🧠 Editorial: The Week of Sovereignty Simulations

This week had it all: operating systems wanting to take screenshots of everything. Management platforms without clear architecture. Municipalities with their own sovereignty scores. Corporations swapping US cloud for US cloud—and calling it “independence.”

And in between, a European telco alliance quietly building exactly what others have been discussing in panels for years.

Digital sovereignty is a question of power. And it is decided not in PowerPoints, but in architecture diagrams, procurement policies, and pricing models.

Time for an assessment.

🗞️Tech-News:

Three Times NO to Microsoft’s “Recall”

With “Recall,” Microsoft integrates a feature in Windows 11 that periodically takes screenshots of all open applications, analyzes them with AI, and stores them for permanent searchability.

What is marketed as a productivity feature is technically a new level of system monitoring: the operating system itself becomes a logging instance.

Microsoft emphasizes that Recall is disabled by default in the EU and only intended for certain device classes. But that doesn’t change the core issue: the feature is part of the system. The code is proprietary. Independent audit reports are missing.

Whether “disabled” actually means inactive cannot be verified externally. Trust replaces technical verifiability.

Added to this is the technical reality: AI filters are heuristic. Tests show that sensitive data is stored if it is not clearly recognizable as such. Private content is initially captured—only possibly redacted afterward.

This contradicts the principle of data minimization. The GDPR requires purpose limitation and confidentiality, not subsequent corrections of total capture.

Particularly problematic is the access level: anyone with access to an unlocked device can reconstruct months of activity. For journalists, administrative staff, or victims of domestic violence, this is not an academic scenario. It is a real risk.

First NO: Surveillance features of this kind must not be an integral part of an operating system used en masse in Europe.

Second NO: Recall is an expression of a business model in which usage histories are strategic resources. Those who can capture complete activity logs possess a power instrument—economically and politically.

In 2024 alone, the federal government, states, and municipalities paid around one billion euros to Microsoft for licenses. This structural dependency is rarely considered when new features are called “optional.”

Third NO: In a phase of geopolitical tensions and close ties between US politics and tech billionaires, the concentration of digital infrastructure is not an abstract topic. Digital systems are strategic levers.

Digital fundamental rights must be reflected in architecture. Not in FAQ documents.

🔗 https://digitalrechte.de/news/windows-11-neue-funktion-recall-ueberwacht-nutzer

Germany Stack: High Ambition, Little Architecture

The Germany Stack is supposed to fix everything: 24-hour business formation, Once-Only principle, EUDI Wallet, administrative cloud, AI-supported approvals.

40 million euros are planned for this year alone. The federal government wants to centrally provide basic components: identity management, payment functions, data infrastructure, low-code, AI services.

This sounds like a platform strategy. But platforms don’t fail because of Kubernetes—they fail because of governance.

So far, clear answers are missing:

• Who will operate the stack permanently?
• Who is liable?
• Who finances the long-term operation?
• Who enforces standards bindingly?

Experts from states and municipalities criticize the lack of roadmaps and unclear responsibilities.

Digitalization in Germany rarely fails due to technology. It fails due to federal non-bindingness.

And then there’s the core question: What does “digital sovereignty” concretely mean? If proprietary European providers are equated with Open Source without clear Open-Source-First guidelines, the next label project threatens.

The Germany Stack is an opportunity. But only with clear architecture, binding standardization, and genuine openness.

🔗 https://netzpolitik.org/2025/deutschland-stack-was-ist-drin-im-baukausten-fuer-die-digitale-verwaltung/

Open Source Alliance Warns of “Sovereignty Washing”

The Open Source Business Alliance - Federal Association for Digital Sovereignty e.V. (OSBA) sees significant weaknesses in the current draft of the Germany Stack.

Criticism points:

• Open Source is not mandatorily prescribed.
• Proprietary “European sovereign” solutions are equated.
• A maturity model for assessing sovereignty is missing.
• Lock-in risks remain.

Digital sovereignty is technically only guaranteed through open standards and verifiable source code. Everything else is political rhetoric.

If Closed Source is relabeled as “European,” little changes in the power imbalance.

🔗 https://www.heise.de/news/Deutschland-Stack-Open-Source-Buendnis-warnt-vor-Souveraenitaets-Washing-11178932.html

Advertisement

Munich Builds Its Own Sovereignty Score—and Misses the Mark

Munich evaluates 2,780 IT services with its own “Digital Sovereignty Score.” 21 percent of the particularly critical services land on the lowest level.

The problem is not the analysis. The problem is the special path.

At the EU level, reference frameworks already exist: Cloud Sovereignty Framework, GAIA-X principles, Cybersecurity Act, emerging certification regimes.

If every municipality develops its own criteria, fragmentation arises instead of market power.

Digital sovereignty needs harmonized requirements—not municipal individual indicators.

🔗 https://www.heise.de/news/Muenchen-macht-digitale-Souveraenitaet-mit-eigenem-Score-messbar-11164082.html

US Cloud Remains US Cloud

The Schwarz Group—parent company of Lidl and Kaufland—invests billions in its own data centers and positions itself with STACKIT as a European cloud alternative. At the same time, the group internally switches from Microsoft 365 to Google Workspace.

Selling this as a step towards “digital sovereignty” is at least debatable.

Because the switch from Microsoft to Google changes nothing in the structural framework: Both corporations are subject to US law. Both are deeply embedded in proprietary platform ecosystems. Both create long-term dependencies through integrations, APIs, and collaboration workflows.

The dependency is not resolved—it is shifted.

The context is explosive: With STACKIT, the Schwarz Group itself builds cloud infrastructure in Europe. It has capital, technical resources, and market power. If such a corporation does not make the move to an open, European-controllable workplace solution, it sends a clear signal.

Especially since OpenDesk stood as an Open Source alternative as “Plan B.” If a solution is viable as a fallback option, it is fundamentally deployable. That it does not become the primary solution is not a technical question, but a strategic one.

Digital sovereignty is not decided between two US providers. It is decided by who owns control, legal space, and exit options.

The provider change does not alter the power structure.

🔗 https://t3n.de/news/echte-europaeische-alternativen-ich-sehe-schwarz-1730598/

Hetzner Cloud GmbH Raises Prices—and Suddenly Digital Sovereignty Is Too Expensive?

From April 2026, prices at Hetzner will increase by around 30–35 percent.

The outrage is loud. And revealing.

European infrastructure is not cross-subsidized by advertising business or operating system monopolies. AWS, Microsoft, and Google operate platform economies. Cloud is a strategic lock-in instrument there.

Those who only compare monthly fees ignore:

• CLOUD Act
• Extraterritorial access possibilities
• Proprietary services
• Scaling pricing models in the fine print

Independence costs. Those who want to return to AWS at the first price adjustment never really wanted to be independent.

🔗 https://www.it-daily.net/shortnews/hetzner-wird-teurer-preise-steigen-ab-april-2026

My view on the situation:

🔗 https://www.linkedin.com/posts/katrinpeter_hetzner-cloud-gmbh-erh%C3%B6ht-die-preise-und-activity-7432102475706449920-b855?utm_medium=ios_app&rcm=ACoAADCSWyQBU4m7hUbXDJqk27ftrkLIYOZzONU&utm_source=social_share_send&utm_campaign=copy_link

📝Blogpost of the Week:

Digital Sovereignty in Live Streaming

Live streaming is critical business infrastructure. Board speeches, hybrid events, town halls—it’s about availability, security, and compliance.

The blog post by STREAMLAB GmbH and ayedo shows how a cloud-native platform architecture can look that enables scaling without falling into proprietary dependencies.

Kubernetes-based orchestration, containerized workloads, clear tenant separation, and auditable processes form the foundation.

Digital sovereignty here is not ideology but an architectural decision.

Worth reading—because it’s concrete.

🔗 </posts/ayedo-x-streamlab/>

Advertisement

🇪🇺 Good News:

Europe’s Telcos Build the Edge Continuum

Deutsche Telekom, Orange, Telefónica, TIM, and Vodafone are linking their edge environments into a federated cloud: the “European Edge Continuum.”

One access point, automated orchestration, cross-border scaling.

This is industrially relevant. Those who control infrastructure control data flows and innovation cycles.

The decisive factor will be whether market dynamics arise from technical feasibility.

The project is open-ended. If open-source communities and developers can connect, an ecosystem emerges. If not, it remains infrastructure folklore.

🔗 https://www.computerwoche.de/article/4135882/telekom-und-partner-grenzenlose-cloud-made-in-europe.html

🛑 Bad News:

GitHub and the AI Slop

GitHub responds to a flood of AI-generated pull requests and security reports.

Maintainers can restrict PRs, set interaction limits, and delete spam faster. Background projects like curl have suspended their bug bounty program due to AI-generated reports.

Open Source was long open. Now it is moderated.

When contribution becomes a content factory, quality suffers. And maintainers become moderators of an AI spam system.

This is not a technical problem. This is an incentive problem.

🔗 https://www.heise.de/news/GitHub-fuehrt-Massnahmen-gegen-KI-Slop-ein-ohne-das-Problem-klar-zu-benennen-11176641.html

Discord, Age Verification, and Persona

Discord introduces age verification—including facial scan or ID document. In the UK, the provider Persona is additionally tested.

Persona was supported by the Founders Fund, co-founded by Peter Thiel—known through Palantir.

Identity verification is understandable from a regulatory perspective. The choice of external providers with politically sensitive ties makes the debate more complex.

Digital identity is power infrastructure. And it belongs to the