Microsoft instead of OpenDesk? Digital servitude? Bavaria's billion-dollar bet and the revolt against Microsoft

Trapped in a data dilemma: Europe's dangerous dependence on Microsoft

An unprecedented data crisis and a battle for Europe's digital future are currently shaking up politics and administration. At the heart of the conflict lies the massive dependence on Microsoft products, which has been cast in a new, alarming light by recent events. The turning point came in the fall of 2025, when the International Criminal Court (ICC) decided to completely replace Microsoft with the German open-source solution OpenDesk. The trigger was a politically motivated act: After the US government imposed sanctions, Microsoft blocked the email access of the ICC's chief prosecutor – a single mouse click was enough to severely impact an international judicial body.

This incident, however, is just the tip of the iceberg in a fundamental conflict between European data protection law and American legislation. The illusion that data stored in the EU was safe from access by US authorities was finally shattered when a high-ranking Microsoft manager had to admit under oath before the French Senate that he could not guarantee precisely that. The US CLOUD Act obliges American companies to hand over data, regardless of where it is stored, and thus directly contradicts the European General Data Protection Regulation (GDPR).

While institutions like the ICC and numerous German authorities are taking the initiative and switching to open-source alternatives to regain their digital sovereignty, Bavaria, of all places, is taking the opposite, highly controversial approach. With a planned multi-billion-euro deal, the state government intends to bind its entire administration to Microsoft – without a public tender and against the warnings of data protection advocates and the local IT industry. Europe is thus at a crossroads: Will it succeed in embarking on a self-determined digital future, or will the costly and risky dependence on US technology companies become entrenched?

Suitable for:

• Digital independence: Europe's radical plan to loosen from the USA - the Karim Khan case was a wake -up call

When a single mouse click is enough to paralyze international justice – The International Criminal Court as a harbinger of a European IT revolt

The International Criminal Court's decision in the fall of 2025 to completely replace Microsoft products in its administration with the German open-source solution OpenDesk marks a highly significant turning point, both economically and politically, in Europe's handling of its digital infrastructure. This measure was a direct response to a geopolitically motivated event: after the US government under Donald Trump imposed sanctions on senior ICC officials, Microsoft blocked Chief Prosecutor Karim Khan's email access. A single mouse click was enough to hinder the work of an international institution responsible for prosecuting the most serious crimes against humanity.

The move to OpenDesk is far more than just IT modernization. Rather, it demonstrates for the first time, in a globally visible way, just how much software has long since become a lever for exercising international power. Whoever controls digital infrastructures can dictate the actions of other actors or paralyze them. The fact that an institution like the International Criminal Court is falling victim to such instrumentalization exemplifies the explosive nature of this debate. The consequence is clear: around 1,800 jobs at the ICC are being migrated to OpenDesk, a platform developed by the Center for Digital Sovereignty, designed to enable strategic independence from US technology companies.

Europe's structural dependence on US IT infrastructure

Long-term market analyses and current expenditure statistics confirm the fundamental dependence of European public administrations on US IT providers. In Germany, for example, around 96 percent of daily office workstations and basic IT services in federal agencies rely on Microsoft products. Federal government spending on proprietary software, particularly license fees and administrative costs, increased from approximately €771 million in 2017 to well over €1.2 billion per year in 2024. This represents an increase of about 57 percent within seven years. In the area of ​​cloud services, costs at the federal level alone rose from €136 million in 2021 to €344 million in 2024.

At the same time, European alternatives like OpenDesk are currently only being used sporadically. According to current forecasts, around 160,000 jobs in Germany's public administration are expected to migrate to OpenDesk by the end of 2025. This corresponds to roughly ten percent of all relevant users, with the trend rising sharply. At the state level alone, such as in Baden-Württemberg, over 60,000 teachers have already been successfully switched over. Overall, these figures indicate a noticeable, but by no means complete, trend reversal.

Switzerland presents a similar picture: Over the past ten years, the government has spent approximately 1.1 billion Swiss francs on Microsoft licenses. The corresponding subscription prices are rising continuously, which is increasing the financial pressure on public budgets and fueling the debate about alternatives.

Suitable for:

• Microsoft confirms under oath: US authorities can access European data despite EU clouds

Microsoft under oath – The illusion of the EU Data Boundary is shattered

The growing concern about digital autonomy is not only based on costs or technological dependence, but also on serious legal and power-political considerations. An event in June 2025 brought this latent uncertainty to the surface: During a public hearing before the French Senate, Anton Carniaux, Chief Legal Officer of Microsoft France, was asked under oath whether he could guarantee that data of French citizens stored in EU data centers would never be shared with US authorities without the consent of French authorities. His answer was unequivocal: No, he could not guarantee that.

This statement marks a turning point in the European debate on digital sovereignty. Carniaux confirmed that, in the event of a legally valid order under the US CLOUD Act, Microsoft is obligated to hand over data, regardless of where it is physically stored. Technical safeguards such as encryption, the EU Data Boundary Project, or regional storage therefore offer no protection against legal access by US authorities. Legal jurisdiction remains in the US, even if the servers are located in Europe.

The CLOUD Act, passed in 2018, allows US authorities to demand that American companies disclose data, regardless of where it is stored. This fundamentally contradicts the European General Data Protection Regulation (GDPR). Article 48 of the GDPR states that the transfer or disclosure of personal data to authorities of a third country is only permissible if it is based on an international agreement, such as a mutual legal assistance treaty. The CLOUD Act alone does not meet this requirement.

The European Data Protection Board has repeatedly emphasized that the CLOUD Act alone does not provide a sufficient legal basis for transferring personal data to the USA. If US companies comply with a CLOUD Act order without a corresponding MLAT basis, they violate the GDPR and risk substantial fines of up to four percent of their global annual turnover, as well as civil lawsuits.

Microsoft's EU Data Boundary, fully implemented in February 2025, promises to store and process customer data within the EU and the EEA. However, there are significant exceptions: In cases of cybersecurity threats, technical support during escalations, or certain AI and analytics services, data may be processed outside the EU. Technical storage in Europe does not protect against legal access under the CLOUD Act.

Vendor lock-in, price explosions, and the economic trap of dependency

In addition to the legal risks, dependence on US providers creates a massive economic problem. During periods of heightened political or economic tension, infrastructure access, service interruptions, or sudden price increases for licenses can be used as leverage. Over the past three years, for example, Microsoft licensing costs for the public sector have risen by an average of 30 percent, and for some product lines, the increase has been significantly higher.

In 2022, Microsoft increased the prices of its business products worldwide. Microsoft 365 Business Basic rose from five to six US dollars per user per month, and Microsoft 365 E3 from 32 to 36 US dollars. These price increases applied globally, with adjustments made for local markets. Such dynamic pricing, known as vendor lock-in, complicates any exit strategy and often results in calculated additional costs of 20 to 50 percent compared to similar open-source solutions.

Vendor lock-in refers to the technical and organizational dependence on a specific provider, which makes switching to alternative solutions extremely costly and complex. Migration costs, retraining, adjustments to business processes, and the risk of data loss or compatibility issues bind organizations to their existing provider long-term. This is especially true for complex IT landscapes with integrated systems, such as those common in public administrations.

Suitable for:

• The dangers of Vendor Lock-in: Why companies should avoid dependencies

OpenDesk as a strategic alternative – costs, architecture and benefits

OpenDesk isn't simply a free solution. While there are no ongoing license fees, significant initial investments are required for implementation, customization, and organization, including technical migration, training, and adapting the on-site IT infrastructure. This decision is therefore a long-term one: the longer the planning horizon and the larger the user base, the greater the economic potential of the open-source strategy. Estimates suggest that with a user base of 10,000 workstations or more, annual savings of between ten and twenty percent of previous operating costs can be achieved, while in the medium term, dependence on a single vendor systematically decreases.

OpenDesk thus offers significant strategic, organizational, and financial advantages, especially for larger, heterogeneous public sector organizations with their own IT resources. Key architectural features, such as the combination of modularly developed components like collaboration software, project management, cloud applications, and communication services from German or European manufacturers, offer additional synergies: adaptability, development transparency, security, and the integration of local software service providers are hardly achievable with proprietary US standard software.

Furthermore, OpenDesk prevents vendor lock-in, gives institutions full control over changes and further development through the published source code, and significantly reduces the likelihood of short-term price spikes or technical roadblocks. However, migrating to OpenDesk is demanding and requires considerable resources. Budget holders must consider additional costs beyond the purchase of licenses: legally compliant implementation costs, expert opinions for technical and legal implementation, data protection officers, security officers, and employee representatives.

The Data Protection Conference and its fundamental critique of Microsoft 365

In November 2022, the Conference of Independent Data Protection Authorities of the Federal and State Governments (DSK) published a damning assessment of Microsoft 365. Despite some changes in the data protection addendum, the DSK assessed the new Data Protection Addendum as only a minor improvement over the 2020 version. The DSK concluded that data controllers could not demonstrate compliance with data protection law by operating Microsoft 365 based on the data protection addendum provided by Microsoft on September 15, 2022.

The German Data Protection Conference (DSK) identified seven key criticisms: First, Microsoft's processing of personal data for its own purposes is opaque, and the legal basis under Article 6(1)(f) of the GDPR is not applicable. Second, the contracts with customers fail to clarify the types and purposes of data processing and the types of data processed. Third, it is unclear in which cases Microsoft acts as a data processor and in which as a data controller. Fourth, the specific data processed is not fully disclosed. Fifth, the customer's right to issue instructions regarding the disclosure of data processed on their behalf remains severely restricted. Sixth, Microsoft does not take appropriate measures to protect international data transfers, as required by the Schrems II ruling. Seventh, the transfer of data to third countries is problematic.

These criticisms have only been partially addressed even after several years and numerous discussions between Microsoft and data protection authorities. The new US Presidential Executive Order of October 2022 had not yet been incorporated into the assessment at the time of the evaluation. The DSK recommended that those responsible conduct a detailed risk analysis and weigh the existing risks.

Hesse and the conditional release – pragmatism or capitulation?

In November 2025, the Hessian Commissioner for Data Protection and Freedom of Information, Professor Dr. Alexander Roßnagel, published a roughly 120-page expert opinion concluding that Microsoft 365 can be used in Hesse in compliance with data protection regulations, but only under certain conditions. Since January 2025, Roßnagel's office had held approximately a dozen meetings with Microsoft representatives to discuss the seven points of criticism raised by the Data Protection Conference and had jointly arrived at solutions for how Microsoft 365 could be used in a data protection-compliant manner.

Roßnagel emphasized, however, that his agency had not conducted a technical examination of Microsoft's individual services. They simply lacked the personnel to do so, but they had satisfactorily resolved the fundamental data protection issues. It was crucial, he stressed, that users configure Microsoft services accordingly. The recommendations in his agency's approximately 120-page report would assist in this process.

Regarding the criticized data transfer to the USA, there is no longer anything to object to, also due to changes in European law. Microsoft has adjusted its data processing. However, this statement stands in stark contrast to the testimony of Anton Carniaux before the French Senate in June 2025, according to which Microsoft could not guarantee that EU data would not be passed on to US authorities.

According to Roßnagel, the positive result is also based on the expectation that Microsoft and the responsible bodies will work together to ensure that those responsible can use Microsoft 365 in compliance with data protection law. Therefore, the report concludes with recommendations for action for the responsible public and private bodies in Hesse. Based on these recommendations, responsible bodies can subject individual components of Microsoft 365 to a more in-depth data protection review for their specific use and, if successful, implement them in a data protection-compliant manner.

Critics, however, see this conditional approval as a pragmatic capitulation to reality. The lack of technical review of individual services and the focus on fundamental issues raise the question of whether legal certainty has truly been created or whether responsibility has merely been shifted onto individual users. Furthermore, the fundamental problem of the CLOUD Act remains, which cannot be resolved through contractual agreements.

Our EU and Germany expertise in business development, sales and marketing - Image: Xpert.Digital

Industry focus: B2B, digitalization (from AI to XR), mechanical engineering, logistics, renewable energies and industry

More about it here:

• Xpert Business Hub

A topic hub with insights and expertise:

• Knowledge platform on the global and regional economy, innovation and industry-specific trends
• Collection of analyses, impulses and background information from our focus areas
• A place for expertise and information on current developments in business and technology
• Topic hub for companies that want to learn about markets, digitalization and industry innovations

Bavaria and the billion-euro deal – A special path against the European trend

While digital sovereignty is being pursued at all political levels in Europe, the Bavarian state government is planning a move in the completely opposite direction. The so-called "Future Commission 5.0" of the Finance Ministry, under State Minister Albert Füracker, intends to convert the entire Bavarian administration to Microsoft 365. Nearly one billion euros in licensing fees would flow to the US corporation over the course of five years. What is unusual about the Bavarian project is that there is no public tender, no transparent evaluation of alternatives, and no involvement of the local IT industry.

The deal, dubbed the "Bavaria Agreement," is slated for completion by the end of 2025 and will serve as an enterprise agreement for state institutions. Later, it will also form the basis for a municipal agreement, granting cities and towns access to Microsoft 365. Specifically, the Microsoft 365 E5 package with Teams integration is planned. The Free State of Bavaria will create a centralized access point for Microsoft 365, sourced entirely from Microsoft's Azure cloud, without generating any added value for local businesses, creating jobs in Bavaria, or offering participation opportunities for small and medium-sized enterprises (SMEs), mid-sized companies, or large, successful Bavarian corporations.

The Bavarian State Ministry of Finance and Regional Development intends to implement this project, despite the considerable costs of nearly one billion euros spread over five years, without the normally required tendering process, by concluding a framework agreement. If services are then procured under this framework agreement, no further tendering is necessary. These plans, which have been the subject of controversial debate for some time, were brought back into the public spotlight by an open letter at the end of October 2025. The letter was initiated by numerous Bavarian IT companies and the Open Source Business Alliance, the Federal Association for Digital Sovereignty. It has already been signed by more than 100 prominent figures from business and politics.

The signatories of the open letter raise several fundamental concerns. First, the move deprives the regional software industry of crucial resources, thus weakening domestic providers. Second, data protection and security risks associated with US providers have not been adequately addressed. Third, a transparent decision-making process, including an analysis of alternatives and an independent evaluation, is lacking. Fourth, security risks arising from software monocultures are not being considered. Fifth, even open questions regarding GDPR compliance have not been sufficiently addressed in the preferential treatment of the US software company.

Particularly explosive: The Bavarian State Office for Information Technology Security had documented the risks of using Microsoft products based on a wide range of security-related incidents and obvious design flaws, citing reports from the US Cybersecurity and Infrastructure Security Agency. Despite these warnings from within its own state office, the implementation of this questionable concept is being maintained.

Peer Heinlein, founder and CEO of the Heinlein Group, emphasizes that it is completely incomprehensible that Bavaria wants to transfer billions in licensing fees abroad instead of ensuring the sustainable strengthening of local open-source software manufacturers and thus digital independence within its own borders. With targeted support for domestic software manufacturers, Bavaria could become a pioneer in digital sovereignty and sustainable IT.

Florian von Brunn, spokesperson for economic affairs, energy, and digital affairs for the SPD parliamentary group in the Bavarian State Parliament, expressed surprise that digital independence from the US and Trump played no role for the Söder government. He was also perplexed that such a contract was being awarded abroad without considering domestic companies. The opposition in the State Parliament also sharply criticized the planned deal and demanded transparency regarding the decision-making criteria, cost allocation, and risk assessment concerning data outflows to third countries.

The Bavarian Finance Ministry is remaining tight-lipped. In response to inquiries, the ministry merely stated that considerations regarding the use of Microsoft 365 were being conducted without a definitive target date. The core of these considerations is not the conclusion of a new major contract, but rather the further development of the existing contractual situation. They ask for understanding that no further details can be provided at this time. This lack of transparency is further fueling the criticism.

With this approach, Bavaria is virtually alone in Germany. While Schleswig-Holstein decided to phase out Microsoft products and switch to open-source solutions back in 2018, Baden-Württemberg migrated over 60,000 teachers to OpenDesk, and even the German Armed Forces and the public health service are committed to digital sovereignty, Bavaria is taking the opposite approach. The city of Munich, also located in Bavaria, is strategically planning to migrate to open-source solutions and sovereign clouds to reduce its dependence on US providers.

Suitable for:

• Safe cloud and digital sovereignty in Europe: Are Microsoft's investments in Europe data -proof?

From symbolic case to political movement – ​​OpenDesk as a catalyst for European autonomy

The International Criminal Court's decision is already being seen as a model by other authorities and institutions. A growing number of German state administrations, major ministries, municipal organizations, and, not to be underestimated, the German Armed Forces and the public health service are relying on OpenDesk. The combined market power of public sector clients, supported by strategic alliances such as the Center for Digital Sovereignty, is increasingly generating leverage: every additional user, every additional government stake, and every expansion of the application area strengthens the entire European IT ecosystem.

Pilot projects have shown that OpenDesk's tailored operating models help meet the specific requirements of small municipalities as well as complex security regulations in the defense or justice sectors. This systemic change also counteracts the looming loss of expertise among domestic software providers, who have so far been largely unable to participate in the multi-billion-euro digitalization initiative.

However, the question of political priority and perseverance remains open. Despite advanced technology and proven economic viability, some German states and the federal government continue to hesitate to move from mere pilot projects to full-scale implementation. Political implementation appears too complex, the inertia of established administrative structures too great, and the willingness to treat a strategic IT issue as a national project still too limited.

Europe between digital awakening and geopolitical constraints

This reveals the true dimension of the current development: Digital sovereignty in Europe has long since ceased to be an abstract IT or administrative issue; it is the core of a strategy for protecting economic growth, innovation, societal resilience, and democratic capacity. The struggle for control over data, software, and infrastructure will determine whether Europe's economy will operate autonomously in the future or become a geopolitical pawn of external powers.

Political pressure to strengthen open standards and European software is increasing rapidly, fueled by massive investments in proprietary cloud solutions, data protection standards, marketplaces for independent IT service providers, and targeted regulatory interventions such as the Interoperable Europe Act and Gaia-X, as well as new procurement rules for the public IT sector. The European Union has recognized that technological dependence leads to political blackmail.

However, this is not a one-way street either: complete technological autarky is neither realistic nor desirable in light of the global division of labor and the dynamics of international innovation. Rather, Europe's model of digital sovereignty stems from a balance of independence, partnership, and targeted regulation, driven by political frameworks, economic steering mechanisms, and the active shaping of technical standards at the global level.

The economic dimension of digital dependency

The economic costs of digital dependency extend far beyond direct licensing fees. In addition to the aforementioned 57 percent cost increase at the federal level between 2017 and 2024, hidden costs arise from limited bargaining power, a lack of control over product development, and insufficient opportunities to adapt to specific needs. The added value flows almost entirely to US corporations, while European software service providers can barely participate.

The planned Bavarian Microsoft contract exemplifies this problem: Almost one billion euros of public funds will flow to a US corporation over five years without any benefit to Bavarian or German companies. This sum could have been used to build a sustainable European IT infrastructure, create jobs in Bavaria, and strengthen digital sovereignty. Instead, dependencies will be deepened and the regional economy weakened.

Furthermore, there is the economic dimension of data sovereignty. If sensitive data from public administrations, healthcare facilities, or critical infrastructure are effectively under the control of foreign jurisdictions, this creates not only data protection risks but also strategic vulnerabilities. In a crisis, data leaks, access restrictions, or targeted manipulation could severely impair the ability of state institutions to function.

Migrating to OpenDesk and other European solutions is therefore not just a matter of cost savings, but a strategic investment in resilience, agility, and technological sovereignty. The long-term economic benefits of a strengthened European IT industry, reduced dependencies, and increased resilience to crises far outweigh the short-term conversion costs.

Suitable for:

• Strategic understanding questions: Data center versus factory? Fast & risky versus slow & stable?

Transparency, control and the limits of proprietary systems

A key problem with proprietary software solutions lies in their lack of transparency. Users don't know exactly which data is processed for which purposes, which security measures are actually implemented, and whether hidden backdoors exist. This is especially true for complex cloud platforms like Microsoft 365, which consist of over 400 individual services.

The Data Protection Conference has repeatedly criticized Microsoft for not being sufficiently transparent about which personal data it processes for its own purposes. This lack of transparency prevents verification of whether all steps of Microsoft's data processing are lawful. Even after intensive negotiations between data protection authorities and Microsoft, these transparency deficits have only been partially remedied.

Open-source solutions like OpenDesk offer a fundamental advantage here: The source code is publicly accessible, allowing security experts to review the code, identify vulnerabilities, and suggest improvements. This transparency builds trust and enables genuine control over one's own IT infrastructure. Furthermore, customizations and extensions can be implemented without vendor lock-in.

Legal grey areas and the limits of the Data Protection Framework

The EU-US Data Privacy Framework, which came into force in July 2023, was intended to create a legally sound basis for data transfers to the US after the failure of Safe Harbor and Privacy Shield. US companies can self-certify by registering with the US Federal Trade Commission and committing to comply with the DPF requirements. This self-commitment must be renewed annually.

However, the DPF is also subject to criticism, because even with the DPF in place, US laws, especially FISA 702 and the CLOUD Act, remain in effect, potentially granting US authorities access rights. Key criticisms include unclear and unilaterally changeable commitments made by the US government outside the US legal system. Furthermore, the newly appointed PCLOB, the US arbitration panel for the DPF, is not truly independent following its appointment by the US president. US authorities could potentially gain access to EU data even without the involvement of European bodies.

A particularly critical issue is that affected companies or users are not always allowed to be informed when their data has been disclosed. The CLOUD Act permits so-called confidentiality agreements. Microsoft's own transparency reports show that data is regularly handed over following government requests, even if this data is still rarely European business data. In fact, there are currently no documented cases in which US authorities have specifically accessed data from European companies within the EU. However, this may also be due to confidentiality obligations: According to the CLOUD Act, companies are often not even allowed to disclose that they have been required to disclose data.

The geopolitical dimension of digital infrastructures

Control over digital infrastructures has become a key instrument of geopolitical power. Microsoft's blocking of the ICC chief prosecutor's email access under pressure from the US government is just one example of how technical control can be translated into political power. In an increasingly digital world, control over communication infrastructures, cloud platforms, and operating systems means the ability to steer, monitor, or disrupt information flows.

The US recognized this strategic dimension of digital technologies early on and actively promoted it. Due to the dominant position of American tech companies, the US has far-reaching influence over global data flows and digital infrastructures. This is evident not only in the CLOUD Act, but also in the close cooperation between US intelligence agencies and tech companies, which was made public by the Snowden revelations.

Europe has long underestimated this development. Digitization was primarily viewed as an efficiency gain and a modernization project, not as a strategic question of sovereignty and the ability to act. The current debate surrounding OpenDesk, digital sovereignty, and European cloud solutions marks a paradigm shift: Digital infrastructures are now understood as a critical resource, the control of which is crucial for political and economic self-determination.

European alternatives and the challenges of reconstruction

Building European alternatives to US-dominated platforms is a challenging undertaking. Besides OpenDesk, there are numerous other initiatives such as Gaia-X for cloud infrastructures, the European Digital Innovation Hub, and national projects for secure communication platforms. However, these projects face significant challenges: a lack of economies of scale, limited resources, fragmented markets, and established user habits hinder market entry.

Furthermore, European providers compete with established global corporations that possess enormous financial resources, sophisticated marketing, and deep integration into existing IT landscapes. The network effect plays a crucial role here: the more users a platform has, the more attractive it becomes to additional users. This self-reinforcing mechanism has contributed to the dominant position of the major US tech companies and significantly hinders market entry for new providers.

Nevertheless, the successes of OpenDesk in Baden-Württemberg, in the public health service, and in the German Armed Forces demonstrate that migrating to European solutions is feasible. Crucial factors are political will, sufficient resources, clear migration plans, and the willingness to accept short-term conversion costs in exchange for long-term strategic advantages.

The role of the public sector as a catalyst

The public sector plays a key role in promoting European alternatives. Its enormous market power as a consumer of IT services allows it to provide crucial impetus. If federal agencies, state administrations, and municipalities systematically rely on open-source solutions and European providers, a stable market will emerge that attracts private investment and fosters innovation.

Procurement rules can be designed to favor European suppliers, provided they offer equivalent services. Interoperability standards can be mandated to prevent vendor lock-in. Investments in research and development can specifically promote European IT projects. This strategic industrial policy is not protectionism, but a necessary measure to protect critical infrastructure and safeguard digital sovereignty.

The International Criminal Court's migration to OpenDesk sends a powerful signal: if even international institutions that rely on the highest reliability and security take this step, others can follow. The signal effect is enormous and could trigger a domino effect.

Suitable for:

• A high song in Germany and the EU - why they need themselves to be able to survive against the USA and China

From vendor lock-in to freedom: A turning point with an open outcome

The International Criminal Court's switch to OpenDesk is an economic, political, and symbolic warning sign for all of Europe. It marks the beginning of a comprehensive paradigm shift: away from almost complete dependence on US platforms and toward systematically developed, public, modular IT solutions of European origin. The decisive factors here are not solely the short-term licensing and operating costs, but especially the resulting autonomy, the strengthening of regional value chains, the protection of sensitive data, and the regaining of innovation and negotiating power against global corporate interests.

Microsoft's sworn statement that EU data cannot be protected from US access has definitively shattered the illusion of an EU data boundary. The fundamental conflict between the US CLOUD Act and the European General Data Protection Regulation (GDPR) cannot be resolved through contractual agreements or technical measures. As long as European institutions rely on US providers, they will remain subject to US jurisdiction.

The conditional approval of Microsoft 365 by the Hessian Data Protection Commissioner illustrates the pragmatic difficulty of the transition. On the one hand, there is enormous pressure to maintain existing IT infrastructures and not jeopardize the operational capacity of public authorities and companies through rigid prohibitions. On the other hand, the fundamental data protection and sovereignty risks remain. The solution can only lie in a gradual but determined transition to European alternatives.

Bavaria's exceptional approach exemplifies this dilemma. While the rest of Europe and Germany are increasingly focusing on digital sovereignty and European solutions, Bavaria is planning a billion-euro investment in Microsoft products without a tender process, without risk analysis, and without involving the Bavarian IT industry. This decision not only contradicts the European trend but also ignores warnings from its own state IT security agency and the fundamental concerns of the Data Protection Conference. The open letter from over 100 signatories in business and politics demonstrates the extent of the resistance to this course of action.

It remains to be seen whether this will lead to a broad and sustainable reversal of the trend. The technological, organizational, and economic transformation toward digitally sovereign infrastructures is demanding, fraught with conversion and learning costs, but also economically viable and strategically necessary. Only if this path is pursued consistently and with political foresight can Europe maintain and, ideally, expand its digital capabilities in the international competition for crisis and innovation. The groundwork for this has now been visibly laid for the first time. The decision as to whether Europe consistently follows this path or remains mired in dependency and inaction will be made in the coming years. Bavaria exemplifies the temptation to take the easy way out of continued dependency. The rest of Europe demonstrates that another path is possible.

Independent AI platforms as a strategic alternative for European companies - Image: Xpert.Digital

Ki-Gamechanger: The most flexible AI platform-tailor-made solutions that reduce costs, improve their decisions and increase efficiency

Independent AI platform: Integrates all relevant company data sources

• Fast AI integration: tailor-made AI solutions for companies in hours or days instead of months
• Flexible infrastructure: cloud-based or hosting in your own data center (Germany, Europe, free choice of location)

• Highest data security: Use in law firms is the safe evidence
• Use across a wide variety of company data sources
• Choice of your own or various AI models (DE, EU, USA, CN)

More about it here:

• Independent AI platforms vs. hyperscalers: Which solution is right for you?

Konrad Wolfenstein

I would be happy to serve as your personal advisor.

contact me under Wolfenstein ∂ Xpert.digital

call me under +49 89 674 804 (Munich)

LinkedIn
 

Benefit from Xpert.Digital's extensive, fivefold expertise in a comprehensive service package | R&D, XR, PR & Digital Visibility Optimization - Image: Xpert.Digital

Xpert.Digital has in-depth knowledge of various industries. This allows us to develop tailor-made strategies that are tailored precisely to the requirements and challenges of your specific market segment. By continually analyzing market trends and following industry developments, we can act with foresight and offer innovative solutions. Through the combination of experience and knowledge, we generate added value and give our customers a decisive competitive advantage.

More about it here:

• Use the 5x expertise of Xpert.Digital in one package - starting at just €500/month