mature understanding of resilience—one that includes geopolitical realities.
Kristof Tuyteleers closed with a powerful call to action.
The future of cybersecurity will not be defined solely by better tools or more advanced detection systems.
It will also be defined by better strategic choices.
Where we host.
Who we trust.
What we control.
How we diversify.
These choices will shape Europe’s digital future.
His keynote left the BE-CEC audience with a sobering but necessary insight:
The greatest cyber risks are not always the attacks we see coming. Sometimes they are the dependencies we stopped noticing.
In a world of rising geopolitical tension, resilience depends on more than defense. It depends on sovereignty.
And sovereignty begins by understanding the invisible foundations on which our digital society is built.
For many attendees, that was the defining takeaway of the afternoon.
DNS is no longer merely technical plumbing.
It is strategic infrastructure.
And in the years ahead, control over that infrastructure may become one of the most important determinants of collective resilience in Europe.