DEXIT from the US tech stack? The German Bundestag also wants to move away from Microsoft & Co.

According to heise online, the Bundestag is also planning a major IT overhaul to mark the occasion. The goals: less dependence in administration on US tech giants such as Microsoft, Google or Amazon, as well as more sovereignty through European solutions - preferably open source.

The planned change is politically explosive, but above all practical: more than 10,000 jobs in the Bundestag administration are currently dependent on Microsoft 365 alone.

What is exciting is that the whole thing is not just a "symbolic project". There are very concrete change projects in the pipeline (e.g. with Delos as a bridge) - and a more consistent focus on European platforms in the long term. A first concrete step: the Bundestag is expected to introduce Wire - currently the only chat tool approved by the BSI for use with "classified information".

And: the Bundestag is not alone. The direction is also becoming clearer at EU level. The EU Parliament has already announced greater independence from US infrastructures and stronger support for European open source and AI approaches.

Dependence is a risk - not just a purchasing problem

"Digital sovereignty" sounds like a strategy paper. In reality, it is a simple question:

Will you remain able to work if geopolitical pressure, legal conflicts or a provider decision change the rules of the game?

This is particularly relevant for companies with sensitive data:

• Health data (clinics, medical centers, research)
• Financial data (banks, insurance companies, FinTechs, asset managers)
• Client data (law firms, tax consultants, auditors)
• Intellectual property (industry, engineering, R&D, patent law firms)

If access, availability or verifiability are compromised here, it is not just "IT" that is affected - but operations, liability, reputation - and in many cases the management is liable.

How big is the dependency really?

For years, Europe has been discussing the fact that many central digital services and platforms are dominated by a few non-European providers. In the current debate, it is often pointed out that Europe's digital dependency is very high in many areas - and that sovereignty is more than just a label: it is about robust controls, scope and evidence.

What experts are specifically warning against - and why this hurts sensitive data

In many specialist debates, the risks repeatedly revolve around four very specific points:

1. Legal and access conflicts
   If providers are located in other jurisdictions, this can lead to conflicts of interest - for example with support access, admin rights, disclosure obligations or sanctions.
   
   
2. "Single point of failure" through concentration
   When collaboration, identities, cloud storage and communication are tied to a few large platforms, every incident quickly becomes critical.
   
   
3. Lock-in through tool chains
   Office + identity + collaboration + interfaces + security = switching becomes expensive and organizationally painful.
   
   
4. Incident and audit readiness
   Especially with health, financial and client data, what counts in an emergency is: Who had access? What was affected? When? Without clean logging, rights and versions, things quickly become unpleasant.

One example that is fueling the debate: the case surrounding the International Criminal Court (ICC) and its dependence on US services is being cited in the public debate as a warning signal for "digital autonomy".

Who is already switching - and what companies can learn from this

1) Schleswig-Holstein: Switching offices in a real company

Schleswig-Holstein officially announced that LibreOffice has been widely rolled out in ministries and authorities and that "almost 80 percent" of workstations have already been converted

This is relevant for companies with sensitive data because it shows that switching is not a "laboratory project", but can work in everyday life - including the typical hurdles (specialist procedures, training, change).

2) Federal government: openDesk & ZenDiS as an alternative to monoculture

With openDesk, there is an initiative that explicitly aims to reduce dependencies. heise reported on the further development towards enterprise maturity.

ZenDiS (Center for Digital Sovereignty) is the central office at federal level for sovereign solutions in the administration.

3) Denmark: Ministry of Digital Affairs adopts Microsoft Office

The Danish Ministry of Digital Affairs has announced that it will switch to LibreOffice - with the aim of reducing dependencies on a few large providers.
The EU portal Open Source Observatory (OSOR) also classifies the initiative as sovereignty-driven.

4) France: 2.5 million employees to replace Teams/Zoom

According to AP, France is planning to switch from US tools such as Teams/Zoom to a national solution ("Visio") for around 2.5 million civil servants by 2027.

5) ICC: Switch to openDesk confirmed (sovereign collaboration in response to dependency)

The EU portal OSOR reports that the ICC has made the switch from proprietary suites to openDesk and that this has been confirmed by a spokesperson.

And the private sector? Why companies now (have to) follow suit

For companies, the pressure often comes from three directions:

• Regulation & audits (e.g. in finance/health, but also via supply chain requirements)
• Customer requirements (data location, evidence, access control, incident readiness)
• Risk management (resilience, exit capability, dependencies)

What companies with sensitive data should now do pragmatically (without a "hard cut")

Anyone responsible for health data, financial data, client data or IP should not try to implement "everything at once". A controlled restructuring is more likely to be the method of choice - as discussed by the Bundestag.

1) Secure external sharing (immediate lever)
Email attachments and uncontrolled links are the classic. Goal: secure sharing, revoke access, cleanly control rights.

2) Make collaboration & document work sovereign in a controlled manner
Important for audit and incident cases: Rights, versions, traceability.

3) Clean digital mapping of signatures & approvals
This speeds up processes and reduces shadow workflows, especially in law firms, finance and the healthcare sector.

4) Establish backup/restore as a resilience test
Sovereignty also means: How quickly can you get back to work after ransomware or operating errors?

Where SecureCloud specifically helps (for sensitive data, without tool theater)

We see time and again in projects: sovereignty is decided in everyday life - when sharing, editing, releasing and restoring.

• SecureShare: sensitive data exchange with external parties, withdraw rights, retain control
• SecureWork: collaboration without copy chaos, with traceable rights/versions
• SecureSign: digital signing, traceable in the process
• Backup: plan, test and secure recovery

If you are currently discussing internally "How do we get started without disrupting operations?" - this is exactly the moment when a brief exchange makes sense.

Conclusion: the trend is here - this time with implementation, not just demands

Bundestag, EU Parliament, Schleswig-Holstein, Denmark, France: the direction is clear. And for companies with sensitive data, the issue is not "political", but simply risk management.

FAQ

What does digital sovereignty mean for companies in concrete terms?
Control over data, access and operating models - plus the ability to exit if providers, policies or risks change.

Should I switch completely away from all US providers immediately?
No. Many authorities and companies are taking a step-by-step approach: Data exchange, collaboration, signatures, backup/restore - only then come the big platform decisions.

Which areas are most critical for sensitive data?
External data exchange, access control, traceability (logs/versions) and restoration.

How can I share sensitive files securely with external parties (clients, partners, patients) - without email attachments and without losing control?
With SecureShare, files/folders can be shared via a secure link or invitation, granularly authorized (e.g. read only, upload allowed, expiration date) and access can be revoked at any time. This replaces typical "shadow IT" workarounds and remains auditable.

How does collaboration on sensitive documents work without copies being created everywhere ("final_final") and nobody knowing what applies?
With SecureWork, the team works in a central, controlled environment: clear rights, versioning and traceable changes ensure that there is a reliable "single source of truth" - important for IP, financial documents, patient documents or contract statuses.

How do I get signatures and approvals digitally, without scan-per-mail, media disruptions and chaos in the filing system?
With SecureSign, signatures and approvals are digital and traceable: less e-mail ping-pong, fewer manual steps, clean documentation. This saves time and reduces risk, especially for contracts, powers of attorney, consents and DPAs.

Would you like to find out more?