Weekly Backlog Week 47/2025

Weekly Backlog #47 — Digital Sovereignty? I have a few questions…

Editorial

Welcome to a week where Europe once again demonstrates how to 1) sell rights, 2) neglect infrastructure, 3) dilute laws, and 4) still believe in being digitally sovereign. Meanwhile: Kubernetes abandons a central component of its ecosystem, the German government suddenly discovers billions in the sofa, and Cloudflare decides to briefly shut down the internet.

In short: A classic week.

🚨 The Tech News of the Week

Transatlantic Data Voyeurism: The US Wants Everything – Europe Almost Delivers

The US wants direct access to Europe’s most sensitive biometric datasets. Fingerprints, facial images, the whole catalog. And those who don’t comply lose visa-free entry. This is not a “security dialogue.” This is ultimatum diplomacy.

The fact that some EU states are seriously negotiating direct access to VIS, sBMS, or CIR shows the structural weakness of European data policy: 👉 Europe treats data as a commodity. 👉 The US treats data as a strategic resource. And that’s exactly how the negotiations go.

Germany is blocking a bit – “hit/no-hit” instead of full access – but that doesn’t change the fundamental issue: Biometric data is immutable. Once given, forever lost. Whoever collects it, collects power.

Comment: Europe is giving away its most valuable resource. Anyone who wants access to European core data must submit to European rules – not the other way around. Anything else is capitulation with prior notice.

🔗 Link: https://netzpolitik.org/2025/fingerabdruecke-und-gesichtsbilder-eu-staaten-uneins-ueber-us-zugriff-auf-polizeidaten/

Kubernetes Buries Ingress NGINX – An End Foretold

The Kubernetes project has announced the end-of-life for Ingress NGINX. Maintenance ends in March 2026, after which there will be: nothing. No updates, no security fixes, just hope and pray.

Why?

• Complexity out of control
• Configuration hacks like NGINX snippets = security nightmare
• Maintainer burnout (1–2 people for a globally mission-critical tool – seriously?)
• Gateway API is supposed to fix everything in the future
• The planned replacement “InGate”? Also discontinued. A shame.

What does this mean for you? If you’re still running Ingress NGINX in production: plan your migration. Now. The future is called Gateway API — clearer, more modular, more secure.

Comment: Ingress NGINX was the Swiss army knife of the Kubernetes ingress world for years. But a Swiss army knife is not suitable for running a data center.

🔗 Link: https://kubernetes.io/blog/2025/11/11/ingress-nginx-retirement/

NIS2 in Germany: Ambition, Failure & Political Ducking

Germany is implementing NIS2 – a year late and still watered down. The key points:

• EU minimum requirements are reduced
• Vulnerability management? Almost completely removed
• According to the Federal Audit Office: German authorities themselves would not meet NIS2
• Quote from Christoph Ebeling: “Real satire”

The law requires 24-hour reporting obligations for cyberattacks, but no functioning vulnerability management. That’s like mandating airbags but making brakes optional.

Comment: Germany treats cybersecurity like a bureaucratic exercise, not infrastructure policy. That’s exactly where the problem lies.

🔗 Link: https://www.heise.de/news/Kritische-Infrastruktur-Bundestag-verabschiedet-NIS2-Gesetz-11077959.html

4.47 Billion Euros for the Digital Ministry – Hope or Cosmetic?

In 2026, Germany will have a fully funded Digital Ministry. Key points:

• 2.3 billion € for broadband expansion
• ~1 billion € for state IT infrastructure
• Focus on EUDI Wallet, citizen account, register modernization
• Centralization via ITZ Bund: long overdue

Opportunity: If Karsten Wildberger manages to turn 4.47 billion into actual modernization, it would be a historic step.

Risk: We know the German administration.

🔗 Link: https://www.heise.de/news/Bundestag-gibt-4-47-Milliarden-Euro-fuers-Digitalministerium-in-2026-frei-11080791.html

Schwarz Digits: Sovereignty Doesn’t Come from Policy Papers, But from Data Centers

Schwarz Digits invests 11 billion euros in a new European hyperscaler-capable data center in Lübbenau. This is:

• architecturally bold,
• politically relevant,
• and from a digital sovereignty perspective simply overdue.

STACKIT + new data center = realistic European counterpart to AWS, Azure, GCP.

Comment: While Berlin talks about governance, the Schwarz Group builds real infrastructure. That’s what digital sovereignty in practice looks like.

🔗 Link: https://www.linkedin.com/posts/schwarzgruppe_digitalesouveraeunitaeut-rechenzentrum-datacenter-activity-7396199833658769409-tLGi/

⚠️ Disruption of the Week

Cloudflare Goes Down – and Takes Half the Internet with It

On November 18: worldwide 500 errors, API down, dashboard unreachable. Even Allestörungen.de and Downdetector – both themselves via Cloudflare – went down.

Lesson: Cloudflare is not just a CDN, but also a reverse proxy, DNS, security layer, and API gateway. When Cloudflare hiccups, the internet coughs.

🔗 Link: https://www.cloudflarestatus.com/

💬 In-Comment / Opinion of the Week

“We’re Making Ourselves Dependent” – Palantir, State & Power over Data

Rebecca Lenhard’s speech in the Bundestag hits the nail on the head: Running Palantir in state structures outsources decision logic to an actor outside democratic control.

Open Source is not a “nice to have,” but the minimum requirement for auditability. Public Money, Public Code is a security policy necessity, not an ideological project.

The real scandal: In Germany, we constantly talk about digitalization – but never about power relations in digital infrastructure.

🔗 Link: https://www.instagram.com/reel/DREjnJUDPlT/?igsh=MXM5cGx2Nzl0Y2VweQ==

💬 Blog Post of the Week

Cloud Brokering: Sovereignty Arises from Architecture

The new blog post by Fabian Peter hits a point that European digital policy likes to sidestep: “Sovereign Cloud” is often a semantic sedative. A bit of Frankfurt region, a bit of encryption, a bit of local partner structure – and suddenly AWS or Microsoft is supposed to become a sovereign infrastructure partner.

The catch is obvious: Whoever owns the platform, owns the sovereignty. Data location is not data control. And as long as APIs, updates, integrations, and pricing models are controlled from the USA, every “Sovereign Cloud” remains just a geopolitically nicely packaged illusion.

Fabian argues that true sovereignty does not arise by choosing for a provider, but by not having to commit. The key to this is Cloud Brokering: an architecture that makes clouds interchangeable resources and returns decision-making power to companies. Kubernetes becomes the operating system of this independence – a universal interface that makes workloads portable, whether they run on hyperscalers, European providers, or in one’s own data center.

This is exactly the approach Loopback by ayedo pursues, orchestrating Kubernetes-based platforms consistently across different providers – without proprietary lock-in. Sovereignty not as a marketing promise, but as a technical reality.

🔗 To the full article by Fabian Peter: </posts/cloud-brokering-fur-echte-souveranitat/>

🎙 Podcast of the Week

IT for Everyone – “Digital Sovereignty Begins with the Toolbox”

Florian Wünsche explains how SMEs can free themselves from the clutches of Microsoft, Google, and Atlassian.

Highlights:

• Cost analysis for 200-person teams
• Comparison of classic SaaS stacks vs. open-source/EU alternatives
• Focus on sovereignty, compliance & long-term cost stability
• Interesting: The portal European Alternatives

A must-listen for anyone responsible for software budgets or tired of vendor lock-in.

🔗 Link: https://open.spotify.com/episode/5dT7Zmr3MjOSkuRD0Pwmlp

🕵️♂️ Meme of the Week

If you enjoyed this week’s Weekly Backlog, feel free to leave a like and a comment.

Katrin Peter