David S. Germroth
Senior Advisor Defense and Intelligence Programs (EMEA and Japan)
The Need for a Sovereign Base Map: The base map has become strategic infrastructure. It is no longer a neutral backdrop for navigation, logistics, or civil administration. It is now embedded in the operating picture for military mobility, intelligence fusion, border surveillance, civil defence, critical-infrastructure protection, autonomous systems, and national resilience. In operational terms, the map has moved into the command-and-control layer. For Europe, Japan, and the non-U.S. Five Eyes partners, the decisive question is no longer which map offers the best commercial interface. The question is who controls the data pipeline when the strategic environment deteriorates. Control means authority over provenance, update cycles, hosting, access permissions, licensing terms, disclosure obligations, support continuity, and the ability to isolate sensitive layers from foreign legal, political, or commercial pressure.
Sovereignty Means Decoupling from U.S. Control, Not Decoupling from the Alliance: Geospatial sovereignty is not an anti-American project. The United States remains Europe’s indispensable NATO partner, Japan’s central security partner, and the anchor of Five Eyes intelligence cooperation. But alliance is not the same as custody. Even a trusted ally remains a sovereign actor with its own laws, export controls, intelligence priorities, procurement timelines, cloud-governance rules, and political cycles. Sovereignty should therefore be framed as controlled decoupling from unilateral U.S. control over mission-critical geospatial infrastructure. This does not mean weakening interoperability with the United States. It means ensuring that Europe, Japan, Australia, Canada, New Zealand, and the United Kingdom can continue to operate, update, audit, and defend their base-map infrastructure if U.S. support is delayed, legally constrained, commercially repriced, or politically contested. The objective is not strategic distance from Washington. It is operational independence under stress.
Why the Base Map Has Become a Strategic Dependency: Russia’s war against Ukraine has demonstrated that commercial platforms, satellite services, cloud infrastructure, software dependencies, and data flows are no longer neutral background systems. They can become instruments of support, coercion, denial, or escalation management. Mapping is embedded in this dependency chain. Road networks, bridges, ports, railheads, energy nodes, shelters, safe corridors, airfields, urban geometry, and maritime approaches can acquire military relevance overnight.
China presents a different, but equally serious, risk profile. Civil-military fusion, strict controls over geographic data, cybersecurity and data-security legislation, and national-intelligence obligations make provenance, ownership, and state influence central concerns. Any mapping environment connected to Chinese providers, Chinese territory, China-facing automotive platforms, or China-derived data enrichment should be treated as a contested-source environment before being admitted into defence or intelligence workflows.
The United States is different because it is an ally, but the sovereignty question does not disappear. U.S. jurisdiction, sanctions policy, export controls, lawful-access regimes, cloud-service governance, and domestic political priorities can all affect access, availability, and terms of use. This is normal sovereign behaviour. The mature allied response is not decoupling, but disciplined independence: building sufficient sovereign custody and technical optionality to preserve operational freedom while remaining fully interoperable with U.S. forces.
What Sovereign Geospatial Control Requires: Sovereignty in the geospatial layer is too often reduced to the nationality of the provider. Headquarters location matters, but it is not sufficient. A genuinely sovereign base-map capability requires control over data provenance, hosting, update cycles, schema governance, access rights, licensing, software supply chain integrity, security accreditation, and operational continuity. It must also enable classified overlays to be generated, protected, and distributed without uncontrolled telemetry, dependency on external APIs, or exposure to third-country cloud environments.
For defence and intelligence users, a sovereign map must meet practical operational tests. The underlying base data must be traceable, auditable, and fit for mission use. The system must be deployable on national, allied, classified, or air-gapped infrastructure. National agencies must be able to add, correct, restrict, or withhold sensitive layers without exposing them to vendors. Open-source, commercial, and user-generated data must be validated before being incorporated into operational workflows. The architecture must interoperate with NATO, European, Japanese, and national command-and-control environments. Above all, it must remain functional when commercial, legal, or political conditions outside the user’s control deteriorate.
No single provider can meet every requirement across reference mapping, precision mobility, source collection, analytics, visualization, exploitation, and operational delivery. The strategic answer is a layered sovereign map stack. One provider may supply reference data, another may provide self-hosted delivery infrastructure, and another may support visualization and exploitation. National authorities, however, must retain control over classified, military, and critical-infrastructure overlays. Sovereignty is therefore not delivered by a single corporate logo; it is achieved through architecture, contractual control, governance, and operational resilience.
The Strategic Requirement: Europe, Japan, and the non-U.S. Five Eyes partners require geospatial infrastructure that remains fully interoperable with the United States without being subordinate to U.S. control. This is not an anti-American position; it is a mature alliance posture. Strong alliances are most resilient when partners contribute robust national capabilities rather than depend on another state’s infrastructure as passive consumers. For Europe, this means building a geospatial ecosystem that can support NATO operations while remaining operationally available if U.S. support is delayed, legally constrained, or politically contested. For Japan, it means maintaining authoritative domestic control over the country’s most detailed homeland geography while integrating effectively with U.S., European, and Indo-Pacific partners. For Australia, Canada, New Zealand, and the United Kingdom, it means preserving deep intelligence interoperability while reducing exposure to single points of foreign commercial, technical, or legal control.
Provider Capability Assessment
Japan’s Domestic Sovereign Stack: Japan has the clearest national rationale for a layered, sovereign mapping stack. Within that stack, ZENRIN should anchor Japan’s detailed domestic base-map content, including addresses, buildings, points of interest, administrative geography, and local routing. PASCO should be positioned as a domestic collection, production, and validation asset, particularly for rapid refresh following earthquakes, floods, missile strikes, cyber incidents, port disruption, or infrastructure damage. Dynamic Map Platform should provide the precision road-space and 3D mobility layer required for autonomous systems, convoy modeling, base mobility, infrastructure assessment, and digital twins. These providers should not be presented as global substitutes for HERE, Esri, Hexagon, or other large-scale geospatial platforms. Their strategic value lies elsewhere: together, they give Japan domestic custody over the most operationally sensitive layers of its own territory. That sovereign custody can then be selectively shared with U.S., European, and Five Eyes partners through agreed formats, accreditation standards, and security rules.
HERE Technologies: HERE Technologies remains the strongest candidate for a scaled European-Japanese reference-map backbone. Headquartered in the Netherlands, with European industrial ownership and Japanese participation through Mitsubishi Corporation and NTT, HERE has a strategic profile more closely aligned with European and Japanese autonomy than U.S. hyperscalers or purely American geospatial platforms. Its principal value is scale: HERE provides mature global map infrastructure across automotive, logistics, routing, traffic, points of interest, critical infrastructure, and automated-mobility use cases. These capabilities are directly relevant to military logistics, movement control, convoy planning, port access, infrastructure access, humanitarian operations, civil-support missions, and grey-zone crisis response.
The strategic fit, however, is not risk-free. HERE’s publicly visible defence and intelligence relevance appears heavily U.S.-focused, particularly through homeland-security and geospatial infrastructure programs supporting U.S. federal mission partners. This creates a potential sovereignty concern for Europe and Japan, as its defence-facing experience, operational relationships, and mission-data pathways may be more closely aligned with U.S. government requirements than with European or Japanese autonomy objectives. This does not disqualify HERE, but it changes the procurement logic: HERE should be treated as a strong candidate for the underlying reference-map layer, not as a complete sovereign defence geospatial solution.
Any European-Japanese architecture using HERE would need strict controls over data governance, hosting, update authority, mission-specific overlays, classified enrichment, telemetry, and access management. The objective should be to exploit HERE’s global scale where it adds value while keeping defence-sensitive functions under European and Japanese control. The sovereignty case is therefore strong, but not pure. Given HERE’s global commercial footprint, including China-facing activity, any defence use would require firm architectural separation from commercial environments, including isolated defence datasets, mission update channels, classified overlays, customer telemetry, and operational routing data. Strategically, HERE is best viewed as a scalable dual-use map backbone that can support European-Japanese autonomy, provided its U.S.-centric defence exposure and global commercial entanglements are actively managed rather than assumed away.
TomTom N.V.: TomTom provides useful mobility, routing, traffic and vector-map inputs, but its defence and intelligence credibility should be assessed far more critically than a standard European-sovereignty narrative would suggest. It is a legitimate European location-technology company with strong experience in navigation, automotive integration, commercial routing, traffic analytics and global map production. Its European ownership and open-map strategy may reduce some forms of closed-vendor dependency, particularly where customers require alternatives to U.S. hyperscale or proprietary mapping ecosystems. However, TomTom should not be allowed to convert automotive credibility into assumed defence credibility.
TomTom’s core institutional identity remains consumer, automotive and commercial mobility, not defence, intelligence or military geospatial operations. Publicly visible defence-related references remain limited. The strongest reference is its partnership with U.S.-based East View Geospatial to supply TomTom Orbis Maps as an ArcGIS-ready global vector basemap to the Australian Government Department of Defence. TomTom also markets into NATO and geospatial-intelligence forums and appears available through U.S. public-sector procurement channels via Carahsoft. These are useful indicators of defence-market intent, but they are not equivalent to a demonstrated record in classified geospatial exploitation, military command-and-control integration, sovereign accreditation, disconnected operations, operational targeting support or intelligence-grade geospatial production at scale.
For defence and intelligence users, TomTom’s open and multi-source mapping model also creates provenance and assurance risk. Open, proprietary and commercial data inputs may improve coverage, refresh rates and cost efficiency, but mission users must be able to decompose, audit, validate and accredit each layer before operational use. Historical China-facing partnerships, including Baidu-related autonomous-driving map collaboration, and broader global data-enrichment pathways should be treated as manageable exposures only if they are contractually segregated, technically isolated and independently validated.
TomTom’s appropriate role should therefore be selective and bounded: European and global vector basemap support, routing, traffic, mobility intelligence and non-sensitive situational-awareness inputs under sovereign hosting, strict provenance controls and independent validation. It should not be treated as an authoritative defence basemap provider, classified GEOINT production partner or primary mission-system supplier unless and until it can demonstrate accredited defence delivery, secure operational deployment, offline resilience, mission-data governance and integration into military or intelligence workflows.
Hexagon AB (publ) is strategically positioned between source data and mission-level decision-making. As a Swedish/European industrial technology group with geospatial, positioning, sensing, measurement, visualization and operational software capabilities, Hexagon is relevant because sovereign data has limited strategic value unless it can be exploited, visualized, refreshed and delivered into trusted operational workflows. Hexagon’s defence and intelligence relevance is supported by its established C4ISR, geospatial intelligence, command-and-control, assured positioning, rapid mapping, mission planning, 2D/3D visualization, NATO-standard military symbology and defence-grade geospatial production capabilities. The company explicitly positions its defence portfolio around strategic, operational and tactical decision support across air, land, sea and joint operations.
Publicly visible defense and intelligence exposure is clearest through Hexagon US Federal, which lists several U.S. government contract vehicles and customers across DoD, NGA, Army Space and Missile Defense Command, SOCOM, NAVSEA, the Marine Corps, Air Force Materiel Command, and the Coast Guard. Key examples include a five-year NGA award for Hexagon Geospatial software and maintenance supporting rapid map production, and an Army Space and Missile Defense Command CRADA focused on LiDAR, 3D target imaging, tactical space responsiveness, and long-range fires.
For Europe, Hexagon should be viewed as a serious candidate for European-controlled mission visualization, rapid mapping, intelligence analysis, operational geospatial production, and C4ISR-adjacent workflows. Its capabilities are relevant, mature, and operationally credible. However, Hexagon’s extensive U.S. Federal defence and intelligence exposure must be treated as a strategic caution, not a procedural footnote. The volume and nature of its U.S. contracts raise legitimate questions about whether Hexagon can function as a fully viable European sovereign prime in highly sensitive defence, intelligence, and security environments.
Any European procurement should therefore impose clear sovereignty safeguards. Sensitive deployments should require national or EU-controlled hosting, auditable software supply chains, controlled update channels, enforceable data-retention limits, strict separation of source data from application-layer analytics, sovereign key management, and verified disconnected-operation capability. Particular attention should also be paid to corporate perimeter and capability ownership.
MapTiler AG.: Should be positioned as a sovereign geospatial delivery-layer enabler rather than as an authoritative global data provider. Its strategic value lies in its ability to generate, package, style, host, cache, search and serve mapping products within controlled, offline, air-gapped or on-premises environments. This is directly relevant to forward headquarters, border-security agencies, maritime task groups, special operations units, intelligence fusion centres, civil-defence cells and other mission-critical users that cannot depend on external APIs or commercial cloud connectivity during operations.
MapTiler’s current defence and intelligence relevance is strengthened by its public positioning as a European provider of secure, high-performance mapping infrastructure for defence, intelligence and mission-critical environments, as well as by visible public-sector and security-adjacent references including OSCE, Metropolitan Police and New Zealand Army. Its operational niche is not intelligence analysis itself, but the sovereign distribution, styling and local serving of geospatial layers that can support defence, public safety and intelligence workflows.
The key limitation remains data quality and authority. A self-hosted map is only as sovereign, trusted and operationally useful as the datasets it contains. MapTiler should therefore be used to serve validated national geospatial datasets, vetted commercial inputs, classified overlays and mission-specific map packages, while enabling controlled integration with analytical and enterprise GIS environments such as Hexagon, Esri or national systems. In this role, MapTiler becomes the secure geospatial delivery fabric: it preserves operational continuity, reduces external dependency and allows sensitive map services to remain under national or organisational control.
Environmental Systems Research Institute, Inc (Esri): The company remains the dominant geospatial analytics platform across many civil, defence, intelligence and emergency-management environments. Its strategic value lies less in sovereign custody of foundational map data and more in its ability to ingest, integrate, analyse, visualise and distribute complex geospatial information across operational staffs, agencies and coalition partners. ArcGIS, ArcGIS Enterprise, ArcGIS Mission and related capabilities are deeply embedded in allied planning, intelligence, situational-awareness and command-and-control workflows, making rapid replacement operationally difficult.
The sovereignty issue is structural rather than reputational. Esri’s U.S. jurisdiction does not make the company inherently untrustworthy, but reliance on Esri as the sole geospatial backbone can create legal, commercial, operational and political dependency. Europe and Japan should preserve Esri interoperability while reducing lock-in through open standards, exportable datasets, sovereign data custody, national or trusted-cloud hosting, and the ability to operate critical geospatial layers outside the Esri ecosystem when mission assurance requires it.
Publicly reported defence and intelligence contract examples include the U.S. National Geospatial-Intelligence Agency’s multiyear contract to deploy ArcGIS across the organisation in support of GEOINT users, including policymakers, armed forces, intelligence agencies and first responders; NATO’s enterprise agreement and the NATO Communications and Information Agency; the UK Ministry of enterprise agreement; Australia’s Department of Defence agreement and Canadian Department of National Defence.
Meta, Overture and the Hyperscalers: provide awesome scale without sovereign custody. Meta and U.S. Hyperscalers bring enormous compute, AI, data-processing and infrastructure capacity to geospatial work. Overture Maps, Mapillary and AI-assisted feature extraction can support open standards, experimentation and enrichment. These tools can reduce reliance on closed proprietary basemaps in selected contexts. Scale is not the same as sovereign utility. Hyperscale platforms are designed for global reach, data aggregation, cloud economics and product integration. Defence sovereignty requires controlled provenance, classified separation, minimal telemetry, explicit access governance and the ability to deny third-party influence. Hyperscalers and Meta-linked initiatives should therefore be treated as inputs, accelerators and experimentation environments, not as authoritative defence maps.
Recommended Sovereign Map Architecture
A credible architecture should be layered, federated, and controlled.
Authoritative source layer: This layer should integrate national mapping-agency data, cadastral references, hydrography, transport networks, maritime and airfield data, protected infrastructure layers, and trusted Earth-observation inputs. Japan should reinforce this layer through ZENRIN and PASCO. Europe should combine national mapping agencies with HERE, selected TomTom inputs, and trusted European Earth-observation sources.
Precision-mobility layer: This layer should capture high-definition road space, 3D terrain, autonomy-relevant attributes, road furniture, tunnels, bridges, gradients, and urban movement constraints. Japan should treat Dynamic Map Platform as a strategic asset within this layer. Europe should assess whether comparable capacity can be built domestically, acquired, or federated with Japanese partners.
Delivery layer: This layer must be sovereign by design: self-hosted, offline-capable, auditable, and usable in classified or disconnected environments. MapTiler-like infrastructure is relevant because it enables governments to control tiling, caching, styling, update pipelines, and system isolation. External API calls should be minimized or eliminated for sensitive missions.
Exploitation layer: This layer should remain plural and mission-driven. Hexagon can provide European-controlled mission visualization and geospatial production. Esri can continue to deliver analytical power where it is already embedded, but its use should be bounded, containerized, or isolated where sovereignty requirements demand it. Hyperscalers and open-data ecosystems should support non-sensitive enrichment, AI extraction, disaster response, and experimentation only where validation, accreditation, and data governance are clearly established.
Governance Actions for Europe and Japan: A sovereign map stack cannot be delivered by procurement alone. Europe and Japan should establish geospatial sovereignty boards or mission data authorities with authority to certify providers, review provenance, approve update channels, control foreign dependencies, define classified overlay rules and test disconnected operations. U.S. interoperability should be built in from the beginning, but it should not become U.S. custody by default.
The first priority is to define an authoritative source hierarchy. This hierarchy should specify which national datasets are definitive, which commercial datasets are trusted, which open datasets are permitted, and which foreign-derived layers are excluded, restricted, or treated as contested. It should also record provenance, licensing, validation status, update frequency, and approved use cases for each source.
The second priority is to require sovereign deployment options for mission-critical map functions. Providers must be able to support national hosting, disconnected operation, telemetry controls, and auditable updates. Providers that cannot meet these requirements should not be treated as foundational suppliers for classified or mission-critical use.
The third priority is to separate commercial and defence data pipelines. China-facing automotive work, U.S.-cloud analytics, open-data enrichment, and classified military overlays should not sit in the same uncontrolled environment. These activities should be separated through architecture, governance, access controls, audit rules, and clearly enforced data-handling boundaries.
The fourth priority is to preserve government exit rights and operational independence. Governments must retain the ability to export, replicate, validate, and operate critical datasets outside any single vendor ecosystem. Contracts and technical architectures should therefore require data portability, documented schemas, accessible interfaces, and the ability to continue operations if a vendor withdraws support, changes terms, or becomes politically constrained.
Finally, the architecture must be exercised under stress. Sovereignty must be demonstrated through operational testing without external APIs, commercial cloud services, live vendor support, or foreign-hosted dependencies. A map that has never been tested under degraded, disconnected, or denied conditions is not truly sovereign; it is only aspirational.
The Best Map Is the One That Still Works in Crisis: A sovereign base map is no longer merely a technical asset. It is now a defence-industrial requirement. Europe and Japan cannot rely indefinitely on geospatial foundations whose access, update cycles, provenance, or operational use could be constrained by another power’s legal system, commercial priorities, or wartime calculations. This is not a question of distrusting allies. It is a recognition that dependence becomes vulnerability when national interests diverge, crisis tempo accelerates, or data access becomes a bargaining instrument. The right answer is not to select a single winning vendor. It is to build a controlled architecture in which national mapping agencies, trusted commercial providers, open standards, sovereign hosting, and classified overlays operate as an integrated stack.
In Japan, Dynamic Map Platform, PASCO, and ZENRIN strengthen the domestic geospatial base. HERE can provide a European-Japanese reference backbone. TomTom may contribute selected mobility and vector data, but only within strict limits given its limited defence pedigree. Hexagon can support operational exploitation and mission workflows. MapTiler-like infrastructure can enable sovereign data delivery. Esri should remain interoperable, but bounded. Hyperscalers should be used selectively and tactically, not as foundational dependencies.
Over the coming decade, the decisive question will not be which provider has the largest dataset or the most attractive interface. It will be which architecture can still be trusted, updated, and used when the political environment breaks down. The best map will be the one that remains available in crisis, under national command, with known data provenance and delivery systems that cannot be switched off by another sovereign.
