Cloud First is Yesterday – Why Europe Must Finally Digitally Sovereignize
Katrin Peter 4 Minuten Lesezeit

Cloud First is Yesterday – Why Europe Must Finally Digitally Sovereignize

For a long time, digital transformation was considered a technical project: faster, more scalable, more efficient. Those who ventured into the cloud early were seen as bold, modern, progressive. Today, over a decade later, we must acknowledge: The cloud is no longer just a technology topic – it is also a political question.
sovereignty - cloud-souveraenitaet - digitale-unabhaengigkeit - europa - cloud-sicherheit - datenschutz

For a long time, digital transformation was considered a technical project: faster, more scalable, more efficient. Those who ventured into the cloud early were seen as bold, modern, progressive. Today, over a decade later, we must acknowledge: The cloud is no longer just a technology topic – it is also a political question.

From Progress to Risk

What was once celebrated as an engine of innovation has now become critical infrastructure. And critical infrastructure demands control. Knowing where our data resides. Ensuring who has access to it. Being certain that it cannot be used against us in a critical situation.

Yet, it is precisely this control that we risk losing in Europe. Not because we lack competence. But because we have become accustomed to outsourcing responsibility.

The latest example: Microsoft. The company that has been deeply embedded in administrations, schools, and businesses for decades, recently revealed a shocking truth under oath in a hearing before the French Senate. When asked if Microsoft could guarantee that European data would never be handed over to US authorities without the consent of European authorities, the answer was as brief as it was fatal: No. Even with explicit opposition, this cannot be ruled out. The CLOUD Act comes to mind. A US law that compels US companies to hand over data – even if stored outside the USA. And without any obligation to inform those affected.

Trust Given Away – Responsibility Relinquished

At the same time, we almost daily read about new collaborations with the same companies:

The Bundeswehr is expanding its security-critical infrastructure with Google Cloud – “air-gapped,” they say, meaning physically separated from the internet. As if a label could override legal reality.

The BSI, Germany’s top IT security authority, signs an official cooperation agreement with Google – as if it were completely harmless to design the security architecture of the public sector together with a corporation permanently exposed to foreign authorities’ access.

This is not an isolated case. It’s a pattern. And it’s dangerous.

Sovereignty Cannot Be Ordered as a Side Dish

Because while headlines are filled with cyberattacks, security gaps, geopolitical tensions – we allow our digital infrastructure to be integrated into systems we can neither audit nor secure. Systems where it’s not just about the provider – but about which legal system this provider falls under. And which power structure.

The idea that in a crisis – be it political, economic, or military – someone in a legal department in Redmond or Washington decides whether a German authority can continue to operate is not a scenario from a dystopian thriller. It is a realistic consequence of what we are currently building.

Or rather: dismantling – namely our digital independence.

European Competence is Already Available

There are already viable alternatives. In Germany, there are highly specialized companies that have been building, operating, and securing containerized IT infrastructures for years – with expertise at the highest level. Providers who work in compliance with GDPR, whose systems are independently certifiable, whose support is not twelve time zones away, and whose business model is not based on data exploitation.

These companies could be the cornerstones of a sovereign cloud infrastructure for authorities, clinics, educational institutions, and businesses. They could form the backbone of a digital Europe that is not only technically competitive but also legally secure.

But for that, we would have to stop always choosing the easiest path. We would have to stop reaching for the biggest logo with every new IT tender. And we would have to stop belittling ourselves.

Because digitalization is not a question of gigantism. It is a question of the willingness to take responsibility.

Infrastructure That Belongs to Us

Cloud is not inherently the problem. On the contrary – when implemented correctly, it is a blessing: modern, flexible, efficient. But the path to the cloud must not simultaneously be the path to dependency.

We need an infrastructure that not only advances us technologically but belongs to us. An infrastructure that is auditable, transparent, accountable – and in a crisis does not suddenly fall out of sync due to a legal pivot overseas. European cloud solutions offer precisely this control and transparency.

It is not about technology. It is about resilience. About room for maneuver. And ultimately about the question of how sovereign Europe wants to be in a digitized world.

And If We Continue Like This?

Then the moment might come when we realize that we can no longer operate our own systems. Have no choice left. And perhaps are not even informed anymore when someone accesses our systems.

What remains then is the shell of a digitized Europe – functional, but externally controlled. Ready for use. But no longer owned by those for whom it was actually built.

Vorheriger Post Alle Posts Nächster Post