Putting digital sovereignty to work
Without digital sovereignty, organizations operate at the discretion of external actors – be they private corporations or foreign governments. Sovereignty is not a luxury; it is a prerequisite for resilience, democratic integrity, and the long-term credibility of the very institutions that serve society. By now, we know this… but where to start?
Diagnosis and prioritization
First, we must diagnose the cause of the symptoms – i.e., perform an analysis of the current services and products in use. Across organizational levels, what technologies are in use? Who am I dependent on because of that usage? What contracts are in place?
Today’s systems are not singular products but multi-featured so-called off-the-shelf solutions. They are characteristically cost-effective and easy to deploy. What is commonly referred to as ‘the cloud’ is, in reality, a composite of technological features and services. Similarly, an email client also relies on some DNS services, an analytics dashboard might stream data to (external) servers, and internal databases may run on platforms governed by third parties.
Simultaneously, these solutions create complex webs of tools, many of which are not immediately visible or easy to untangle. Prioritization is therefore key. By deconstructing the digital stack, one can identify critical points of exposure – tolls that are indeed critical to the organizations’ core function. Not every system requires the same degree of sovereignty: areas involving personal data, core assets, or administrative functions should be prioritized.
Prognosis and action pathways
Once dependencies are identified, we face a strategic choice about how to respond. Two broad pathways emerge:
1.
Adopt (European) open-source solutions
The Linux Foundation have noted that open-source solutions have matured to the point where they can be considered as viable alternatives. Solutions indeed exist that align with the panoply of desired non-functional requirements (e.g., modularity, scalability, usability). These solutions offer governments not just cost savings, but control – over code, over updates, and over deployment. The German state of Schleswig Holstein has courageously lead the way in this respect, pioneering the successful adoption of LibreOffice combined with Linux at scale. The Netherlands is in the starting blocks with Mijn Bureau. By push of the European Commission others are likely to follow suit. Courage is required.
2.
Local innovation and ecosystem building
In parallel, countries are investing in digital public infrastructures (DPIs) – be they local clouds, software cooperatives, or locally governed services. (In some sense, OpenDesk could be viewed as DPI.) Though larger in ambition, these present a long-term opportunity: to anchor critical digital infrastructure within domestic control (legal plus organizational), while supporting local industry and innovation. Familiar examples, though also with their own share of criticism, are India’s Aadhar system for digital identity or Estonia’s data exchange system X-Road. As per the University College London, the list of DPIs is growing. Much is to be learned from them.
Neither path is without trade-offs, nor does one work without the other. Open-source adoption requires capabilities and supportive ecosystems. Local alternatives may lack features in initial stages. But the alternative – continued reliance on foreign-dominated, black-box systems – is untenable. Public institutions must lead by example with the aim to balance short-term sovereignty with long-term strategic resilience. This is not a binary choice, but a continuum – one we can solve together, without trepidation.
Treatment, planning and managing the transition
Pursuing digital sovereignty is not a matter of choosing between open-source adoption or local innovation – real progress requires a deliberate combination of both. Finding a balance is supported by a clear plan of attack.
The first step is to identify and begin substituting technologies where mature (open-source) solutions exist. This is the most actionable path for achieving early wins. Productivity tools, email systems, collaboration platforms, content management systems, and identity solutions are among the components where replacement is often feasible without sacrificing usability or functionality. Collaboration, at the EU level, is probably a good idea.
In parallel, institutions must invest in the development of local solutions. This may be via the support of public-private partnerships or by cultivating domestic vendors. One success story for the latter is the Centre for Digital Sovereignty founded in December 2022 by the German Federal Ministry of the Interior, the orchestrators behind openCode and openDesk. For the latter, we can still look to Germany with the state-sponsored Sovereign Tech Fund. Though investments take time to bear fruit, but they are essential for establishing a sustainable foundation for digital autonomy.
Again, these two paths are not followed in isolation. Early open-source adoption helps to build technical readiness and governance structures that can later support more complex transitions to DPIs. Similarly, lessons from early implementation can feed directly into policy design, standards development, and capacity-building programs.
Monitoring and staying adaptive
No strategy is complete without monitoring. Governments should establish a framework for monitoring progress toward sovereignty – tracking both quantitative indicators (e.g., reduction in dependencies, cost savings, uptime) and qualitative outcomes (e.g., user trust, policy alignment, resilience to external disruptions). The European Commission’s Cloud Sovereignty Framework is just the starting point.
Monitoring should be adaptive. As technologies, standards, and threats emerge, policy responses must adapt. What is unfeasible today may be in the near future – especially as our European neighbors pursue the same goals of digital self-determination.
Outlook
Pursuing digital sovereignty is not only about reducing risk; it is also about leading with integrity. Organizations that take actionable steps today position themselves as international thought leaders tomorrow. Sovereignty is a source of competitive advantage –supporting local innovation and enhancing public trust pays off.
Ultimately, digital sovereignty is not a retreat from global cooperation - it is a necessary foundation for participating in it with confidence and resilience. Policymakers have a responsibility to ensure that the digital infrastructure underpinning public life reflects democratic values, legal oversight, and strategic foresight.
Disclaimer: none of the initiatives or tools mentioned are endorsed by the author or his affiliations.
Questions? Get in touch with the author
-
Tom Barbereau
Functie:Scientist Specialist Digital SocietySpecialisatie niet bekendMy name is Tom Barbereau and I am a Scientist Specialist at the research group on Digital Governance and Regulation. I bring passion for disruptive technologies' impact on organisations, modes of governance, and society at large.
-
E-mail:E-mail Tom
-
LinkedIn:Tom on LinkedIn
-
