Digital dependencies are becoming a strategic risk for many organisations. Political conflicts, foreign legislation and proprietary technologies can affect the availability of critical systems or expose data to jurisdictions outside one’s control. The US CLOUD Act, for example, grants US authorities access to data held by American providers – regardless of where the data is stored. For organisations, this can mean loss of control and reduced operational readiness when it matters most.

As a result, digital sovereignty is gaining relevance – not as a buzzword, but as a prerequisite for long-term resilience.

What Digital Sovereignty Really Means

Digital sovereignty refers to the ability to make independent, informed decisions about one’s own data, systems and technologies at any time. It is not about isolation but about choice and control: external services can be used, provided the organisation maintains transparency, portability and the ability to switch if needed.

Dependencies often emerge gradually: through proprietary interfaces, low workload portability or reliance on specific legal frameworks. If a provider changes its APIs, faces geopolitical issues or withdraws services, core business processes can be affected. The Swiss Federal Audit Office therefore warns that cloud dependencies may endanger the availability of data and applications.

Sovereignty Washing: Local Labels Are Not Enough

With rising demand for “sovereign” solutions, more providers are adopting labels that signal independence. However, data centres located in Europe, data trustees or local partnerships do not automatically ensure true digital sovereignty.

Germany’s Centre for Digital Sovereignty (ZenDiS) warns against “sovereignty washing”: solutions that appear compliant with sovereignty requirements but still depend on proprietary technologies, lack portability or remain subject to foreign jurisdictions.

True digital sovereignty requires:

  • Open interfaces and standards
  • Verifiable vendor portability without operational risk
  • Full control over data and encryption keys
  • Transparency through inspectable code

A European label may support trust – but it cannot replace these fundamentals.

Open Source as the Foundation of Independence

Open source is a cornerstone of digital sovereignty. Transparent code and open standards prevent lock-in, improve interoperability and enable independent security assessments.
Public-sector examples illustrate this shift:

  • Schleswig-Holstein is gradually migrating parts of its administration to open-source solutions and multi-vendor models.
  • In Switzerland, the renewal of the EMBAG strengthens the preference for open technologies.
  • The network “Souveräne Digitale Schweiz” brings together stakeholders committed to strengthening digital independence.

Modern open-source ecosystems are driven by professional service providers with clear support models. Organisations gain transparency, influence over future development and long-term technological control.

Five Steps Towards Digital Sovereignty

Strengthening digital sovereignty does not require radical changes. Even incremental measures can have a significant impact:

  1. Analyse dependencies
    Identify critical systems and the providers, technologies and jurisdictions on which they rely.
  2. Use open standards
    Avoid proprietary formats; choose interoperable interfaces and portable data structures.
  3. Establish a multi-vendor strategy
    Reduce risk by distributing workloads instead of concentrating everything in a single cloud.
  4. Ensure data control
    Encrypt sensitive data and manage encryption keys internally.
  5. Test exit scenarios
    Assess regularly how services could be replaced or migrated if they became unavailable.

 

Conclusion

Digital sovereignty is not a political concept but a business imperative. It strengthens resilience and enables organisations to respond flexibly to change – especially in times of geopolitical uncertainty and dynamic technology markets.

Understanding dependencies, adopting open technologies and preparing alternatives helps secure technological independence and long-term organisational viability.

This article is based on the September edition of our column “Schlicht und einfach” in the Swiss IT magazine Inside IT. The original text was written by Markus Schlichting, CEO of Karakun, who regularly explores fundamental technology topics and their real-world implications in this column.

If you would like to understand how to identify dependencies, build sovereign architectures or implement open-source strategies effectively, we are happy to support you. We help organisations design sustainable and independent digital solutions.

Contact us!