When Critical Services Go Dark:
Risk Audit and Contingency Planning
A French judge at the International Criminal Court tries to book a hotel room. He hands over his credit card. Declined. The second card. Declined. Both cards from European banks, both accounts funded — but payment processing runs through Visa and Mastercard. American networks. American rules.
The judge appears on a US sanctions list. Not for committing a crime. Because he works for a court that Washington considers a threat.
He cannot rent a car. Cannot shop online. He lives and works in Europe, but his economic life has ground to a halt overnight — because the infrastructure carrying it is American.
He reaches for his iPhone to call his bank. Then the realisation: the device in his hand is from Cupertino, California. His contacts are in iCloud. The banking app came from the App Store. Even the tool he is reaching for to solve the problem belongs to the same supply chain that just failed him.
He is a judge, not a business owner. But the infrastructure that failed him is the same infrastructure on which European companies run their entire operations.
What has changed
Until recently, dependence on US technology was a theoretical risk. Something that appeared in strategy papers and was acknowledged with a nod in board meetings. That has changed — not through a single decision, but through a shift in the rules of the game.
Three legal instruments make the dependence operationally relevant now:
The CLOUD Act gives US authorities access to data stored by US companies — anywhere in the world. The Defense Production Act allows the president to compel companies to hand over technology. And a supply-chain risk designation can sever a company from the entire US ecosystem overnight — as demonstrated by the cases of Huawei and Kaspersky.
None of these instruments is new. What is new is that the threshold for their use has dropped. The dismissal of the oversight bodies charged with supervising the EU-US Data Privacy Framework. Tariff decisions taken at short notice without consulting trade partners. The expansion of sanctions regimes to include allies. Anyone whose business planning rests on political predictability in Washington is planning on an assumption that can no longer be substantiated.
The consequence is already visible: according to a Gartner survey, 61 % of Western European CIOs plan to reduce their dependence on US cloud providers. Digital sovereignty is no longer a conference buzzword. It is a procurement decision.
The chain no one sees
Most businesses have no idea how deep their dependence runs. They see Microsoft 365 and think: email. But the dependence is a chain — and when one link breaks, everything breaks.
It starts at the least visible point.
Identity — the master switch. Entra ID (formerly Azure AD) manages all user accounts and access rights in most organisations. This one service decides who can log in where. If it fails, no one gets in. To any system. No email. No file access. No VPN. No line-of-business application. Everything that follows hangs on this single point.
Operating systems. Windows runs on the majority of corporate desktops. macOS and iOS dominate in many industries. Both require ongoing licensing. Without updates: security liability. Without a licence: unusable.
Productivity. Microsoft 365 bundles email, calendaring, files, intranet and chat. Every document, every email, every calendar entry — all with a single US provider. Lose access, and you do not lose a tool. You lose the foundation of work.
Cloud and backups. Infrastructure on AWS, Azure or GCP. Backups on S3, Glacier or OneDrive. If access is cut, it is not just production that goes down — the backups go with it, because they sit with the same provider.
Communications. Teams, Zoom, Slack. If you cannot communicate, you cannot coordinate. Cannot decide. Cannot respond.
Payment processing. Visa and Mastercard process the majority of European card transactions. As the judge’s case shows: US sanctions can block payment processing within Europe. Not in theory. In documented fact.
And here is the critical insight: these dependencies are not isolated. They are chained. Entra ID authenticates access to Microsoft 365. Microsoft 365 runs on Azure. The backups sit on Azure. Communications run through Teams — which also runs on Azure. A single licence revocation, a single sanctions decision can break this entire chain.
It is not one system that fails. The system fails.
What is no longer theoretical
In March 2022, Microsoft cut Russian companies off overnight. Licences, cloud services, updates — gone from one day to the next. Iranian users have been cut off from Google services, Apple features and cloud platforms for years.
For European businesses, this seems unthinkable. But the mechanism exists, it has been deployed, and the threshold for its use has dropped. What was once reserved for extreme crises has become an instrument that can be activated at short notice and without warning.
Then the economic variant: Broadcom multiplied licensing costs for European cloud providers tenfold after acquiring VMware. Perpetual licences abolished, subscription model enforced. Vendor lock-in makes this possible: anyone whose entire infrastructure runs on one platform cannot switch in weeks. Unilateral price changes are not the exception — they are the business model.
And then the quiet variant: Google has shut down more than 290 products. Without warning. The decision to continue a service rests with the provider — not the customer.
None of these scenarios requires a war or a crisis. A contract amendment, a sanctions decision or a business decision in a jurisdiction you do not control is enough.
The risk is not that one of these scenarios materialises. The risk is that none of them has a contingency plan.
The contingency plan
The terminology comes from disaster recovery. It applies directly:
Hot Standby — a fully functional alternative runs in parallel. In an emergency: immediate switchover.
Pilot Light — the alternative is configured and tested but not in production use. Activation: hours to days.
Documented Plan — the alternative has been identified and the migration path documented, but nothing is built. Activation: weeks to months.
For every critical dependency, at least a Pilot Light should exist. The effort is manageable — the cost of an emergency without preparation is not:
| Dependency | Risk on failure | Pilot Light (minimum) |
|---|---|---|
| Entra ID | No logins possible | Sovereign identity provider (Keycloak/LDAP) configured, sync tested |
| Windows | Desktops unusable | Linux images created, deployment tested on pilot group |
| Microsoft 365 (email) | No email traffic | Sovereign mail server configured, DNS switchover prepared |
| Microsoft 365 (documents) | File access lost | LibreOffice / Collabora installed, compatibility tested |
| Teams / Zoom | Communications failure | Matrix/Element server deployed, accounts provisioned |
| AWS / Azure / GCP | Infrastructure lost | Account with European cloud provider, baseline configuration in place |
| Backups (S3/Glacier) | Data loss | Regular backup export to sovereign storage tested |
| Apple (iOS/macOS) | Devices become obsolete, apps blocked | Device management plan for Android/Linux prepared |
| Payment processing | Transactions blocked | SEPA direct debit active, contracts with EU payment service provider |
Some European institutions are already further along. France has migrated 500,000 agents across 15 ministries to Visio, a sovereign alternative to Zoom. Austria’s military runs on open-source services. The EU Commission communicates via Matrix. The European Parliament voted 471 to 68 in January 2026 for an “open source first” resolution.
The alternatives exist. They work. At governments and armed forces whose security requirements exceed those of most businesses. The question is not whether they work. The question is whether they are ready at yours in time.
Why now
A Microsoft 365 migration typically takes 6 to 18 months. A cloud migration 12 to 24 months. An identity provider switch 3 to 12 months. A desktop operating system migration 12 to 36 months.
These are timeframes for orderly projects under normal conditions. With budget, with staff, with a functioning day-to-day business.
Anyone who starts after the emergency has none of these timeframes.
Instead: employees arriving at the office on Monday morning unable to log in. Customers receiving no response. Suppliers receiving no invoices. Contracts falling through because the systems used to manage them are gone.
A Pilot Light fundamentally changes this calculus. It reduces activation time from months to days — the difference between an orderly transition and operational paralysis.
What to do
Five steps. None of them requires replacing US technology. Each of them ensures you could, if you had to.
1. Map your dependencies. Not just the obvious ones — Microsoft, Google, Amazon. Also the layers beneath: DNS providers, certificate authorities, CDN providers, payment processors. Everything whose failure would stop operations.
2. Prioritise the risks. What brings operations to an immediate halt? What is survivable? The answer to the first question determines where contingency planning begins.
3. Document alternatives. For every critical dependency: what is the alternative? How is it activated? Who is responsible? A plan that no one knows about is not a plan.
4. Launch pilot projects. The three most critical dependencies. Real conditions, real users, not paper. The experience from a single pilot is worth more than any strategy document.
5. Test annually. A contingency plan that is never tested is not a contingency plan. Simulate the failure of a critical service. What comes to light is what will determine your organisation’s ability to act when it matters.
What this article is not
This article does not recommend avoiding US technology. It is factual, not partisan. US providers deliver the most capable products on the market in many areas. Businesses that use them are acting in economically rational self-interest.
But it is equally rational to treat dependence on a single provider, a single jurisdiction or a single payment system for what it is: an operational risk. One that can be managed — but only if you start before it becomes acute.
Anyone who waits until the emergency to look for alternatives does not find alternatives. They find chaos.
The tools — open source, sovereign cloud infrastructure, open standards — are mature and available. What most businesses lack is not the technology. What they lack is the decision.
The French judge whose credit cards stopped working, who reached for his iPhone and realised that even the iPhone is American — he had no choice. He appeared on a list, and the infrastructure failed. Across the board.
European businesses still have a choice today. The question is, for how long.
Sources
- Executive Order: Imposing Sanctions on the International Criminal Court (Federal Register, Feb. 2025)
- Digital Sovereignty – Build vs. Buy (UC Today, Feb. 2026)
- Microsoft suspends new sales in Russia (Microsoft, March 2022)
- Euro cloud body says Broadcom licensing unfair (The Register, May 2025)
- Killed by Google: Directory of discontinued Google services
- Trump’s sacking of PCLOB members threatens data privacy (Lawfare, Jan. 2025)
- Europe votes to tackle deep dependence on US tech (Computerworld, Jan. 2026)
- LaSuite: The sovereign productivity suite of the French government
- Pentagon vs. Anthropic: A Strategic Analysis (digital-independence.org, Feb. 2026)
Topic overview: Cloud and Infrastructure