Europe Outsourcing Its Administration to Microsoft – and Losing Control in the Process

A critical analysis of digital sovereignty in Germany and Switzerland

While European governments emphasize the importance of digital sovereignty in Sunday speeches, the reality of public IT infrastructure tells a different story: authorities at all levels continue to systematically rely on Microsoft – and thus on a US corporation that has factually become the digital backbone of entire administrative units. Not out of necessity, but out of convenience. Not for lack of alternatives, but despite better options.

What appears to be a pragmatic decision for familiar software is in truth a long-term political loss of control – with clear risks for data protection, IT security, and economic independence.

Digital Sovereignty – Invoked, but Not Lived

The term digital sovereignty describes the ability of a state to shape its digital infrastructure, processes, and data independently, transparently, and under its own control. In practice, however, this sovereignty is regularly sacrificed for short-term benefits: user-friendliness, a familiar ecosystem, rapid implementation – these are the arguments that tip the scales when it comes to awarding billion-dollar IT contracts.

Microsoft is not just any provider. As the operator of one of the largest commercial cloud infrastructures worldwide, the company is subject to the US Cloud Act, which allows American authorities comprehensive access to stored data – regardless of whether the data is physically located in Europe or the USA.

Even Microsoft itself admits: access by US authorities to European data cannot be ruled out.

Examples Are Piling Up – So Are the Warnings

In Switzerland, 30 data protection officers have warned against exactly this practice in a joint statement: the use of Microsoft 365 in administration is often not compatible with current data protection legislation, especially when particularly sensitive data is affected. At the same time, costs for Microsoft licenses are exploding – the City of Zurich alone expects expenditures for Microsoft products to reach over 31 million francs in 2026, almost five times as much as in 2019.

In Germany, Bavaria is currently the most prominent example. Under Minister President Markus Söder, negotiations are underway for a long-term contract with Microsoft that could span several years and have a volume of up to one billion euros. The decision has not yet been officially made, but the direction is clear.

Criticism comes from both data protectionists and politicians: lock-in effects, political dependencies, rising costs, and a disregard for European alternatives – all this is accepted for the supposed security of familiar software.

Lock-in Instead of Progress: The Illusion of Modernization

Once deep in the Microsoft ecosystem, it is hard to get out – without massive friction losses, organizational upheavals, and costs. This starts with file formats and ends with cloud identities, single sign-on, and integrations into specialized procedures. The result is a so-called technical lock-in, where alternatives are no longer realistically usable because the hurdles for a switch become too high.

The outcome: the public sector becomes dependent on the licensing policy, price decisions, and legal situation of a foreign corporation – and of all things, in the central infrastructure for communication, data processing, and document management.

This kind of modernization is a one-way street. It promises efficiency but generates structural dependency – and strengthens the dominance of global tech giants at the expense of European freedom of design.

There Are Alternatives – You Just Have to Want Them

The argument that there are no comparable European solutions has long been debunked. Schleswig-Holstein successfully relies on open source solutions for public administration. Switzerland is discussing national platforms, participating in research projects on digital sovereignty, and already using alternatives like Infomaniak, Switch, Abraxas, or Proton.

In Germany, too, viable alternatives for email, file storage, word processing, calendar, chat, and collaboration exist with OpenDesk, Nextcloud, Kopano, and other providers. These solutions are not trivial, no quick drop-in replacements – but they are open, adaptable, and above all: under European control.

What is missing is not technology – but the political will to shape the change strategically and long-term.

From the Shopping List to Critical Infrastructure

The actual failure is not that Microsoft offers powerful products. It is that governments treat their digital infrastructure like an office supply order – pragmatic, unpolitical, offer-oriented. But IT infrastructure today is no longer a footnote of the administration. It is critical public services – comparable to power grids, transport routes, or communication systems.

Anyone who blindly relies on providers outside the EU here risks not only data protection problems but also economic and security-political dependencies. The debate over energy imports should be warning enough. In the digital world, the pattern repeats itself – with eyes wide open.

What to Do Now

A rethink is overdue – on both a political and administrative level. The following measures are essential from the perspective of digital sovereignty:

1. Promote Technological Independence Public funds should be specifically invested in European open source solutions and digital infrastructure projects.
2. Strategically Evaluate Lock-in Risks For every IT procurement, switching costs and dependencies must be systematically analyzed and made transparent.
3. Mandatorily Review Open Source Every administration should be obliged to consider open source alternatives in the procurement process – not as a fig leaf, but as a real option.
4. Regionalize Cloud Services Relevant data must be stored and processed in European clouds – under EU law, with technical and legal control by European institutions.
5. Build Competence Centers The establishment of a European center for digital sovereignty – as planned in Switzerland – should serve as a model across Europe.

Conclusion: Sovereignty Is a Decision, Not a Characteristic

Digital sovereignty is not a state reached through location labels or PR campaigns. It arises through conscious, often uncomfortable decisions for control, transparency, and independence. Europe has the technologies, the talents, and the infrastructure – what is missing is the determination.

As long as governments confuse convenience with progress, digital sovereignty remains a buzzword. It is up to us to make it a reality – before technical dependency becomes a political loss of control.