Weekly Backlog Week 18/2026

🧠 Editorial

This issue can also be read as follows: Software is no longer just a tool – it is power infrastructure.

While Palantir openly articulates how states should function in the future, Germany debates how long IP addresses should be stored – consistently underestimating the technical reality. At the same time, attempts are made to bring order with the Germany-Stack, but they stumble over precisely the questions that are better left unasked.

And then something rare happens: the Bundeswehr simply says no to this kind of dependency.

In between, a failed AI deal shows that even billions no longer matter when geopolitical interests come into play.

The pattern is quite clear: Control over technology is becoming the real currency.

Those who have it define the rules. Those who don’t, discuss the framework.

That’s exactly why it’s worth looking into the details.

📰Tech-News:

Palantir and the Quiet Shift in Statehood

🔗 https://www.heise.de/hintergrund/Technologie-als-Staatsraeson-Was-Palantir-mit-seinem-Manifest-bezweckt-11272183.html

Palantir has published a manifesto – and rarely has a tech document made it so clear how much power dynamics are currently shifting. The central thesis: State sovereignty is no longer conceivable without deeply integrated software systems.

At first glance, this sounds like a realistic description of modern administration. In fact, it contains a claim. Because those who build platforms that consolidate, prioritize, and translate data into decision-making foundations influence not just processes – but the logic behind them.

This is where it gets interesting: Palantir is positioning itself not as a service provider, but as part of the decision-making infrastructure. The classic separation between state, military, and technical base is blurring. Not because it is actively being abolished, but because the infrastructure itself becomes the decisive instance.

The term “technology as raison d’état” captures this perfectly – but it is less of an analysis and more of a program. Because this technology does not come from the state, but from private providers. With their own interests, their own roadmap, and limited transparency.

The real question is no longer whether states need such systems – but who controls them. Who defines parameters? Who sets priorities? And who bears responsibility when decisions arise from black-box systems?

From a European perspective, this seems like a controlled rule-breaking. Fundamental rights, data protection, and institutional control are consciously set boundaries here. Palantir does not openly bypass them, but integrates itself in such a way that they run alongside – but lose influence.

In short: This is not a software pitch. This is an attempt to rewrite the rules of state action – from the perspective of a platform provider.

🔗https://www.heise.de/hintergrund/Technologie-als-Staatsraeson-Was-Palantir-mit-seinem-Manifest-bezweckt-11272183.html

Data Retention: Expensive, Technically Questionable, Politically Persistent

Data retention is back – once again. The federal government wants IP addresses along with port numbers and timestamps to be stored for three months to facilitate investigations in the digital space.

On paper, this sounds like “low effort.” In practice, it is more like a classic infrastructure project with political wishful thinking.

Because: The actual costs fall on the providers. Especially the storage of port numbers (keyword NAT with IPv4) is technically anything but trivial. Many systems are simply not built for this. Means: Conversion, new logging infrastructure, more storage, more complexity.

And then comes the unpleasant part: Security.

The resulting data collections are effectively highly attractive targets – central “honeypots” with sensitive usage data. Securing, access control, and clean deletion in backup systems quickly become the real cost drivers. In the draft law? Rather optimistically priced.

The benefit also remains disputed. Even authorities internally assume that significantly shorter retention periods would often suffice. At the same time, IP allocations can be relatively easily circumvented via VPNs or Tor.

The result: High technical and financial effort – with questionable effect.

In short: A classic case of “We build the data platform first and hope it solves problems later.” Only this time on a legal level.

🔗 https://www.heise.de/news/Teure-digitale-Spurensuche-Milliardeninvestitionen-fuer-die-neue-IP-Speicherung-11272367.html

Germany-Stack: Openly Announced, Selectively Implemented

The Ministry of Digital Affairs wants to finally build something like a unified IT base for administration with the “Germany-Stack” – cloud, interfaces, basic components. Sounds like overdue infrastructure work.

And indeed: Public participation was called for. Feedback via openCode, transparent, low-threshold – almost untypically open for a federal project of this magnitude.

The problem begins in the second step.

Parallel to the open consultation, workshops were held – but primarily with business, associations, and industry. Civil society? Missing. And this, although precisely there, experience with administrative digitization, open data, and fundamental rights issues has been built up for years.

The result is a familiar pattern: Open participation for the surface, closed rounds for the actual decisions.

This becomes particularly delicate with the topic of AI in administration, which is explicitly part of the Germany-Stack. Here, it is not just about efficiency, but about responsibility: Who is liable if an AI system makes wrong decisions? How do you prevent responsibility from simply dissolving in the interplay of authority, service provider, and software?

These questions come primarily from civil society – and they are missing when participation is only selective.

The contradiction is obvious: On the one hand, they want to “get things done.” On the other hand, they systematically exclude the perspectives that address boundaries, risks, and side effects.

Especially with a project that will shape the digital architecture of the state in the long term, this is not a detail – but a structural problem.

🔗 https://netzpolitik.org/2026/deutschland-stack-und-zivilgesellschaft-digitalministerium-sendet-widerspruechliche-signale/

🗣️LinkedIn Post of the Week:

When AI Deals Fail Due to Politics

Jens Bohse picks up on a pretty wild case: Meta wanted to acquire the Agent-AI startup Manus for around 2 billion dollars – integration was apparently already underway, branding was out, deal almost through.

And then: Stop from China. No explanation, just blocked. Rollback.

The real point in the post is not the deal itself, but the signal behind it: Even if an AI startup formally moves abroad (here: Singapore), it remains politically within the sphere of influence – at least from Beijing’s perspective.

This makes it clear: Cross-border AI deals are no longer a normal M&A game. They depend on origin, talents, capital flows – and ultimately on geopolitical interests.

For Meta, this is a concrete setback in the agent race. For the market as a whole, it is more of an indication that AI is currently developing in the same direction as semiconductors: strategic, regulated, fragmented.

The post is worth reading because it makes this shift very compactly visible – without much drama, but with clear consequence.

🔗 https://www.linkedin.com/posts/jensbohse_2-milliarden-dollar-die-integration-l%C3%A4uft-activity-7454621413858037760-Vx6r?utm_source=share&utm_medium=member_desktop&rcm=ACoAADCSWyQBU4m7hUbXDJqk27ftrkLIYOZzONU

📌Short-News:

Investigations Underway: Government Members Affected by Surveillance via Signal

Government members are victims of surveillance via Signal; espionage suspicion highlights risks of state communication, platform dependencies, and geopolitical tensions in the digital environment.

🔗https://www.golem.de/news/ermittlungen-laufen-regierungsmitglieder-von-ausspaehung-ueber-signal-betroffen-2604-208020.html

Electronic Health Record: Deutsche Telekom Wants to Offer the Better ePA

Telekom plans an improved ePA to strengthen the national health data infrastructure; an example of state digital infrastructure, regulation, and the European legal framework for sovereignty in sensitive sectors.

🔗 https://www.golem.de/news/elektronische-patientenakte-deutsche-telekom-will-die-bessere-epa-anbieten-2604-208023.html

Kubernetes v1.36: Fine-Grained Kubelet API Authorization Graduates to GA

GA of fine-grained Kubelet authorization strengthens least-privilege models; reduces attack surface; increases security control at the cluster level; plays a central role for open-source infrastructure and platform independence.

🔗https://kubernetes.io/blog/2026/04/24/kubernetes-v1-36-fine-grained-kubelet-authorization-ga/

📬 In Our Own Interest:

Not Enough Newsletter?

If the Weekly Backlog is not enough for you: There is more – just a bit more compact.

The ayedo Newsletter comes once a month and focuses on the essentials:

• Developments around Container and Cloud
• Digital sovereignty and security
• Tools and setups that work in practice
• A European perspective beyond the usual hyperscaler defaults

Less frequency, same ambition: Relevance over noise.

🔗 https://lnkd.in/eQN8GFxV

☀️Good-News:

Bundeswehr Says No to Palantir

While NATO already relies on Palantir, the Bundeswehr draws a clear line: No use of the software for its own systems – primarily for one reason: data control.

The crux is less the technology than the operating model. In NATO contexts, the software is sometimes operated directly by Palantir employees. For the Bundeswehr, a no-go – especially when it comes to sensitive national data.

Instead, they rely on European alternatives and their own partners. This is slower, probably also more expensive – but strategically much more independent.

The clarity of the decision is remarkable. In a time when many states quickly land with US providers for critical infrastructure, they consciously prioritize sovereignty over time-to-market here.

Especially in the context of the current debates around Palantir, this seems like a rare example of: Not everything that works is automatically used.

🔗 https://www.zeit.de/politik/deutschland/2026-04/palantir-bundeswehr-nato-software-gxe

🎙️ Podcast Recommendation:

Digital Sovereignty Without Buzzword Bingo

The Security-Insider Podcast tackles a topic that is otherwise reliably diluted between marketing and politics: digital sovereignty.

What is exciting here is less the umpteenth definition, but the pragmatic approach. Instead of “build everything yourself” vs. “just take AWS,” it’s about the gray area in between – including concrete tools, strategies, and realistic entry points.

With 12 guests, no uniform line emerges. But that’s exactly what makes the episode interesting: You get a pretty good sense of where the real tensions lie – between dependency, effort, and operational reality.

No sovereignty washing, but rather an honest look at the question: How do you practically move a bit away from Big Tech without completely isolating yourself?

🔗 <https://www.security-insider.de/podcast-digitale-sou