Weekly Backlog Week 41/2025

Digital Identity, Sovereign Administrations, and the Unbreakable Inertia of German Digitalization

Editorial

This week acts as a magnifying glass on everything going wrong in German digital policy—and in a few places, offers some hope.

While Bonify (a Schufa subsidiary!) demonstrates with a data breach that even identity services struggle to protect their own data, others are eager to launch a digital wallet for all of Germany. Meanwhile, Discord grapples with a breach via external service providers—and Saarland shows that administration with open-source AI and European data management can indeed work.

The contrast couldn’t be sharper: Between bureaucracy and progress lies not an ocean, but an attitude.

The Tech News of the Week

Bonify Data Breach – When the Score Provider Becomes the Security Flaw

An incident that encapsulates everything wrong with German data protection: At Schufa subsidiary Bonify, sensitive identity data was captured through the video identification process—IDs, addresses, photos, videos.

The company emphasizes: No passwords affected. As if that offers any consolation. Those working with identity data must be aware of its explosive potential—they are irreplaceable.

Bonify aims to build trust—and loses it at the most sensitive point. This is more than a technical problem. It is proof that our “data identity” stands on shaky ground.

🔗 To the article on heise online

Discord Data Breach – When “Not Affected” Is No Reassurance

A support service provider for Discord was successfully attacked. Result: personal data, ID numbers, IP addresses, payment information.

Discord states they are “not directly affected”—a phrase that should adorn every textbook cover for “responsibility diffusion.” Those outsourcing support must segment data flows and enforce encryption—otherwise, every ticket ends in a leak.

🔗 To the article on heise online

No Backup – No Sympathy

But not only in Germany is digitalization often lacking—things aren’t always smooth in South Korea either. A single fire at the National Information Resources Service (NIRS) in Daejeon showed how quickly “digitalization” can become a farce: 850 terabytes of government data were lost after the central cloud storage (“G-Drive”) burned down—without external backup.

Since 2018, the use of G-Drive was mandatory for around 750,000 public service employees. And the Ministry of the Interior later justified the lack of backup protection with a sentence that should not appear in any IT textbook:

“Due to the system’s large-capacity, low-performance storage structure, no external backups were maintained.”

In other words: Too big, too slow, so no backup. A structural and organizational total failure—not a technical accident.

Although the ministry claims that “final reports and official records” are stored in other systems, the rest—ongoing projects, work documents, drafts—are simply gone. It hits HR departments particularly hard, which were required to use the cloud storage.

A lesson that “cloud” does not automatically mean resilience. Those who centralize data bear responsibility—and those who forgo backups gamble with trust in digital administration.

📎 To the report in the Korea JoongAng Daily

Digital Wallet for Germany – Finally Fewer Cards, Hopefully Less Chaos

According to BILD, the federal government plans a “digital wallet” that digitizes driver’s licenses, IDs, and health insurance cards. Sounds modern—but could become the next security risk if US platforms or proprietary gatekeepers are integrated again.

Anyone serious about digital identity relies on open standards (W3C VCs), federated trust frameworks, and local key management. Anything else is just the next pretty app on a shaky foundation.

🔗 To the article on BILD

Saarland + F13 – Sovereign AI in Administration is Feasible

While strategies are still being developed in Berlin, Saarland is implementing. With the introduction of the AI assistance system F13, the smallest federal state proves that administration and artificial intelligence are not mutually exclusive.

The project is based on open source, operated in Europe, and—crucially—the data stays in the EU. No “public cloud of hearts,” no Aleph Alpha branding anymore. Instead: pragmatic development, clear responsibilities, real governance.

State Secretary Elena Yorgova-Ramanauskas sums it up:

“Our goal is to make the work of colleagues easier through the use of AI solutions.”

So no pilot projects with press photos, but real relief in everyday administrative work. Saarland is not just a user, but a co-developer—a crucial difference from many federal projects that primarily consist of funding.

The fact that F13 is to be provided as open software in the future is a digital policy statement: Openness is not a risk, but a security strategy.

Comment: When it comes to “digital sovereignty,” you don’t need a task force, but brave states like Saarland. Perhaps Wildberger would like to intern here.

🔗 To the announcement from Saarland

Another Beacon Project for Digital Sovereignty: Schleswig-Holstein

While others are still writing strategy papers, Schleswig-Holstein has delivered. Under the leadership of Dirk Schrödter, Minister and Head of the State Chancellery, the state has migrated its entire email infrastructure to Open-Xchange and Thunderbird—over 40,000 mailboxes and more than 100 million emails and calendar entries.

The project is part of a consistent open-source strategy, which also includes LibreOffice, Nextcloud, OpenTalk, Linux, and open telephony systems.

Schleswig-Holstein proves: Digital sovereignty is not just a buzzword, but achievable—if there is the political will to break away from hyperscalers. A role model for all who are still hesitating.

🔗 To Dirk Schrödter’s post on LinkedIn

3 Years of DSA – Researchers Test How Much Transparency Big Tech Really Provides

A consortium of researchers is launching mass inquiries at Facebook, X, and others to verify the transparency obligations of the Digital Services Act (DSA).

The balance after three years: Lots of promises, little disclosure. Without civil society pressure, the DSA remains a paper airplane.

🔗 To the article on heise online

Network Agency Head: “We Do Not Restrict Freedom of Expression” – But…

Klaus Müller from the Federal Network Agency feels compelled to clarify that his agency does not restrict freedom of expression. The sentence alone shows how far the discussion on net neutrality, content regulation, and infrastructure sovereignty has come.

The Network Agency stands between technology and politics: On one hand, it is supposed to manage traffic, on the other, protect communication freedom. That these two goals are not conflict-free is the elephant in the data center.

🔗 To the article on heise online

in-Post of the Week

Modernization Agenda of the Federal Government – Lots of Slides, Little Foundation

The Federal Ministry for Digitalization (BMDS) presented its modernization agenda on LinkedIn. Sounds like eagerness to act, looks like PowerPoint.

Nice buzzwords (“digital state,” “citizen proximity,” “service design”)—but no binding roadmaps, budgets, or responsibilities yet. Those who want to modernize administration need fewer workshops and more deployment pipelines.

🔗 To the LinkedIn post of the BMDS

Tools, Trends, GitHub & Open Source

Grafana The classic for observability. Those who still bury their metrics in proprietary dashboards have given up control and auditability. 🔗 To GitHub

GPUs in Kubernetes – Practical Guide for H100 & MIG Ayedo shows how GPU allocation, time-slicing, and scheduling really work in practice. A must-read for anyone serious about compute sovereignty. 🔗 To the article at Ayedo

Podcast / Video / Event Recommendations

c’t uplink – Interview with Digital Minister Karsten Wildberger Wildberger wants to “develop digital sovereignty in parallel.” He talks about building his ministry, open infrastructures, and political reality between ambition and budget. A rarely honest conversation—with a clear stance against hyperscaler dependency.

🔗 To the podcast on Spotify

Comment of the Week

The data breaches at Bonify and Discord show: “Digital identity” is already a security risk and in many places not progress. As long as we store identities centrally and outsource them to third parties, every “digital wallet” remains an open gate. What is missing are decentralized proof models, cryptographic verifiability, and real data sovereignty—not just at conferences, but in legislation.

Meme of the Week

“The Heaviest Things in the Universe”

In Our Own Interest

Under each of my posts is the link to the source. If you have cases of state-funded cloud dependency, questionable video identification flows, or real sovereignty beacons: bring them on—I welcome input.