Microsoft, Monocultures, and Power:

Why Digital Sovereignty Without Competition Remains an Illusion

The debate on digital sovereignty in Europe is often oversimplified. It usually centers around whether European states and companies should distance themselves more from American technology providers. IT security lawyer Dennis-Kenji Kipker warns in an interview with the Börsen-Zeitung against blanket demands to ban big tech companies from the USA. His argument focuses on a nuanced perspective: Digital sovereignty is not achieved through origin bans, but through effective competition, interoperability, and clear regulatory frameworks.

Market Power Instead of Nationality in Focus

Kipker makes it clear that the question of digital sovereignty cannot be answered by a general withdrawal from the offerings of US hyperscalers. What matters is not the nationality of a provider, but its market behavior. If companies use their market power at the expense of security, competition, and the freedom of action of European users, targeted countermeasures must be taken.

This perspective shifts the focus from geopolitical symbolic politics to competition and security policy realities. Digital sovereignty thus becomes a question of market structure: Is there freedom of choice? Are systems interoperable? Can providers be easily switched? Or do technical, contractual, and economic lock-in effects lead to factual dependency?

Microsoft as an Example of Lock-in Structures

Kipker cites Microsoft as a concrete example. The company has established a practice over the years of closely binding customers to its product ecosystem. Restrictive licensing conditions, subscription-based business models, product bundling, and limited compatibility with third-party providers lead to strong lock-in effects. These mechanisms continuously reinforce market power.

The dimension becomes particularly clear in public administration: In Germany, the dependency on Microsoft is around 98 percent, according to Kipker. Structures that have grown over the years, standardized procurement processes, and deeply integrated software solutions make it significantly difficult to switch providers. The recent cloud dispute in the Bavarian state government, where a Microsoft exit was ultimately not implemented, highlights the practical relevance of these dependencies.

Gatekeeper Role and Security Policy Implications

Kipker classifies Microsoft as a gatekeeper in the cloud and AI sector. In this context, he refers to reports that Microsoft allegedly handed over encryption data from its own Azure cloud platform to the FBI. For Kipker, the decisive point is not the handover itself, but the fact that a provider is technically capable of accessing such data.

Here, the discussion touches on the interface between market power and national security. When central digital infrastructures are controlled by individual providers, structural risks arise. Monocultures facilitate cyberattacks, as a successful attack on a dominant system potentially affects large parts of administration or the economy. Diversity and competition are therefore not only economic but also security policy factors.

Role of the EU Commission and Public Procurement

Kipker welcomes the fact that the EU Commission is investigating Microsoft’s gatekeeper function. From his perspective, competition law instruments are a central means of strengthening digital sovereignty. Where dominant market positions restrict competition, supervisory authorities must intervene.

At the same time, he sees a need for action at the national level. A more coordinated, central procurement strategy by the federal government could help reduce dependencies and systematically consider alternatives. The federal patchwork of different IT strategies, on the other hand, leads to inconsistent levels of sovereignty.

He also sees the Federal Ministry for Digital Affairs as having a duty to actively point out alternative solutions. The market already offers alternatives for many applications. What matters is that these are actually considered in procurement decisions.

Digital Sovereignty as a Long-term Process

A central argument of Kipker’s is: Digital sovereignty cannot be established in the short term. There is no “switch” that can be flipped. Global supply chains, international standards, and complex IT ecosystems make complete autonomy unrealistic.

Digital sovereignty therefore does not mean isolation. It means consciously managing dependencies, enabling competition, and keeping technical and contractual switching options open. Interoperability in Cloud Computing, open interfaces, and transparent contractual conditions are central levers.

Conclusion

The debate on digital sovereignty is gaining importance in light of geopolitical tensions and growing cyber threats. Dennis-Kenji Kipker’s contribution underscores that simple solutions are not enough. A blanket exclusion of certain providers falls short.

Instead, structural questions come to the fore: How are digital markets regulated? How are monocultures avoided? How can public institutions design their procurement strategies to strengthen competition, interoperability, and security?

Digital sovereignty is not a state, but a continuous design process. It arises through smart regulation, diversified infrastructures, and the consistent promotion of competition.