🧠Editorial

Europe is negotiating with the USA again over Big Tech regulation.

Not public, not officially decisive – but close enough to touch the processes that should actually be independent.

At the same time, we are trying to finally turn “digital sovereignty” into something measurable. With criteria, scores, and the hope that a political buzzword will eventually become a solid basis for decision-making.

The timing is… interesting.

Because while new spheres of influence are emerging politically, it is only becoming clear operationally how intangible all this has been so far. We discuss independence – and often don’t even have a clear answer to how dependent we actually are.

Perhaps that is exactly the core of the problem: Sovereignty sounds strategic, but it is brutally operational.

It does not manifest in papers or panels, but in very mundane questions: How quickly can you exit your stack if you need to? What happens if a provider changes the rules tomorrow? And how much “freedom of choice” remains when you calculate honestly?

The uncomfortable realization: Many answers to these questions are significantly worse than we would like.

And that is precisely why the topic is becoming politically soft and technically hard at the same time.

📰Tech-News:

EU & USA: More Dialogue, Less Enforcement?

While Europe is actually trying to curb the market power of Big Tech with DSA and DMA, a new dynamic is emerging in the background: a planned committee in “permanent dialogue” with the US government – precisely on issues of regulation and proceedings against US corporations.

Officially, everything remains untouched. In practice, however, the EU is opening an additional political line of influence on exactly the processes that should be independent.

The context is unsurprising: The USA has been criticizing European digital regulation for years. Under Trump, this increasingly turned into concrete interest politics. That they now appear more willing to talk – presumably also in the context of economic issues like tariffs – seems at least strategically questionable.

The real question is less about whether dialogue is sensible, but where the boundary lies: When does coordination become influence? And how robust are regulatory decisions when political negotiation spaces emerge in parallel?

Assessment: Europe wanted to set global standards. Now there is a risk that these very standards will be blurred in “dialogue.”

👉 https://www.derstandard.at/story/3000000315397/trump-erkaempft-sich-mitspracherecht-bei-digitalgesetzen-der-eu

ZenDiS Wants to Make Digital Sovereignty Measurable – Finally (Maybe)

Digital sovereignty is primarily one thing so far: a politically charged buzzword with surprisingly little substance when it comes to specifics. The Zentrum für Digitale Souveränität (ZenDiS) is now trying to tackle exactly this problem – with a public consultation process.

Goal: a criteria catalog that defines what digital sovereignty really means – and above all, how it can be measured. So, moving away from gut feelings and PowerPoint slides to solid decision-making foundations for administration and procurement.

The approach is deliberately open: administration, business, and the community should have a say. Sounds sensible at first – but carries the usual risk that in the end, a watered-down compromise emerges that covers a bit of everything but decides nothing clearly.

Technically exciting will be the question of whether real, verifiable criteria emerge from this:

• How do you objectively assess vendor lock-in?
• What role does open source really play – mandatory or optional?
• And how much “Cloud from Europe” is actually sovereign?

At least ZenDiS has already shown with projects like openDesk and openCode that it doesn’t just stop at strategy papers. If the criteria catalog becomes similarly practical, it could for the first time provide something like a standard for sovereign IT decisions.

🔗 https://www.heise.de/news/ZenDiS-sucht-Kriterien-fuer-digitale-Souveraenitaet-11244379.html

🙋‍♀️In Our Own Interest:

How Sovereign Is Your Company Really?

We talk a lot about digital sovereignty. In strategies, studies, and discussions, it often seems clearly tangible. In everyday life, however, it remains surprisingly vague – especially when it comes to one’s own organization.

Because the crucial question is rarely answered concretely: How dependent are we actually? How easily could we switch providers? And where do risks arise that we have underestimated so far?

This is exactly where our assessment comes in.

In just a few minutes, a sovereignty score for your own company can be determined – comprehensible, structured, and without unnecessary complexity. The goal is not an abstract value, but a realistic picture of your own starting position.

The approach is deliberately consistently implemented: no tracking, no cookies, no registration. No data is collected, everything remains in the browser.

In the end, there are concrete indications of where dependencies exist and which steps are sensible to improve your own position.

Anyone who takes digital sovereignty seriously should not only discuss it but measure it.

🔗 </sovereignty-score/>

🎙️Podcast Recommendation:

Security-Insider Podcast #113 – Digitally Sovereign, But Without the Hype!

Digital sovereignty is one of those topics where fundamental debates quickly arise. This episode does it better: twelve voices, many perspectives – and surprisingly little dogma.

Instead of radical demands, it’s about the realistic middle ground between Big Tech dependency and complete autonomy. What can be done differently today? Which tools and platforms are real options – and where does sovereignty become more of a marketing label?

The strength of the episode lies precisely there: no simple answers, but useful food for thought for anyone who needs to tackle the topic operationally.

🔗 https://www.security-insider.de/podcast-digitale-souveraenitaet-wege-tools-weg-von-big-tech-a-a2f83a7e0d197b4d553196c4b0c12164/

🚨Alert

“BlueHammer”: Critical Windows Zero-Day – Exploit Already Public

Currently circulating is a Zero-Day vulnerability in Windows called “BlueHammer,” which allows attackers elevated privileges up to system access. A working proof-of-concept is already publicly available – but a patch is not yet.

The vulnerability seems to lie in the context of Windows Defender updates and exploits known attack patterns like race conditions (TOCTOU) and weaknesses in path processing. Technically nothing completely new, but in combination effective enough for real attacks.

The case gains additional urgency due to the manner of its publication: indications suggest that the exploit was released out of frustration with the vulnerability process. This increases the pressure – and significantly shortens the response time for defenders.

What is currently important:

• Intensify system monitoring (especially account and rights changes)
• Check and, if necessary, sharpen EDR/logging
• Keep an eye on Defender and update processes

🔗 https://www.heise.de/news/BlueHammer-Zero-Day-Luecke-in-Windows-verschafft-erhoehte-Rechte-11246762.html

🤣Meme of the Week: