Foreword | Digital sovereignty is not negotiable — especially not for your own data

At a time charac­te­ri­zed by global uphe­aval and rapid tech­no­lo­gi­cal change, the economy, state and society are confron­ted with a funda­men­tal chall­enge: digi­tal sove­reig­nty. This is no longer just an abstract poli­ti­cal buzzword, but a stra­te­gic neces­sity that will deter­mine the future viabi­lity of our compa­nies and our commu­nity. The world of finance plays a central role in this. As part of the criti­cal infra­struc­ture of any modern state, it is at the heart of this development.

Digi­ta­liza­tion is the irre­fu­ta­ble engine of our time, driven by an expo­nen­ti­ally growing flood of data. Compa­nies that do not gene­rate digi­tal added value are incre­asingly unable to act. And data is the “fuel” of our digi­tal value crea­tion. Howe­ver, this trans­for­ma­tion also harbors risks that jeopar­dize our self-deter­­mi­na­­tion and free­dom of action. Digi­tal sove­reig­nty means main­tai­ning control over our digi­tal infra­struc­tures and data and avoi­ding depen­dence on indi­vi­dual provi­ders. It is the basis on which we can shape our digi­tal future secu­rely and independently.

Between self-percep­­tion and exter­nal determination
Howe­ver, our analy­sis of the German market shows that the self-asses­s­­ment of many compa­nies is too opti­mi­stic. It is true that 89% consider the topic of digi­tal sove­reig­nty to be important. A further 59% feel that geopo­li­ti­cal deve­lo­p­ments are making it more rele­vant — but the imple­men­ta­tion of their own inde­pen­dence efforts is lagging behind. There is still a great need for action, parti­cu­larly when it comes to central levers such as the exclu­sive use of German data centers, coope­ra­tion with dome­stic provi­ders or the increased use of open source solu­ti­ons. This leads to considera­ble depen­dence on non-Euro­­pean, parti­cu­larly US providers.
Their offe­rings only meet our German and Euro­pean data protec­tion stan­dards to a limi­ted extent. — Laws such as the US CLOUD Act allow US autho­ri­ties to access data stored by US compa­nies in the cloud, regard­less of where it is stored. This under­mi­nes trust in data sove­reig­nty in the long term.

Know your own vulnerabilities
The finan­cial system in parti­cu­lar, which, like the energy supply and trans­por­ta­tion sector, is part of the criti­cal infra­struc­ture, is in the cross­hairs of these deve­lo­p­ments. Cyber­at­tacks are now a central compo­nent of hybrid warfare.
The number of ransom­ware attacks is incre­asing drama­ti­cally and ransom­­ware-as-a-service (RaaS) is signi­fi­cantly lowe­ring the barriers to entry for crimi­nals. In the first half of 2024, 83% of German compa­nies fell victim to a ransom­ware attack — almost twice as many as in the same period last year. State-spon­­so­­red APT (Advan­ced Persis­tent Thre­ats) groups are incre­asingly targe­ting criti­cal infra­struc­tures, exploi­ting zero-day vulnerabi­li­ties and orchest­ra­ting disin­for­ma­tion campaigns to exert poli­ti­cal influence. The attacks are complex, well-orga­­ni­­zed and use cutting-edge tech­no­lo­gies such as gene­ra­tive AI to auto­mate phis­hing campaigns and create deepfakes.

The conse­quen­ces of losing control of your own digi­tal services can be devas­ta­ting. Howe­ver, these do not neces­s­a­rily have to be of mali­cious origin, as an update error by the cyber­se­cu­rity company CrowdStrike in July 2024 showed. Within a few hours, the update para­ly­zed around 8.5 million Windows compu­ters world­wide. Super­mar­kets, banks, hospi­tals and TV stati­ons were also affec­ted. Such an event shows us the fragi­lity of a world domi­na­ted by digi­tal mono­po­lies. It under­lines the urgency of regai­ning control over our digi­tal infrastructures.

Beco­ming inde­pen­dent again
The ques­tion of digi­tal sove­reig­nty inevi­ta­bly leads us to the funda­men­tal decis­i­ons we make every day. How can we ensure trust and inde­pen­dence in the digi­tal space in the face of this comple­xity and the incre­asing threat situa­tion? One approach that we as a Schwarz Group company are taking is to create digi­tal infra­struc­tures that are funda­men­tally commit­ted to the Euro­pean values of data protec­tion and self-deter­­mi­na­­tion. The aim is to estab­lish solu­ti­ons that enable compa­nies to main­tain their data sove­reig­nty. This includes cloud plat­forms that operate with geo-redun­­dant data centers in Germany and Austria and are ther­e­fore subject to Euro­pean law. Such an approach not only protects against unaut­ho­ri­zed data access, for exam­ple by foreign autho­ri­ties under laws such as the US CLOUD Act. It also ensu­res the neces­sary trans­pa­rency and the free­dom to migrate data as requi­red. With an approach to using open source tech­no­logy, the company’s own free­dom of choice is streng­the­ned — and vendor lock-in is avoided.

Acting ahead as a leitmotif
Digi­tal sove­reig­nty is not a luxury, but a neces­sity. It is the key to remai­ning compe­ti­tive, resi­li­ent and capa­ble of acting in the long term in a networked but fragile world. Poli­ti­ci­ans have the task of crea­ting the frame­work, but it is up to all of us — the decis­­ion-makers in busi­ness, finan­cial insti­tu­ti­ons and the public sector
— to take this path with determination.

We need to look ahead. And even more: we must act ahead.
By focu­sing on sove­reign solu­ti­ons that reflect our values,
we not only secure our own data and busi­ness, but also contribute
to shaping an inde­pen­dent and digi­tally leading Europe.

Chris­tian Müller & Rolf Schumann