The availability of digital systems in Europe tends to rely on peaceful US relations. Ministries, municipalities, critical infrastructure, and private institutions have become heavily dependent on American cloud services. The most ambitious politicians claim that a truly European sovereign cloud is “within reach.” Can we expect to be freed from US hyperscalers any time soon? And is the alternative to this foreign public cloud mature enough to be a genuine possibility?
The road to digital sovereignty isn’t traveled in a single step. The German state of Schleswig-Holstein has been working hard for years to get rid of Microsoft, for example. Back in 2021, the state announced it would move away from Microsoft 365 and adopt LibreOffice for its productivity suite. Today, Windows systems and SharePoint domains still keep Schleswig-Holstein’s IT services running, even though Exchange Server was phased out in late 2025. At any rate, the evidence is in: an arduous task awaits anyone looking to sever US ties in the digital realm.
Bit by bit
The acquisition of Solvinity by IBM spinoff Kyndryl has caused an uproar in the Dutch House of Representatives. Solvinity, an originally Dutch firm, is in charge of maintaining the country’s digital identity system DigiD. Think of DigiD as the access point to just about any and all personal data the government requires, from taxes to driver’s license information and beyond. Members of parliament across the political spectrum argue that an alternative to Microsoft and Google could make the Netherlands digitally independent in relatively short order. Public broadcaster NOS figures show that such autonomy would require a major turnaround for public institutions. Roughly 90 percent or more of all municipalities, education facilities, hospitals, provinces, media, and otherwise “vital companies” are customers of American cloud services. Usage varies – the NOS refers to plenty of use cases, such as the usage of servers managed by American companies, email services, or Teams. Some of these entities may be able to migrate to European alternatives easily – many may not.
It is certainly possible to gradually move away from American services. Pick any IT component and you’ll be able to find an ‘open’ alternative. Please note that this does not necessarily mean one can find a genuinely European alternative. Open-source components are just as relevant for initiatives such as European Alternatives to mention alongside German, Swiss, or Italian providers. This is striking, given that there is no such thing as an ‘open-source’ nationality and the maintainers of the largest open-source projects are often from the US—or Russia, or China, or other countries Europeans may not want to be relying upon.
Without open source, however, Brussels currently has no story to tell. In its ‘Call for Evidence’, the European Commission hopes that an EU-wide approach to open source will emerge to promote sovereignty and commercial results.
Where do you draw the line?
There are no European equivalents of the American hyperscalers, let alone national ones. Although OVHcloud, Intermax, and BIT can be proposed as alternative managed locations for Azure, AWS, or Google Cloud, they are not comparable to those services. They lack the same huge ecosystem of partners, are less scalable, and are simply less user-friendly, especially when adopting new services. The reality is that many software packages also accompany the move to the cloud with a departure from on-premises. One such example is Atlassian (Jira and Confluence), where development of the Data Center product will cease this year. As a result, agencies that use such tools are dependent on support via EU alternatives to the public clouds. Finding a version of what you were running in the public cloud and having everything work as intended away from AWS, Azure or Google Cloud is not going to be easy.
More importantly, the discussion about digital sovereignty tends to focus either on an absurdly large scale or a laughably tiny one. According to that same NOS, Dutch cloud entrepreneurs are calling on politicians to “make a start (emphasis by yours truly) by switching to a Dutch email system or a Dutch cloud.” The former is feasible in the relatively short term, while the latter may require years of migration preparation. It is as much a ‘start’ of a digital migration as it is an end. Good luck transferring a system with deep AWS integrations to another location (even another public cloud). Although cloud-native principles would allow the same containerized workloads to run elsewhere, that has no bearing on the licenses purchased, compatibility and availability of applications, scalability, or ease of use. A self-built variant inside one’s own data center requires new expertise and almost assuredly a larger IT team. This is something one would require of government entities at a time when government budgets are more likely to decrease than increase.
Moreover, what constitutes sovereignty? Must the server chips also be of European origin, and not from Intel or AMD? Are sovereign AI data centers only possible without Nvidia’s involvement? Which Linux distributions do we trust, only those from SUSE or also from Red Hat, as long as they are managed by Europeans? If there is open-mindedness in these areas, we may once again ask ourselves whether options such as the AWS European Sovereign Cloud are sufficient in a similar vein.
A success on paper, but a potential disaster
We assume that Schleswig-Holstein will do just fine without its Microsoft licenses. Initiatives by the French government and the International Criminal Court also appeal to the imagination – perhaps digital autonomy is easier than it seems. Go through the entire IT stack and you can purchase European endpoint security, run open-source productivity suites, and even rely on national DDoS mitigation rather than the likes of Cloudflare. We have no bias at all against these solutions, but these are far from best-of-breed solutions. Anyone who looks at the immense scale of thwarted DDoS attacks by Cloudflare or Microsoft will feel at least some anxiety when a smaller party with fewer resources is tasked with doing the same thing. The trusted players are not only ballast for digital dependence, but have also become prominent for plainly obvious reasons. Like a flywheel, the scale of their customer base, capital from licensing revenues, and the talent they have attracted have led to mature products that cannot simply be replaced.
In some areas, European alternatives will be perfectly capable of replacing American software. However, there is no guarantee that a secure, consistent, and mature offering will be available in every area, from networking to AI inferencing and from CRM solutions to server hardware. The reality is not only that IT players from the US are prominent, but that the software ecosystem is globally integrated. Those who limit their choices must be prepared to encounter problems. The question is whether data leaks, downtime, and expensive legacy products will expose the weaknesses of carelessly chosen alternatives in the long term. It will be difficult to prove this, of course, but the potential risks must be clear before agencies move away from American solutions.
In the coming years, expect many municipalities, provinces, ministries, and other agencies to take “the step” toward sovereignty. However, do not assume that this will happen overnight, and certainly not that it will be accomplished with a single replacement. Only the smallest organizations with minimal IT use can easily break free from American influence. The idea of choosing European software solutions wherever possible is defensible. But the expectation that this will not cost any pain, effort, or time is naive. Not to mention all the potential unforeseen negative consequences.