The (False) Promise of Solutionism. Epistemic Authority and the Delegation of Core State Powers in Digital Governance

Digital technologies are transforming security governance. While they provide security actors with new tools, they simultaneously confront them with novel challenges. In the EU, public authorities strongly rely on private - and often non-European - tech companies in responding to these challenges. However, repeated performance issues and frequent invocations of Europe's digital sovereignty seem to put in question the close relationship between public actors and private firms in the delivery of public responsibilities of central (geo-)political importance. While political scientists have begun to investigate the private provision of technological security solutions, the literature has not sufficiently understood why, in view of persistent controversies, EU decision-makers continue to rely on private tech companies. Moreover, existing studies have focused on cybersecurity, leaving the role of private tech companies in other security-relevant areas largely unexamined. In this paper, we attempt to close this gap with two case studies: one on the central position of the US data analytics company Palantir in EU law enforcement and intelligence; and one on the prominent role of tech companies in the European cloud project Gaia-X. Using interviews, official documents, and documents obtained through FOI requests, we show how private tech companies frame security problems in ways that make their involvement seem necessary, their tools effective, and their interests aligned with those of public actors. Specifically, we argue that the epistemic authority of tech companies derives from their ability to define security problems as technological problems, for which they can then credibly promise technological solutions. Given potential dependencies that manifest after continued reliance on private security providers, understanding how tech companies use their ideational business power to secure a position in public security provision is of central importance. By pointing to emerging regulatory initiatives, our paper contributes to understanding the scope and limits of the regulatory security state.