Digital dependency: Plattner emphasizes detour to sovereignty

Contents

"For BSI boss Claudia Plattner, it is "unrealistic" that we can do everything ourselves in the short term. This is causing discussion. The news agency dpa ran the headline: Digital sovereignty unattainable for Germany for the time being.

Reason enough for the President to clarify: "It is the task of the state to enable the safe use of all these products, many of which are currently manufactured outside of Europe." However, this does not mean "that we at the BSI consider Europe's digital sovereignty to be unattainable. I firmly reject such reports, I never said that," emphasized Plattner in another dpa interview last weekend. But what exactly does the head of the BSI mean?

Without Amazon's AWS, Microsoft's Azure and Google Cloud, there is a risk of IT collapse in Germany. The fact that this could be a problem is nothing new. Several federal governments have already tried to become less dependent – with limited success. The BSI President's analysis is therefore undisputed among experts.

BSI wants to nurture domestic providers

There is still a long way to go, but the first steps are visible. "We are no longer dependent on the Americans as we were ten years ago," says Achim Weiß, CEO of Ionos, in an interview with heise online. His company is one of those that would foreseeably benefit from greater independence from US providers. It is part of one of two strands that the BSI is pursuing with regard to digital sovereignty: cooperation with European providers.

Ionos is currently developing a separate enterprise cloud environment – for the Federal IT Service Center (ITZBund) in coordination with the BSI, which is the authority responsible for IT security in the federal administration. The pilot project is due to be completed in the first quarter of 2026. As with Ionos, the BSI is also working closely with German providers in other areas, such as StackIT from Schwarz Digits, the German IT provider that is part of the Lidl-Kaufland Group. A joint development of sovereign cloud solutions is set to become more concrete in early 2026.

Such projects are currently politically desirable. Digital Minister Karsten Wildberger (CDU), for example, regularly warns against burying one's head in the sand and instead working more on solutions and innovations. The BSI's work in the area of security standards for open source software and assistance with Microsoft software alternatives such as the Office365 alternative OpenDesk is also wanted.

US providers to be kept on board

But are these serious independence efforts? Or fig leaves, while the dependency on US providers in particular is effectively cemented? EU customers fear that the US president could order access to customer data from US companies, a spy scenario. Or could use sanction powers to prohibit US companies from providing their services to recalcitrant states in the short term. The second strand of the BSI strategy would at least help against the espionage scenario: enabling use and effectively preventing access.

As part of a cooperation agreement with Google, the BSI is investigating whether and, if so, how the company's cloud services could also be used by government agencies using encryption methods. The aim is to find out by 2026. Together with cloud giant Amazon, the BSI is also trying to find out how standards and validation procedures for local data centers can be transferred to cloud environments. The first results are also due to be presented to the public in 2026. One special cooperation project is the MSSC: the Microsoft Sovereign Cloud, in which an Azure cloud outside of Microsoft is to be operated on Delos infrastructure, initially for test purposes. The project is expected to deliver results by the end of 2026. But what's the point of all these cooperation agreements if it's all about independence from them? Only the President of the Federal Office for Information Security herself can answer that.

BSI investigates hyperscaler technology

Isn't this the way to perpetuate the vendor lock-in with the major providers? "On the contrary," says Claudia Plattner when asked by heise onlines. Above all, her BSI would gain a "profound technical understanding of how hyperscaler offerings work" through these collaborations. "In this way, we put ourselves in a position to prepare well-founded migration scenarios and implement them if necessary." The BSI President also sees the cooperation as covering sovereignty efforts. Claudia Plattner says: "In combination with uniform security requirements and high demands on interoperability, provider changes will be possible efficiently and quickly."

Whether the IT security authority's cooperation with US cloud providers is actually necessary for better exit options is a matter for further discussion. Ionos Managing Director Achim Weiß does not dispute the fact that offers from European competitors are still far from being ready to replace everything. He takes a differentiated view: "German SMEs don't need a satellite downlink station, there are enough solutions for normal workloads." In terms of feature diversity, everyone, not just the Europeans, but also Microsoft and Google, are currently only in the second league: Amazon is playing in its own league here. Weiß calls for standards for interoperability in order to prevent lock-in effects for individual providers. These should be defined jointly by the willing providers - and demanded by the public sector, i.e. federal, state and local authorities, when tendering for services.

The BSI will have to play its part in this: The IT security authority in Bonn will decide which IT security requirements must apply to cloud services and who can fulfill them in the first place. However, if the BSI ultimately approves the solutions with US providers, Chinese providers are also likely to ask for a reconsideration.

(ds)