Digital Sovereignty Guide

Austria's largest non-university research institution regularly conducts research, publishes, collaborates, and lectures on digital and data sovereignty. With their IT security solutions, the experts at the AIT Center for Digital Safety & Security aim to strengthen the competitiveness of Austrian products in the global market through Austrian know-how. They rely on machine learning to defend against future cybersecurity threats. The head of AIT, Helmut Leopold, strongly advocates for digital sovereignty as a prerequisite for a resilient society.

AIT is also involved in the GAIA-X Hub Austria.

The Bertelsmann Foundation, with its mission “Strengthening Democracy!”, is dedicated to digital sovereignty from a societal perspective. In 2020, it published a German reader on digital sovereignty as a concept for the European Union and formulated an approach for assessing Germany's and the EU's dependence on third countries. A German publication released in March 2024 discusses individual and state sovereignty in the context of digital infrastructures. Digital sovereignty in terms of the social participation of older people is another focus area of the foundation.

Founded in Romania in 2001, the company now has 1,800 employees and branches all over the world, although its headquarters remain in Bucharest. This European provider of solutions for the prevention, detection, and clean-up of cyber threats is fully compliant with all relevant regulations and directives. As a highly innovative company with hundreds of patents and a strong focus on security research, Bitdefender also contributes to Europe's technological sovereignty.

It is no coincidence that LANCOM Systems deliberately chose Bitdefender's European anti-malware engine as a trustworthy alternative following the acquisition of its previous service provider by an American company in 2024.

As a federal technology company, the Bundesdruckerei Group contributes to the digital sovereignty of Germany and Europe through the products and solutions of its subsidiaries. Its focus is on protecting digital and analog identities, infrastructures, communication, and data in the sovereign and regulated private sector. In its Innovation Hub, Bundesdruckerei develops solutions for the digital ecosystems of the future. Bundesdruckerei's information pages on digital sovereignty provide a good overview of these topics.

Bundesdruckerei is a member of the European Cybersecurity Organisation (ECSO).

Digital sovereignty is a priority topic for the German Federal Chief Information Officer (CIO for short). He is responsible for the technical and political operational management of IT and digitalization within the federal administration in Germany. As such, the CIO serves as the point of contact for the federal states and industry when collaborating with the federal government on IT issues related to federal administration. An introductory key issues paper, a paper on strengthening the digital sovereignty of public administration IT, and an analysis of the public administration's dependence on database products provide insight into the strategy and plans.

The Federal CIO launched the Center for Digital Sovereignty (ZenDis) in 2022.

The French company, with well-known clients such as Airbus and TBWA, was founded in 2011 and strongly advocates for strengthening the European economy, the strategic autonomy of the EU, and respect for European values and laws. Clever Cloud does not mince words when it promises its customers “immunity to intrusive extra-European laws with extraterritorial reach.” Additionally, the company's capital is wholly owned by Europeans, and its headquarters are in the European Union. The decision in favor of digital sovereignty is described as “an essential democratic issue, because any technological and economic dependence reduces our collective ability to make decisions in complete freedom.”

With the Data Intelligence Hub, T-Systems has created a trustworthy ecosystem for data exchange with cross-industry application options. Here, companies and public authorities can share, process, and analyze data on their own terms via secure connections. The platform and all services are interoperable and standards-compliant.

As an information and communication service provider for six federal states and a municipal IT association, Dataport develops IT solutions for public authorities and citizens to simplify administrative processes. These solutions include virtual servers*, citizen portals, and web-based applications ranging from youth welfare to urban planning, as well as a a digitally sovereign workplace* as an alternative to traditional office packages.

Dataport is a member of the OSB Alliance.

*German webpage only

The SAP subsidiary Delos Cloud GmbH was founded in July 2022 to establish a sovereign cloud platform for the efficient digitalization of public administration in Germany. The offering is being developed in close cooperation with the BSI (German Federal Office for Information Security) and meets the strictest technical, legal, and operational requirements. A simulation environment is available for testing initial application scenarios and preparing for the use of the cloud platform.

In a thought-provoking analysis , DriveLock examines geopolitical and social developments. Based on this, the specialist in preventive IT security solutions “made in Germany” outlines essential conditions for a secure and sovereign digital transformation that should enable both independence and the integration of global innovations. The proposed code calls for strategic relevance and technological excellence, European leadership and ownership, certifications with no back doors, flexibility and customer focus, sustainability, and social responsibility. One of the company's projects involves securing access to the sovereign Delos Cloud.

In March 2023, DriveLock and Enginsight formed a strategic alliance to develop security solutions for the needs of SMEs, public authorities, and companies belonging to the critical infrastructure.

DriveLock is a member of the European Cybersecurity Organisation (ECSO).

Founded in Jena in 2017, the company develops and distributes cybersecurity solutions for SMEs. The Enginsight platform and services combine risk analysis and cyber defense; the autonomous monitoring of the entire IT landscape is designed to minimize human errors and mistakes as much as possible.

Enginsight is a sponsor of the European Privacy Provided initiative and views the interplay between data protection and IT security as the ideal path to data sovereignty. Both disciplines share the goal of protecting data and systems from threats and ensuring the privacy of individuals.

With around 300 members from business, administration, research, and infrastructure, ECSO is committed to Europe's digital sovereignty, strategic autonomy, and cyber resilience through initiatives, events, studies, and statements. The organization brings together stakeholders from the private and public sectors and initiates joint activities.

Numerous projects at the research institute focus on data sovereignty and digital sovereignty, working in practical cooperation with companies and authorities. These developments include a modular ecosystem for 5G campus networks based on open radio technologies, a data and service ecosystem for the European data cloud, GAIA-X, and key technologies for future 6G communication networks.

Participation in GAIA-X

Founded in 1949, the Fraunhofer-Gesellschaft has had digital, technological, and data sovereignty on its agenda for years and has clearly positioned itself regarding Europe's ability to act. At its 76 institutes and research facilities, the topic is regularly addressed in pilot projects and with reference to key technologies – whether in the development of quantum-safe identities, open-source strategies for smart cities , or research into data governance in collaborative value creation.

"Digital sovereignty refers to an economic area’s ability either to develop for itself digital technologies that are critical for competitiveness and for the state’s ability to act, or to obtain such technologies without unilateral dependence on other economic areas.“ – Prof. Dr.-Ing. Albert Heuberger, Executive Director, Fraunhofer IIS

Europe's leading scientific institute for applied big data and AI research is concerned with how Germany and Europe can exploit the opportunities offered by large-scale AI models for technological sovereignty. The OpenGPT-X projectaims to help strengthen the freedom of choice for German companies and enhance digital sovereignty in the field of generative AI. In this context, the Fraunhofer Future Foundation is funding an AI-based language technology “Made in Europe”.

"Versatility, trustworthiness, multilinguality in German and other European languages as well as openness (open source) are key features of the models developed in OpenGPT-X.” – Dr. Nicolas Flores-Herr, OpenGPT-X project lead

The world's leading institute for cybersecurity and privacy protection launched a “Digital Sovereignty Action Series” back in 2014 and developed pilot applications for secure communication and cloud service usage. Today, the focus is on assessing, promoting, and managing the security of IT-based systems. A German manufacturer-independent protection system for virtual power plants, a start-up incubator for innovative IT security solutions, and a solution for protecting networks in the Internet of Things are just some of the initiatives that are always carried out in cooperation with companies and other institutions.

Over 300 organizations from business, politics, and science, including many SMEs, have joined the project for a sovereign data infrastructure. The aim is to create a secure digital ecosystem with common rules, interfaces, and control mechanisms, where data and services can be securely provided and shared. The joint project POSSIBLE, funded by the GAIA-X Hub Germany, is developing use cases and smart services for data spaces in the domains of education, SMEs, and administration.

Gridscale offers cloud infrastructure solutions for companies and developers – on-demand, on-premises, or at the edge as required – but in any case, digitally sovereign, in certified high-security data centers at European locations. The idea behind this is to provide medium-sized customers, in particular, with access to hyperscaler technologies in a secure environment.

Gridscale has been part of OVHCloud since August 2023.

Guardtime develops blockchain-based solutions for data integrity and security in the public, healthcare, energy, and financial sectors. Founded in Estonia, the company is involved in numerous international research and innovation projects, including initiatives focused on the resilience of power and energy systems, as well as a joint cross-border strategy for cybersecurity.

Guardtime is a member of the European Cybersecurity Organisation (ECSO).

Courses, knowledge podcasts, conference contributions, and project partnerships: Digital sovereignty is an important topic in the program of the Center of Excellence for Digital Engineering at the University of Potsdam. In 2023, researchers at the Hasso Plattner Institute focused on the German education sector, navigating the intersection of digitalization and sovereignty. An open-source learning platform, originally developed in 2017, is now being operated and further developed by Dataport as the "dBildungscloud“.

HPI is a cooperation partner of Bundesdruckerei's Innovation Hub.

The world's leading provider of semiconductor solutions for energy systems and the Internet of Things (IoT) is strongly committed to developing key technologies for the technological and digital sovereignty of Germany and Europe. Infineon is a founding member of the quantum technology consortium QUTAC, which aims to bring quantum computing to industrial applications. The company coordinates the CeCaS consortium* , which aims to create a supercomputing platform for highly automated, networked vehicles, as well as the EU project Powerized*, which focuses on transforming the energy market. Additionally, Infineon leads the AIMS5.0* project, where AI-supported electronic systems are designed to reduce energy and resource consumption in industrial production.

"Investments in key technologies are essential for achieving the climate targets. This can be achieved through research, cooperation with the best partners and innovations with real impact […]. Together, we can develop sustainable products and processes faster and make a decisive contribution to decarbonization and digitization. The results strengthen industry and Europe as a location in global competition. They bring more strategic autonomy for Europe and our society, secure supply chains and are a turbo for an energy-efficient future.“ Sabine Herlitschka – CEO of Infineon Technologies Austria AG

*German webpage only

The IONOS Group has been contributing to data sovereignty in Europe for years with secure, scalable, and compliant cloud solutions. Members of govdigital – including cities, municipalities, state, and federal institutions – can use the IONOS cloud platform for digital transformation. In spring 2024, the Federal Information Technology Center (ITZBund) commissioned IONOS to set up a private enterprise cloud for 200 federal administration authorities.

IONOS is also involved with infrastructure services in the HPI School Cloud of the Hasso Plattner Institute and in the digital workplace, which consists of web-based open source modules from Dataport. Additionally, IONOS is a member of the OSB Alliance and supports Privacy Provided.

The European Commission, several EU states, the federal administration and ministries, and numerous federal states use communication and collaboration solutions from Nextcloud. With Nextcloud's open-source collaboration platform, companies, authorities, and institutions retain control over business-critical and sensitive data. In cooperation with the Bechtle group, Nextcloud Hub has also been available as a managed cloud service since mid-2024*.

Nextcloud is a member of the OSB Alliance.

*German webpage only

In May 2024, the Dutch semiconductor company and its partners presented the first ion trap-based quantum computer demonstrator, which was manufactured entirely in Germany. It was commissioned by the DLR Quantum Computer Initiative (DLR QCI) to advance quantum computing in Germany. The demonstrator will be set up at the DLR QCI Innovation Center in Hamburg.

“We are convinced that industry and research communities in Hamburg and throughout Germany will benefit from this project. It will help to build up and expand important expertise in quantum computing, to use it for the economic benefit of us all, and also to further strengthen our digital sovereignty in Germany and the EU.“ – Lars Reger, CTO

The OSB Alliance regards open source and open standards as basic prerequisites for digital sovereignty, flexibility, and security in digital transformation. As the Federal Association for Digital Sovereignty, it represents 200 member companies from the German open source industry. Through conference appearances, events, publications, and projects, the OSB Alliance aims to raise public awareness of the importance of open source for a digitally sovereign society. The ultimate goal is for open source to become the standard in public procurement, research, and business development.

The OSB Alliance is also involved in the development of the Sovereign Cloud Stack (SCS) for GAIA-X.

OpenProject's project management and collaboration software was developed as an open-source alternative to many proprietary (US) systems, such as Jira. For companies, OpenProject offers a cloud edition, hosted securely and GDPR-compliant in a data center within the European Union. Its customers include cities, hospitals, NGOs (non-governmental organizations), universities, and research institutes.

“OpenProject is targeted at organizations that want to positively impact the world. We provide a project management software that promotes data sovereignty, open source and collaboration,” said Niels Lindenthal, founder and CEO.

OpenProject cooperates with Nextcloud and is involved in “Sovereign Workplace” project.

The business customer division of the French telecommunications group, Orange Business, has been offering sovereign cloud solutions that comply with local regulations and legal requirements. Data is stored in data centers operated by Orange Business in Germany, Sweden, the Netherlands, and Norway.

Orange Business was a founding member of GAIA-X and is also a member of the European Cybersecurity Organisation (ECSO).

OVHcloud is one of the largest European providers of cloud solutions, including those for the public sector. The French company explicitly speaks out against uncontrolled dependence on a small number of cloud providers, as this could jeopardize data protection and diversity in the international cloud market. Data sovereignty , on the other hand, serves to protect and provide freedom of choice for public authorities, companies, and citizens.

“At OVHcloud, we believe that the ability to exercise our digital sovereignty is key to ensuring our users’ freedom. […] We will stay true to the original promise of the internet: to make the digital world an area of freedom, autonomy and collective innovation.” – Michel Paulin, CEO

Data protection, legal security, strategic flexibility, and influence on the sustainability of IT systems are cited by Holger Dyroff, co-founder and COO of ownCloud, as key reasons for the planned transition of many companies to European cloud solutions. Since these providers are subject to European legislation, the compliance of these solutions can be trusted.

“When companies use software from clouds of European providers, they get their digital sovereignty back.“ – Holger Dyroff

The economic initiative, founded in 2021, views Europe's strict data protection laws, which favor the rights of individuals, as a valuable cultural asset and a competitive advantage. According to Privacy Provided, data protection and digital sovereignty are not contradictory.

Supported by its member companies – including LANCOM Systems – and prominent representatives, the organization educates businesses on data protection issues. It aims to dismantle entrenched positions, such as viewing data protection as either an opportunity or an innovation barrier, and offers, among other things, a fireside talk with Edward Snowden.

With trustworthy and compliant solutions for the cybersecurity of networks and applications Rohde & Schwarz Cybersecurity ensures digital sovereignty in both the public and private sectors. All of its high-security products meet the diverse requirements of government institutions, companies, and critical infrastructure (KRITIS), with the entire value chain under the company's control. To ensure maximum endpoint security, Rohde & Schwarz offers, among other things, a virtual web browser developed in collaboration with the German Federal Office for Information Security (BSI), security management systems, network encryptors, identity managers, and a Zero Trust-based VPN client.

LANCOM is a wholly-owned subsidiary of the German technology group Rohde & Schwarz GmbH & Co. KG, headquartered in Munich.

“As CEO of the only German IT network manufacturer, I would like to emphasize the importance of a digital ecosystem that can be operated securely and autonomously. The past few years in particular have been characterized by uncertainty and disruption, and have made many companies aware of how dependent our economy is on global supply and value chains. That is why we must see it as our task to work on a more sovereign Europe, especially in the field of key technological sectors.“ Ralf Koenzen – CEO LANCOM Systems

Rohde & Schwarz Cybersecurity is a member of the European Cybersecurity Organisation (ECSO).

Secunet AG is dedicated to protecting digital infrastructures, systems, networks, and confidential data. Its clients include federal ministries, federal and state authorities, DAX corporations, international agencies, and organizations. The crypto solution SINA (Secure Inter-Network Architecture) is used by numerous government institutions. A cloud ecosystem that has considered specific security, sovereignty, flexibility, and interoperability requirements from the start aims to enable independence from hyperscalers in sensitive areas.

Secunet is a member of the European Cybersecurity Organisation (ECSO) and the OSB Alliance.

SUSE Software Solutions Germany GmbH is the largest independent open-source company in the world. Since 1992, it has been developing and distributing its solutions, now catering to all major industries and the public sector. The Linux-based operating system, SUSE Linux Enterprise, is a standard in many companies for secure data processing in data centers, the cloud, and at the edge. In the SUSE blog, an author references the Digital Dependence Index, which states that Germany is 82 percent dependent on foreign software, hardware, and intellectual property rights, and describes seven steps to achieving greater digital sovereignty.

SUSE is a member of the OSB Alliance.

On the one hand, the multi-cloud universe is expanding; on the other hand, the pressure on companies regarding security and data protection is increasing. A well-thought-out strategy for digital sovereignty can be helpful, according to the website of the Thales Group, based in Paris. With solutions for identity and access management (IAM), companies can protect sensitive data, prevent unauthorized access, and ensure compliance with legal regulations. In several publications – including a data sheet, an e-book, a white paper, and a case study – Thales advocates for greater digital sovereignty.

Thales is a member of the European Cybersecurity Organisation (ECSO).

As a provider of open-source solutions for identity and access management, IT infrastructure management, and seamless application integration, Univention is committed to the digital sovereignty of companies, government institutions, and the education sector.

Peter Ganten, CEO of Univention, is also a board member of the OSB Alliance.

The Center for Digital Sovereignty (ZenDis), founded in 2022, supports public administration in Germany in the independent use of digital technologies. To this end, the "start-up within the state" promotes and develops alternatives to commonly used applications based on modern, powerful, and scalable open-source software – such as a platform for sharing open-source software and an office and collaboration suite.