Not Just European, But Trustworthy: What DNS4EU Reminds Us About Sovereignty, Surveillance, and (Actual) Security

When Infrastructure Becomes Political

Once upon a time, infrastructure was invisible. It quietly kept the world running – roads, pipes, power grids, protocols. You only noticed it when it broke.

But digital infrastructure isn’t invisible anymore. It’s political. It’s strategic. And increasingly, it’s personal.

In this landscape, something as seemingly dull as a DNS resolver has become a question of values. Trust. Privacy. Power.

Enter DNS4EU: The EU’s Answer to Big Tech’s DNS Grip

DNS4EU, the European Commission’s initiative for a “privacy-first” DNS resolver, ticks all the boxes on paper:

• Hosted in Europe
• Commercial tracking blocked
• Malware and phishing protections baked in
• DNS providers vetted and certified by the EU

Sounds good, right?

The recently published Substack piece by PrivID, Inc. Co-Founder and CEO, Jiří Fiala, dives into what’s working – and what’s not. The short version? While DNS4EU promises sovereignty and privacy, it stops short of delivering actual autonomy.

Privacy… But Only Within Certain Limits

The core issue? DNS4EU providers are required to comply with “lawful interception” mandates. In other words, they can be compelled by governments to hand over DNS data.

And that’s not a small caveat.

For people seeking sensitive support services, accessing dissident content, or simply trying to stay below the radar of an abusive partner or coercive employer – DNS-level logging can be a quiet but dangerous leak.

Sovereignty ≠ Safety for All

Here’s where the trust-and-safety lens comes in.

Digital sovereignty might sound empowering, but it often gets co-opted into state-level surveillance frameworks – the very thing trust and safety practitioners are often tasked with navigating, mitigating, or quietly challenging behind the scenes.

So while DNS4EU might be better than handing your queries to Google, Cloudflare, or OpenDNS… we still have to ask:

Better for whom? And under what conditions?

Why Zero-Knowledge Architecture Matters

At 3 Steps Data, we’ve built our platform on the principle of zero-knowledge design – systems that can’t leak what they never store. No backdoors. No grey areas. No “it depends who’s asking” handovers.

We think all infrastructure that claims to protect vulnerable users should meet that standard – not just in how it’s marketed, but in how it’s engineered.

DNS4EU may be a step in the right direction. But the ability to surveil will always undermine the promise of privacy.

A Quick Sidebar: What This Means for Trade and Global Trust

Why should this matter to businesses or policymakers outside the EU? Because the design of public infrastructure has knock-on effects far beyond national borders.

Take CETA – the Comprehensive Economic and Trade Agreement between the EU and Canada. It includes provisions on data flows and digital trade.

Agreements like this are increasingly influenced by regional standards on privacy, data protection, and even DNS security.

If DNS4EU sets a precedent – for better or worse – that precedent could shape expectations across partner countries, including Australia. So when we talk about “European” infrastructure, we’re also talking about the future contours of interoperability, digital rights, and global governance.

The Bigger Question: What Do We Want From Public Infrastructure?

Good intentions aren’t enough. If we’re building public digital infrastructure, it needs to work especially well for the people most at risk – not just the average user or the compliant citizen. That’s the heart of what Trust and Safety is all about: designing systems that protect without punishing, and respond without overreaching.

And when we evaluate tools like DNS4EU, we need to move beyond binary debates (Big Tech vs Big State) and ask the harder questions:

• What protections exist when interests conflict?
• What recourse is available if something goes wrong?
• Who ultimately gets to decide what’s ‘safe’?

Final Thought: You Deserve More Than a Different Boss

Swapping Silicon Valley surveillance for state-controlled surveillance isn’t liberation – it’s just a different kind of oversight.

Digital sovereignty must be about more than control. It must be about consent, choice, and true safety.

Because in the end, trust isn’t just about geography. It’s about design.

About the Author:

Kim Chandler McDonald is the Co-Founder and CEO of 3 Steps Data, driving data/digital governance solutions.
She is the Global VP of CyAN, an award-winning author, storyteller, and advocate for cybersecurity, digital sovereignty, compliance, governance, and end-user empowerment.