SecureCloud was an exhibitor at KOMMUNALE 2025 in Nuremberg - Germany's leading trade fair & congress for municipal procurement and administration. For two days (October 22-23, 2025), mayors, procurers, IT managers and specialist departments met to talk about digital sovereignty, resilient specialist processes and practicable cloud strategies. The timing could hardly have been more timely: The large-scale cloud outage shortly before the trade fair impressively demonstrated how important availability, security and exit concepts are for the public sector. For us, it was a highlight in the annual calendar - with a strong team on site, demos of current use cases and many concrete discussions from the field.
"The mandate for action for local authorities is clear: ensure their ability to work - even when hyperscalers are shaky. This can be achieved with data residency in Germany, clear role rights and fast, reliable backup solutions."
- Marcus Müller, CEO & Founder, SecureCloud
Securing the ability to work: cloud, but confidently
The discussions at the stand revolved around three core topics: sovereign hosting in Germany, security by design in municipal specialist procedures and legally compliant e-signatures for council decisions, contract awards and personnel files. The key finding: it is not enough to go "somewhere in the cloud"; what is needed is an architecture that makes access, proof, restart and portability measurable.
"Municipal IT is not an end in itself. It is crucial that specialist departments remain capable of acting on a daily basis - with clear responsibilities, minimal hurdles and traceable evidence."
- Stanislaus Herzel, Head of Sales, SecureCloud
- Sovereign hosting & data residency: keeping legal spaces under control
Questions from the companies: Where are our files located? Who has technical access? How do we ensure portability for contract awards and exits?
Our approach in municipal projects:
- Operation in German data centers, client separation, end-to-end encryption.
- Customer key (BYOK), strict admin controls (four-eyes principle) and seamless logs.
- Export and archive interfaces (signed, verifiable archives) for audits, file management and exit scenarios.
Benefits: Legally compliant data storage under German/EU jurisdiction, transparent evidence for data protection, awarding authorities and auditing.
- Security by design in specialist procedures: Data protection as a standard approach
Instead of "securing" later, we build protection into the workflows: approvals with expiration date & watermarking, role-based rights, mandatory SSO/MFA, auditable logs. This creates productivity standards instead of security brakes.
What has proven itself:
- Secure collaboration: standardized release policies, encryption defaults, traceable versions.
- Identity-centered control (SSO/SCIM), clean offboarding and substitution rules.
- Resilience by design: Backups outside the primary stack, tested restore paths, defined RTO/RPO.
- E-signatures for the public sector: fast & legally compliant
Whether council resolutions, contract awards, personnel or public legal agreements: Electronic signature levels are selected to suit the process, including QES for written form requirements. Important are workflows without media discontinuity, comprehensible roles and verifiable archiving with time stamps.
Current priorities:
- Integrate QES cleanly into existing specialist processes (without shadow IT).
- Perform reliable identification once, then 2-factor signing with proxy roles.
- Ensure traceability & audit trails (time stamps, verifiability of the signature, audit-proof filing).
How secure are your processes? Our 30-day checklist
- Assess criticality per process and define minimum service level (RTO/RPO).
- Document data flows & storage locations (incl. third country reference, order processing, exit options).
- SSO + MFA mandatory; least privilege & four eyes principle for admins.
- Adopt e-signature policy for 3 core processes (committees, allocation, personnel).
- Test backup & restore in real life - incl. signed, encrypted exports.
- Practice emergency & communication plans (hotline, secure mail bridge) 2×/year.
- Store evidence for audits centrally & verifiably (logs, DSFA/ISMS artifacts).
KOMMUNALE 2025 - classification & outlook
KOMMUNALE underscores its status as the leading national trade fair for the public sector. In 2026, the decisive factor will be less the tool list than the ability to combine digital sovereignty, security and suitability for everyday use. Administration will become resilient when architecture, processes and procurement work together - with clear requirements for data locations, key sovereignty and exit scenarios.
FAQ
What is KOMMUNALE?
Germany's leading trade fair & congress for municipal procurement and administration - a meeting place for decision-makers from cities and municipalities.
When did KOMMUNALE 2025 take place?
On 22-23 October 2025 at the Exhibition Center Nuremberg.
What do municipalities learn from recent cloud outages?
Individual regions or services can fail - diversification, tested restart scenarios and portability of specialist processes are important.
After the trade fair is before the trade fair
Do you want to move specialist processes to the cloud securely and in compliance with procurement regulations? Let us advise you personally! - In 30 minutes, we will show you how digital sovereignty, security by design and e-signatures work together in practice.