A very warm hello!
In our First blog post we explained what digital sovereignty means, why it is a strategic pillar of IT security for companies today and how European initiatives such as GAIA-X, NIS2 or the Cyber Resilience Act (CRA)Support companies to strengthen their digital independence.
In this post we build on this and take a look at the Real situation in Europe: What are the current risks for companies, authorities and organizations? How much do we still depend on global providers – and which specific cases show that digital dependence poses real risks in an emergency?
Digital sovereignty is not just a theoretical concept. Several events in recent years clearly show that dependencies on leading international technology groups not only influence existing processes, but in extreme cases can even threaten the workability of entire institutions.
The key risks of European organisations
Many European organizations still rely on international cloud and software providers. This dependence can create tensions with European data protection and security requirements. Particularly relevant is the question under which legal frameworks providers must issue data – regardless of where the data is physically stored.
A prominent example is US providers who have to pass on data to authorities under certain legal requirements, even if they are located in Europe. Such situations can lead to structural legal uncertainty and pose a significant compliance risk for companies.
In addition, sovereign alternatives are not yet widely available or are associated with high costs and technical effort. Small and medium-sized enterprises in particular face the challenge of meeting the increasing regulatory requirements without losing their economic flexibility. The governance of many cloud services also remains opaque: Who actually has access to the data? Who controls critical updates or security mechanisms?
These challenges are not a theoretical risk – they are already evident in Specific cases, which illustrate why digital sovereignty is so urgently promoted in Europe.
Case 1: International Criminal Court (ICC) – Switch from Microsoft to OpenDesk
The International Criminal Court (ICC) plans to replace its previously used Microsoft workstation software with the German OpenDesk package. With this transition, the ICC aims to strengthen digital sovereignty and reduce dependence on US technology.
Reason for the decision: The ICC seeks sovereign control over its IT infrastructure. The use of European software should ensure that the institution can act more independently of commercial software providers and their potential geopolitical influences. The decision is part of a strategy to secure operational capacity in the long term and to minimize risks of external dependencies.
The case shows by way of example: Internationally important institutions also recognize the risks of dependence on commercial software. Digital sovereignty thus becomes not only theoretically, but practically relevant. At the same time, the change brings challenges: migration of existing systems, training of employees and adaptation to new work processes are necessary. Source: Handelsblatt
Case 2: European administrations specifically reduce dependencies
Several European authorities also show that the path to more digital sovereignty is possible. For example, the state government in Schleswig-Holstein has converted large parts of the administration to LibreOffice. In Austria, the German army is increasingly focusing on data-compliant software solutions, and in France, cities such as Lyon and the Dutch government are specifically examining alternatives to US platforms.
The reason is clear: European administrations want to keep control of their data and resist extraterritorial laws such as the US CLOUD Act Protect. Similar national regulations exist in China (for example)Data Security Law / National Intelligence Law), which allow authorities wide access to data, regardless of where it is stored. Those who rely on controllable, reliable software solutions not only create more transparency, but also an infrastructure that is independent, predictable and resilient in the long term.
Case 3: European consumer data on international platforms – lack of control over data flows
A recent case shows how quickly European organisations and citizensThey may lose their digital sovereignty if international platforms process data outside the EU. The data protection organization NOYB has filed complaints against several major providers such as TikTok, AliExpress, SHEIN or Temu. These companies transfer personal data of European users according to their own information – or according to incomplete informationwithin third countries, including China.
The problem: In countries with extensive national access rights, authorities can access company data, regardless of where it is stored. For European users*Inside, this creates a structural deficit in control and transparency. In practice, this means that neither companies nor public bodies can ensure who actually has access to the data or under what conditions this access takes place.
The case illustrates how closely data protection, regulatory requirements and digital dependency are linked. If central platforms do not clearly disclose how and where data is processed, European organisations face a significant risk – both in terms of security and compliance. Source: TikTok, AliExpress & Co deliver European data to China
Resume:
Europe is working on more and more sovereign alternatives – from specialized software solutions to security platforms and state-sponsored IT infrastructures. At the same time, the reality remains for many companies and authorities that the dependence on global IT providers remains high.
Digital sovereignty is therefore no longer a theoretical goal, but an urgent entrepreneurial task: identify risks, reduce dependencies and design your own digital infrastructure in such a way that it remains independent, compliant and resilient in the long term.
Very warmly,
Your TWINSOFT
