top of page

Europe’s semiconductor strategy: a software blind spot?

Updated: Jun 26

by Paolo Azzoni, Jean-Luc di Paola Galloni, Remi Cornubert & Jerker Delsing



Semiconductors are the foundation of the software industries and

services, and a more holistic strategy is required to maximise

European investment in semiconductors and put in place the condition

of success of big software leaders that Europe is missing.


China and the US have well understood the critical importance of mastering both hardware and software and of creating leaders in both domains. Both countries have launched massive public programmes to grant dozens of billions for both hardware and software developments. This trend has been accelerating with the surge of AI. Other countries such as Japan, Canada and Korea are following the same route. 


The European Union’s (EU) current approach to semiconductor strategic autonomy, heavily influenced by political agendas and semiconductor companies, prioritises safeguarding upstream production – the chips themselves. While this focus is understandable, it creates a critical blind spot – the software stack – since the investment level should be at least similar to, if not bigger than, the one in hardware.


In 2022, $130 billion was spent globally on software CAPEX: the US accounts for 80% with $103 billion and Europe only a small 1%.  For private R&D spend the ratios are similar: in 2022, the software industry invested around $240 billion in R&D, with American companies accounting for 74% and their European counterparts for only 6%.  


Neglecting the software dimension risks negating the substantial investments in chip production and ultimately leads to a crippling dependency on software from other regions like the US and China, generating damage in the downstream segments of the value chain which, in terms of revenues, far exceeds the harm generated by dependencies in the upstream.


The need to invest massively in software has become even more critical with the rise of AI.

AI will boom in the next few years: the market was valued at $420 billion in 2023 and is expected to grow by 29% CAGR up to 2030, accounting for $2480 billion.


According to Bloomberg, Generative AI alone could reach $900 billion in revenues by 2030, growing at 39% per year.


Recent years have seen many public AI investment plans around the globe:




  • Each year the US spends about $8 bn in AI, big data and software R&D, constantly increasing, with a 50-50 split between defence and non-defence spending.

  • The public investments of China in AI are unclear because they are made through numerous guided investment funds, but a CSET study estimates it at a few billion dollars each year.

  • Japan has several public funding agencies that spend $700 m each year on AI and software. In 2023 $49 m was spent to build a new supercomputer.

  • There is also a $50 m plan between Japan and US to fund AI research, including funds for Nvidia.

  • The federal government of Germany has a €5 billion plan to promote research on AI until 2025.

  • In 2021, Spain enacted its €600 m plan for research in AI.

  • France launched a €500 m plan for AI, which includes research and education in its plan “France 2030”.


The European Union has already launched its own €300 m plan to fund AI research, but this plan is not at the scale of the expected market rise.


However, the US dominates private investments in AI with an important increase of investments in generative AI; the EU accounts for less than 5% of private investment.


In an optimistic scenario, AI chips are projected to constitute roughly 45% of the global demand for chips by 2027, fueling an increase in overall chip demand.


But the moves made by the players are showing that hardware and software will be more and more interrelated/integrated: a significant investment in chips must go along with a massive investment in all software layers to stay in the competitive race and create the jobs of tomorrow in EU.



The uncontrollable software stack

Europe doesn’t yet have leaders such as Google, Apple, Microsoft, Amazon, Meta, Baidu, Alibaba and Huawei due to lack of political resolve. These giants can decide to spend billions of dollars by themselves whereas European companies simply cannot afford to, and European strategic autonomy is at stack! 


Unlike chips, which are pieces of physical objects, software presents a far more complex challenge. Applications can comprise billions of lines of code. Complexity, uncontrollability and unpredictability reach critical levels in the case of all software stacks, including AI. Even seemingly transparent open-source software often lacks rigorous testing and evaluation. Open-source development typically addresses bugs reactively, once they’ve been discovered, lacking the structured testing procedures of closed-source software.


Therefore, while ensuring secure chip production is vital, safeguarding the entire software stack is even more critical. Reliance on US and Chinese software creates dependencies and vulnerabilities beyond the chip itself, potentially exposing entire systems to manipulation by uncontrollable entities. Imagine a scenario where malicious actors gain control of software components residing at different layers of the technology stack. This could potentially expose sensitive data, disrupt critical infrastructure, or manipulate entire systems, all without ever physically touching the chips themselves.


The unforeseen threat: a lack of awareness

Alarmingly, there seems to be a lack of awareness at the EU Commission and political leadership levels regarding the necessity to safeguard the software stack and minimise its dependencies on other regions of the world, which could critically impact on the strategic autonomy of the value chain of EU key applications based on digitalisation.


Several layers of the software stack are affected by these risks, especially in the lower layers close to the hardware:

  • Firmware: This low-level software resides on the chip itself and acts as its interface with other software layers. While some firmware is developed by chip manufacturers, it is often created by board integrators, potentially falling outside of EU control. Since firmware forms the very foundation of the software stack, its security is paramount, making it crucial to secure.

  • Virtualisation software: this is critical software enables resource sharing and isolation on a single physical system. Vulnerabilities in virtualisation software can expose all virtual machines and containers running on that system.

  • Drivers: These software components act as translators between hardware devices and the operating system. Insecure drivers can allow attackers to manipulate hardware functionality, potentially leading to data breaches or system disruptions.

  • Operating Systems (OS): Currently, no major OS vendor is headquartered in the EU. This creates a significant dependency, as all subsequent software layers – business logic, applications, and Systems-Of-Systems (SoS) platforms – rely on the underlying OS.



The risks affect also the high-level layers of the software stack:

  • Cloud applications, development tools: These layers are critical to develop services, get access to data and monetise it.

  • Application layers: these layers include application specific software, e.g. autonomous driving stacks (Waymo-Google, Weride, Baidu) are not currently covered by European companies.


Case in point: the weaponisation of simplicity 

To understand the exposure generated by software dependencies and the potential risks, consider as an example a wireless headset, which almost everyone owns. These seemingly simple devices, when compromised, can trick smartphones or laptops into recognising them as keyboards (headsets typically have a button for pairing), potentially enabling unauthorised access or data exfiltration. Now, imagine scaling this vulnerability to complex systems like vehicles, manufacturing lines or healthcare devices with million or billion-fold increases in complexity. The consequences of lack of control of software and its vulnerabilities in such critical systems can be catastrophic.



AI: a unique challenge within software

As anticipated, AI adds another layer of complexity to the software landscape, in terms of both dependencies and security. AI’s specific features and functionalities demand unique safeguards due to its potential impact, far exceeding other software categories. This strengthens the case for EU strategic autonomy across the entire AI technology stack, ensuring control over its development and deployment. Moreover, having AI European leaders compliant with the AI Act is an efficient way to influence other companies to respect European law.


AI has been driving significant moves in the value chain for a few years. Hardware players are developing software suites and platforms to help their clients leverage the computing power of their hardware in AI.


From hardware to software, the traditional chip maker business model is integrating software development activities. Major chip manufacturers are now engaged in developing both hardware and software simultaneously, aiming to enhance their solutions’ support capabilities. Critical fields of play are AI training, cybersecurity, and simulation.


NVIDIA is the best example of this move with its software suite called AI Enterprise. It is also developing its next generation AI Platform called Rubin AI which should be launched in 2026. AMD and INTEL are following the same path with their own software package around development and graphic tools, but also cybersecurity, cloud services and infrastructures.


NVIDIA is the best example of this move with its software suite called AI Enterprise. It is also developing its next generation AI Platform called Rubin AI which should be launched in 2026. AMD and INTEL are following the same path with their own software package around development and graphic tools, but also cybersecurity, cloud services and infrastructures.


Nvidia has acquired two small optimisation technologies to integrate them into their emerging cloud activity, to reduce costs and improve their competitiveness.


From software to hardware, the traditional software providers have entered the fabless design hardware market through fabless design. Apple M-Series chips, Amazon Chips are examples of commercial success. New chips are arriving from Microsoft and Google. Most Chinese players have also integrated toward chip production or design.


On the other hand, software players are designing, developing or even planning to produce their own chips dedicated to AI. Apple started to develop its own chips years ago for its Mac laptops and is now doing the same for AI. Google, Meta and  Microsoft have entered the race to catch up with AI by developing specific GPUs. It is worth mentioning that Europe has a few chips players that could be competing such as foundry-free ARM, NXP and Kalray but we have only a few limited players in AI like the French Licorne Mistral aiming at competing with ChatGPT.


Finally, telco and  internet hardware players have entered the game to provide software platforms to allow the development of specific applications based on connectivity but are moving forward by using AI to provide autonomous features in automotive: BlackBerry which offers four platforms (QNX Software Development Platform, cybersecurity & OTA management services, a cloud-connected software platform)  and Qualcomm (Snapdragon Ride Flex SoC: a central compute solution that acts as the brain for SDVs, Car-to-Cloud Services, Connectivity and ADAS/AD Capabilities and Snapdragon Automotive 5G Platform). None of them are European with the exception Elektrobit, which has developed an interesting platform for automotive based on an open-source Linux OS.


Elektrobit is launching the first open-source software development kit certified for safety-critical automotive systems. Elektrobit has been looking for a way to accelerate automotive software development to match this new pace, bridging the gap between speed and safety regulation. Its new software stack is EB Corbos Linux for Safety Applications. This safety-certified electronic architecture allows OEMs and Tier 1 suppliers to employ Linux coding for safety applications, making it vastly easier to program AI applications, perception stacks (cameras, lidar, radar), cockpit systems and more.


From identification to action: securing the software stack

Having identified the critical role and impact of software on the value chain and related applications, the question remains: how do we address it? Urgent actions to safeguard EU strategic autonomy in software include:


  • Increased investment in EU software stack development: the existing Chips for EU initiative should allocate a larger portion of its budget to software development efforts. This will foster innovation and create a robust EU software ecosystem, limiting the dependencies on other regions of the world, increasing control on the software stack and safeguarding the applications that depend on it. The Chips JU is the most reasonable initiative because an efficient software stack can be designed and developed only in close conjunction to hardware development.

  • Dedicated software programs: establishing specific programs closely linked to the Chips JU would incentivise collaboration and accelerate progress in securing the software stack. Developing AI specific software layers would leverage the power of AI GPUs and allow the development of software dedicated applications in EU.

  • The EU Software Act: a dedicated act should outline regulations, funding initiatives and research programmes aimed at strengthening the security of software components across the hardware stack.

  • Political commitment to create European leaders in software is critical to motivate large-scale public-private collaborations.


Practical considerations: addressing the skills gap

Beyond policy changes, practical challenges exist. The EU faces a significant shortage of skilled software engineers. To address this critical gap, we need:

  • Engineering automation: automation is the only viable solution to mitigate the skills gap, to increase software productivity and to reduce lead times to develop new software applications. The EU is currently lagging behind in this area, with US companies dominating the engineering automation market.

  • Investing in EU engineering automation development: supporting EU-based companies developing engineering automation tools is essential to reduce reliance on foreign solutions and foster domestic innovation. This will create a self-sustaining ecosystem with a skilled workforce capable of addressing future challenges.

  • Train software developers and specialists: accelerating the creation of dedicated software training programmes at Universities and Engineering Schools across the EU is crucial.

  • Attract foreigners with software skills: develop a specific programme to locate and attract experienced software engineers in EU coming from NAFTA, India, etc.


Where to invest? The power of proximity 

Investing in the Chips JU for software development is key. The low software layers (firmware, drivers, OS, virtualisation) need to be designed and developed alongside the new generation of chips. This co-location fosters synergies and optimises efficiency and performance, ensuring the creation of a solid and independent hardware/software ecosystem - what we call the “full technology stack”. In this stack, the service layer is needed to develop innovative services that will generate huge revenues so that Europe remains a leading region.


Chips pilot lines and accelerator programmes must be included in this ecosystem, by facilitating technology transfer to industry and ensuring large-scale production. Without the corresponding software layers, the full potential of these initiatives and the new chip generations they will generate cannot be realised.


Conclusion: a holistic approach for a secure future

While the EU’s focus on semiconductor strategic autonomy is commendable, the current strategy overlooks the critical software dimension. Highlighting the software international dependencies and hidden vulnerabilities across the technology stack is crucial. A holistic EU strategy encompassing both hardware and software, ensuring true strategic autonomy, security and safeguarding the full technological stack is crucial in the rapidly evolving geopolitical and economic landscapes.



Download ISSUE 7 of INSIDE Magazine via this link: https://www.inside-association.eu/publications






Commentaires


bottom of page