digital independence
Factos, não propaganda.
Open Source avaliado com honestidade e sem política.
EN DE FR PT ES IT NL PL

Verificação de Factos

Every verifiable claim across all articles — extracted, categorised, and open for review.

Fact checks are only available in English.

Each row lists one verifiable claim from our articles. The Trust column shows our confidence based on source quality. Numbered source references link to the original evidence. Found an error? Click the flag icon at the end of any row to email our editorial team, or write to editorial@digital-independence.org directly.
ClaimArticleTypeTrustSources
On 22 January 2026, the European Parliament voted 471 to 68 for a resolution calling on Europe to break free from US tech dependencydigital-sovereignty-europeopening paragraphstatistic100%1 2 3
EPP, Social Democrats, Liberals, Greens all voted in favour of the resolutiondigital-sovereignty-europeopening paragraphorganizational100%1 2 3 4
Polish MEP Michał Kobosko said 'If we do not act now, we risk becoming a digital colony.'digital-sovereignty-europeopening paragraphquote100%1 2 3
Three providers under a single jurisdiction hold 70% market sharedigital-sovereignty-europeopening paragraphstatistic100%1 2 3
Over 80% of digital products, services, and infrastructure used in the EU come from providers outside Europedigital-sovereignty-europesecond paragraphstatistic100%1 2 3
Amazon, Microsoft, and Google control around 70% of the European cloud marketdigital-sovereignty-europesecond paragraphstatistic100%1 2 3
European providers account for roughly 15% of the European cloud marketdigital-sovereignty-europesecond paragraphstatistic100%1 2 3
Installed European data centre capacity stands at 16 gigawatts of IT loaddigital-sovereignty-europesecond paragraphstatistic100%1 2 3
US data centre capacity is 48 gigawatts of IT loaddigital-sovereignty-europesecond paragraphstatistic100%1 2 3
China data centre capacity is 38 gigawatts of IT loaddigital-sovereignty-europesecond paragraphstatistic100%1 2 3
European organisations spend an estimated €265 billion annually on non-European digital products and servicesdigital-sovereignty-europesecond paragraphfinancial100%1 2 3
Digital sovereignty has been on the agenda since the Snowden revelationsdigital-sovereignty-europeparagraph after Parliament vote introdate100%1 2 3
Digital sovereignty became an EU policy priority since the von der Leyen Commission (2019)digital-sovereignty-europetooltip on digital sovereigntydate100%1 2
In 2013, former NSA contractor Edward Snowden revealed global surveillance programmesdigital-sovereignty-europetooltip on Snowdendate100%1 2 3
Snowden revealed programmes including PRISM, XKeyscore, and surveillance of Merkel's phonedigital-sovereignty-europetooltip on Snowdentechnical100%1 2 3 4
Snowden revelations triggered the Schrems I ruling and accelerated GDPR adoptiondigital-sovereignty-europetooltip on Snowdenlegal100%1 2 3
2025 produced more concrete outcomes than the twelve years before it combineddigital-sovereignty-europeparagraph after Parliament vote introeditorial100%1 2
In February 2026, Friedrich Merz delivered his opening speech at the Munich Security Conferencedigital-sovereignty-europeThe Munich Speechdate100%1 2 3
The Munich Security Conference has been held annually since 1963digital-sovereignty-europetooltip on MSCdate100%1 2 3
The 2026 Munich Security Conference theme was 'Under Destruction'digital-sovereignty-europetooltip on MSCorganizational100%1 2 3
Merz said: 'Nobody forced us into the excessive dependency on the United States in which we recently found ourselves. This lack of autonomy was self-inflicted.'digital-sovereignty-europeThe Munich Speechquote100%1 2 3
Merz said: 'Competition policy is security policy, and security policy is competition policy. That is precisely why we want to be drivers of progress in future technologies.'digital-sovereignty-europeThe Munich Speechquote100%1 2 3
Merz's predecessor did not publicly classify Europe's technological dependency as a security policy failure in 16 yearsdigital-sovereignty-europeThe Munich Speecheditorial100%1 2
On 18 November 2025, the summit on European digital sovereignty took place in Berlindigital-sovereignty-europeThe Berlin Summitdate100%1 2
Germany and France issued the invitation for the Berlin summitdigital-sovereignty-europeThe Berlin Summitorganizational100%1 2 3
All 27 EU member states sent representatives to the Berlin summitdigital-sovereignty-europeThe Berlin Summitorganizational100%1 2 3
Over 900 attendees from politics, industry, and research attended the Berlin summitdigital-sovereignty-europeThe Berlin Summitstatistic100%1 2 3 4
Macron called Europe a 'vassal' of US and Chinese techdigital-sovereignty-europeThe Berlin Summitquote100%1 2 3
Macron said: 'We don't want to be the client of the big entrepreneurs or the big solutions being provided from the US or from China. We clearly want to design our own solutions.'digital-sovereignty-europeThe Berlin Summitquote100%1 2 3
Merz said: 'Digital sovereignty means the ability to shape technology across the entire value chain in line with European interests and needs.'digital-sovereignty-europeThe Berlin Summitquote100%1 2 3
12 billion euros in private sector investment commitments were made at the Berlin summitdigital-sovereignty-europeThe Berlin Summitfinancial100%1 2 3 4
ESTIA (European Sovereign Tech Industry Alliance) was founded at the Berlin summitdigital-sovereignty-europeThe Berlin Summitorganizational100%1 2 3
ESTIA founding members include Airbus, Dassault Systèmes, Deutsche Telekom, Orange, and OVHclouddigital-sovereignty-europeThe Berlin Summitorganizational100%1 2 3
ESTIA official launch is planned for 2026digital-sovereignty-europetooltip on ESTIAdate100%1 2 3
openDesk Version 1.0 was released in 2024digital-sovereignty-europetooltip on openDeskdate100%1 2 3
A Digital Commons-EDIC was established with Germany, France, the Netherlands, and Italydigital-sovereignty-europeThe Berlin Summitorganizational100%1 2 3
The Parliament's report on technological sovereignty passed with a 471-to-68 margindigital-sovereignty-europeThe Parliament Votestatistic100%1 2 3
The Parliament resolution calls for an 'Open Source first' approach in public procurementdigital-sovereignty-europeThe Parliament Votelegal100%1 2 3
The 'Public Money, Public Code' initiative is by the Free Software Foundation Europe (FSFE)digital-sovereignty-europetooltip on PMPCattribution100%1 2 3 4
'Public Money, Public Code' is supported by over 200 organisations and administrationsdigital-sovereignty-europetooltip on PMPCstatistic100%1 2 3
The FSFE (Free Software Foundation Europe) has existed since 2001digital-sovereignty-europetooltip on FSFEdate100%1 2 3
The Parliament resolution calls for a Sovereign Tech Fund of 10 billion eurosdigital-sovereignty-europeThe Parliament Votefinancial100%1 2 3
The resolution calls for a Cloud and AI Development Act to triple the EU's computing capacity within seven yearsdigital-sovereignty-europeThe Parliament Votelegal100%1 2 3
The European Parliament's reports are non-binding — implementation rests with the Commission and the member states.digital-sovereignty-europeThe Parliament Votelegal100%1 2 3
openDesk was developed by the Centre for Digital Sovereignty (ZenDiS)digital-sovereignty-europeWhat Is Actually Being Builtorganizational100%1 2 3 4
openDesk integrates Nextcloud, Open-Xchange, Collabora, Jitsi, and Elementdigital-sovereignty-europeWhat Is Actually Being Builttechnical100%1
openDesk Version 1.0 has been running since October 2024digital-sovereignty-europeWhat Is Actually Being Builtdate100%1 2 3
LaSuite is developed by the Interministerial Directorate for Digital Affairs (DINUM)digital-sovereignty-europeWhat Is Actually Being Builtorganizational100%1 2 3 4
DINUM is the Direction interministérielle du numérique, which coordinates IT strategy across all French ministriesdigital-sovereignty-europetooltip on DINUMorganizational100%1 2 3
The Netherlands is combining components from openDesk and LaSuite under the name MijnBureaudigital-sovereignty-europeWhat Is Actually Being Builtorganizational100%1 2 3
The three platforms (openDesk, LaSuite, MijnBureau) can federate with each otherdigital-sovereignty-europeWhat Is Actually Being Builttechnical100%1 2 3
Gaia-X, the Franco-German flagship project for sovereign cloud infrastructure, was launched in 2019digital-sovereignty-europeWhy Scepticism Is Warranteddate100%1 2 3
US salaries are approximately 50% higher than in Western Europe (OECD)digital-sovereignty-europetooltip on talent drainstatistic100%1 2 3
Notable open-source forks include LibreOffice, Nextcloud, MariaDB, and Valkeydigital-sovereignty-europetooltip on forktechnical100%1 2 3
The EU AI Act is regulation EU 2024/1689digital-sovereignty-europetooltip on AI Actlegal100%1 2 3
The AI Act is the world's first comprehensive AI regulationdigital-sovereignty-europetooltip on AI Actlegal100%1 2 3
The AI Act defines four risk levels: unacceptable, high, limited, minimaldigital-sovereignty-europetooltip on AI Actlegal100%1 2 3
The AI Act has phased implementation from February 2025 to August 2027digital-sovereignty-europetooltip on AI Actdate100%1 2 3
The Data Act is regulation EU 2023/2854digital-sovereignty-europetooltip on Data Actlegal100%1 2 3
The Data Act is applicable from 12 September 2025digital-sovereignty-europetooltip on Data Actdate100%1 2 3
The GDPR is regulation EU 2016/679digital-sovereignty-europetooltip on GDPRlegal100%1 2 3
The GDPR has been applicable since 25 May 2018digital-sovereignty-europetooltip on GDPRdate100%1 2 3
The highest GDPR fine was Meta, €1.2 billion in 2023digital-sovereignty-europetooltip on GDPRfinancial100%1 2 3 4
The Berlin summit called for a 12-month postponement of the AI Act's high-risk provisionsdigital-sovereignty-europeWhy Scepticism Is Warrantedlegal100%1 2 3
Analysts estimate a decade or more for a meaningful overhaul of European digital infrastructuredigital-sovereignty-europeWhy Scepticism Is Warrantedstatistic100%1 2 3
The Data Act is applicable from September 2025digital-sovereignty-europeWhat Followsdate100%1 2 3
Data Act switching fees disappear in January 2027digital-sovereignty-europeWhat Followsdate100%1 2 3
The EUDIW (European Digital Identity Wallet) operates under eIDAS 2.0, regulation EU 2024/1183digital-sovereignty-europetooltip on EUDIWlegal100%1 2 3
Every EU member state must offer the European Digital Identity Wallet by 2026digital-sovereignty-europetooltip on EUDIWdate100%1 2 3
Very large platforms must accept the EUDIW for authenticationdigital-sovereignty-europetooltip on EUDIWlegal100%1 2 3
The AI Act high-risk provisions take effect through August 2027digital-sovereignty-europeWhat Followsdate100%1 2 3
EU Court of Auditors states that regulatory fragmentation disadvantages European companiesdigital-sovereignty-europetooltip on regulatory burdenattribution100%1 2 3
In October 2019, Adobe shut off all its services in Venezuela overnight, without warning, following a US executive orderlinux-public-sectoropeningdate100%1 2 3
In 2022, Microsoft suspended sales in Russia following sanctionslinux-public-sectoropeningdate100%1 2 3
In 2022, Oracle ceased cloud operations in Russialinux-public-sectoropeningdate100%1 2 3
In 2022, SAP halted distribution in Russialinux-public-sectoropeningdate100%1 2 3
The four case studies span two decades, 200,000+ workstationslinux-public-sectoropeningstatistic100%1 2 3
GitHub restricted access for developers in sanctioned countries during the 2022 Russia sanctions.linux-public-sectorWhy This Matters Noworganizational100%1 2 3
The US placed Huawei on the Entity Listlinux-public-sectorWhy This Matters Noworganizational100%1 2 3
Google was forced to cut off access to Android services for Huaweilinux-public-sectorWhy This Matters Noworganizational100%1 2 3
Entity List is maintained by US Department of Commerce (Bureau of Industry and Security)linux-public-sectortooltip on Entity Listorganizational100%1 2 3
The EU is the largest trade partner of the United Stateslinux-public-sectorWhy This Matters Noworganizational100%1 2 3
The Munich Security Conference has been held annually since 1963linux-public-sectortooltip on MSCdate100%1 2 3
The 2026 Munich Security Conference theme was 'Under Destruction'linux-public-sectortooltip on MSCorganizational100%1 2 3
Chancellor Friedrich Merz stated in his MSC opening speech: 'Nobody forced us into the excessive dependency on the United States in which we recently found ourselves. This lack of autonomy was self-inflicted.'linux-public-sectorWhy This Matters Nowquote100%1 2 3
Chancellor Friedrich Merz stated: 'Competition policy is security policy, and security policy is competition policy. That is precisely why we want to be drivers of progress in future technologies.'linux-public-sectorWhy This Matters Nowquote100%1 2 3
Schleswig-Holstein is planning for 5–7 years for its migrationlinux-public-sectorWhy This Matters Nowstatistic100%1 2 3
The French Gendarmerie migration took two decadeslinux-public-sectorWhy This Matters Nowstatistic100%1 2
Munich's city council voted on 28 May 2003 to migrate its 14,000+ government PCs from Windows NT and Microsoft Office to Linux and open source softwarelinux-public-sectorMunichdate100%1 2 3
Steve Ballmer flew to Munich personally to offer special pricing to Mayor Christian Udelinux-public-sectorMunichorganizational100%1 2 3
Open source powers 90%+ of cloud infrastructure worldwidelinux-public-sectortooltip on open-sourcestatistic100%1 2 3
By 2013, the LiMux migration was essentially completelinux-public-sectorMunichdate100%1 2 3
Munich put the total cost of LiMux at approximately €23 millionlinux-public-sectorMunichfinancial100%1 2 3 4
An internal study concluded that a comparable Windows deployment would have cost around €34 millionlinux-public-sectorMunichfinancial100%1 2 3
In 2014, Dieter Reiter (SPD) was elected as the new mayor of Munichlinux-public-sectorMunich – What Actually Went Wrongdate100%1 2 3
In 2016, Microsoft moved its German headquarters from Unterschleißheim to Munich's Schwabing districtlinux-public-sectorMunich – What Actually Went Wrongdate100%1 2 3
Accenture was hired to evaluate Munich's IT landscape and recommended switching back to Microsoftlinux-public-sectorMunich – What Actually Went Wrongorganizational100%1 2 3
In 2017, Munich's city council voted to return to Windows and Microsoft Officelinux-public-sectorMunich – What Actually Went Wrongdate100%1 2 3
The estimated cost of Munich's reverse migration was between €49 and €100 millionlinux-public-sectorMunich – What Actually Went Wrongfinancial100%1 2 3
Since 2020, under a new coalition (Greens/SPD/Volt), Munich has been pursuing a more open approach againlinux-public-sectorMunich – The Lessondate100%1 2 3
In 2021, under Digital Minister Jan Philipp Albrecht (Greens), Schleswig-Holstein adopted a decision to break free from Microsoft dependencylinux-public-sectorSchleswig-Holsteindate100%1 2 3
Schleswig-Holstein's migration is built on six pillars: LibreOffice, Linux, Nextcloud, openDesk, Element/Matrix, and Open-Xchangelinux-public-sectorSchleswig-Holsteintechnical100%1 2 3
By end of 2025, LibreOffice migration was complete on roughly 80% of Schleswig-Holstein's 30,000 workstationslinux-public-sectorSchleswig-Holstein – Numbers and Progressstatistic100%1 2 3
The email migration to Open-Xchange covered more than 44,000 mailboxes and 110 million emails and calendar entrieslinux-public-sectorSchleswig-Holstein – Numbers and Progressstatistic100%1 2 3
The email migration to Open-Xchange was fully implemented in October 2025linux-public-sectorSchleswig-Holstein – Numbers and Progressdate100%1 2 3
Schleswig-Holstein saved €15 million in licensing fees so farlinux-public-sectorSchleswig-Holstein – Numbers and Progressfinancial100%1 2 3
€9 million of the savings was reinvested directly into open-source developmentlinux-public-sectorSchleswig-Holstein – Numbers and Progressfinancial100%1 2 3
In June 2025, Schleswig-Holstein established a dedicated Open Source Programme Office (OSPO)linux-public-sectorSchleswig-Holstein – Numbers and Progressdate100%1 2 3
The CDU replaced the Greens in the Schleswig-Holstein state government in 2022linux-public-sectorSchleswig-Holstein – Political Anchoringdate100%1 2 3
The French Gendarmerie has carried out the largest Linux desktop migration in Europelinux-public-sectorThe French Gendarmeriecomparison100%1 2 3
The French Gendarmerie migration covers 103,000 machineslinux-public-sectorThe French Gendarmeriestatistic100%1
In 2004, the Gendarmerie began with Firefox and OpenOfficelinux-public-sectorThe French Gendarmerie – Timelinedate100%1 2 3
In 2008, the Gendarmerie began first GendBuntu installations on workstationslinux-public-sectorThe French Gendarmerie – Timelinedate100%1 2 3
GendBuntu is a custom Ubuntu-based distribution maintained in-house by the Gendarmerielinux-public-sectorThe French Gendarmerie – Timelinetechnical100%1 2 3
By 2014, approximately 70,000 workstations were on GendBuntulinux-public-sectorThe French Gendarmerie – Timelinestatistic100%1
As of June 2024, 103,164 workstations with 97% running GendBuntulinux-public-sectorThe French Gendarmerie – Timelinestatistic100%1
The Gendarmerie puts the savings at approximately 40% of the total cost of ownership compared to a Windows equivalentlinux-public-sectorThe French Gendarmerie – Why It Worksfinancial100%1 2
The Gendarmerie has kept 3% of its systems on Windowslinux-public-sectorThe French Gendarmerie – What You Shouldn't Concludestatistic100%1 2
In 2015, the Italian Ministry of Defence began migrating its approximately 150,000 workstations to LibreOffice and ODFlinux-public-sectorThe Italian Militarydate100%1 2 3
NVIDIA began open-sourcing its kernel drivers in May 2022linux-public-sectorDesktop Linux in 2026date100%1 2 3
In 2024 the NVIDIA open-source drivers became the default for newer GPUslinux-public-sectorDesktop Linux in 2026date100%1 2 3
Microsoft ended security updates for Windows 10 on 14 October 2025linux-public-sectorWhat Remainsdate100%1 2 3
Three companies hold approximately 65–70 % of the global cloud infrastructure market sharecloud-sovereigntyIntroductionstatistic100%1 2
The three dominant cloud providers are Amazon Web Services, Microsoft Azure, and Google Cloud Platformcloud-sovereigntyIntroductionorganizational100%1 2 3
All three dominant cloud providers are US companies, subject to US lawcloud-sovereigntyIntroductionlegal100%1 2 3
The CLOUD Act (Clarifying Lawful Overseas Use of Data Act) was enacted in 2018cloud-sovereigntyIntroductiondate100%1 2 3
The CLOUD Act allows US authorities to compel US-based providers to produce data regardless of where that data is physically storedcloud-sovereigntyIntroductionlegal100%1 2 3
Providers can challenge CLOUD Act orders in courtcloud-sovereigntyIntroductionlegal100%1 2 3
CLOUD Act signed March 2018 under Trump (omnibus bill)cloud-sovereigntyIntroduction (tooltip)date100%1 2 3
CLOUD Act had bipartisan support in Congresscloud-sovereigntyIntroduction (tooltip)attribution100%1 2 3
UK signed first CLOUD Act bilateral agreement in 2019cloud-sovereigntyIntroduction (tooltip)date100%1 2 3
The EU-US Data Privacy Framework was established in 2023cloud-sovereigntyIntroductiondate100%1 2 3
Safe Harbor was struck down in 2015cloud-sovereigntyIntroductiondate100%1 2 3
Privacy Shield was struck down in 2020cloud-sovereigntyIntroductiondate100%1 2 3
Both Safe Harbor and Privacy Shield were invalidated by the European Court of Justice in the Schrems I and Schrems II rulingscloud-sovereigntyIntroductionlegal100%1 2 3
Max Schrems has signalled he may challenge the EU-US Data Privacy Frameworkcloud-sovereigntyIntroductionattribution100%1 2 3
The EU-US Data Privacy Framework is the third attempt at a transatlantic data transfer agreementcloud-sovereigntyIntroduction (tooltip)statistic100%1 2
US hyperscalers control around 70 % of the European cloud marketcloud-sovereigntyIntroductionstatistic100%1 2 3
European providers — OVHcloud, Hetzner, IONOS, Scaleway — account for roughly 15 % of the European cloud marketcloud-sovereigntyIntroductionstatistic100%1 2 3
The European Parliament has flagged the 70 % dependency on US cloud providers as a problemcloud-sovereigntyIntroductionattribution100%1 2 3
AWS launched in 2006, GCP in 2008, Azure in 2010.cloud-sovereigntyThe Price Myth (tooltip)date100%1 2 3
Google Cloud Platform launched in 2008cloud-sovereigntyThe Price Myth (tooltip)date100%1 2 3
Microsoft Azure launched in 2010cloud-sovereigntyThe Price Myth (tooltip)date100%1 2 3
AWS, GCP, and Azure together hold ~65 % of the global cloud marketcloud-sovereigntyThe Price Myth (tooltip)statistic100%1 2 3
A Hetzner dedicated server with 64 GB RAM and 8-core AMD Ryzen costs around €40–50 per monthcloud-sovereigntyThe Price Mythfinancial100%1 2 3
A comparable AWS EC2 m6a.4xlarge instance costs roughly $415 per monthcloud-sovereigntyThe Price Mythfinancial100%1 2 3
AWS is more than eight times as expensive as Hetzner for comparable computecloud-sovereigntyThe Price Mythcomparison100%1 2 3
US hyperscaler price premium is typically 3–5x for computecloud-sovereigntyThe Price Mythcomparison100%1 2 3
US hyperscaler price premium is typically 5–10x for storagecloud-sovereigntyThe Price Mythcomparison100%1 2 3
EU Cloud Certification Scheme (EUCS) was proposed by ENISA in 2020cloud-sovereigntyThe EUCS Sagadate100%1 2 3
ENISA, the EU's cybersecurity agency, proposed the EU Cloud Certification Scheme (EUCS) in 2020.cloud-sovereigntyThe EUCS Sagaorganizational100%1 2 3
EUCS planned three security levels: Basic, Substantial, and Highcloud-sovereigntyThe EUCS Sagatechnical100%1 2 3
France was the driving force behind EUCS sovereignty requirementscloud-sovereigntyThe EUCS Sagaattribution100%1 2 3
SecNumCloud is operated by ANSSI (the French cybersecurity agency)cloud-sovereigntyThe EUCS Sagaorganizational100%1 2 3
SecNumCloud requires that the cloud provider be majority-owned by EU entitiescloud-sovereigntyThe EUCS Sagalegal100%1 2 3
SecNumCloud requires that no non-EU law can compel data disclosurecloud-sovereigntyThe EUCS Sagalegal100%1 2 3
US hyperscalers lobbied against EUCS sovereignty requirementscloud-sovereigntyThe EUCS Sagaattribution100%1 2 3
The Netherlands and the Nordic countries were sympathetic to the US hyperscaler position against sovereignty requirementscloud-sovereigntyThe EUCS Sagaattribution100%1 2 3
EUCS sovereignty requirements were removed after more than four years of negotiationcloud-sovereigntyThe EUCS Sagadate100%1 2 3
The EUCS 'High' level now focuses on technical security measures but does not require European ownership or jurisdictioncloud-sovereigntyThe EUCS Sagalegal100%1 2 3
France maintained SecNumCloud as a national complement after sovereignty requirements were removed from EUCScloud-sovereigntyThe EUCS Sagaorganizational100%1 2 3
Gaia-X was launched in 2019 by Germany and Francecloud-sovereigntyGaia-Xdate100%1 2 3
By 2024, the Gaia-X Association had around 250 memberscloud-sovereigntyGaia-Xstatistic100%1 2 3
AWS, Microsoft, and Google are members of the Gaia-X Associationcloud-sovereigntyGaia-Xorganizational100%1 2 3
Sovereign Cloud Stack (SCS) is funded by the German Federal Ministry for Economic Affairs and Climate Action (BMWK)cloud-sovereigntySovereign Cloud Stackorganizational100%1 2 3
SCS was funded through the Gaia-X funding programmecloud-sovereigntySovereign Cloud Stackorganizational100%1 2 3
SCS is based on OpenStack for infrastructurecloud-sovereigntySovereign Cloud Stacktechnical100%1 2 3
SCS is based on Kubernetes for container orchestrationcloud-sovereigntySovereign Cloud Stacktechnical100%1 2 3
SCS uses Keycloak for identity managementcloud-sovereigntySovereign Cloud Stacktechnical100%1 2 3
SCS received approximately €15M in funding from BMWKcloud-sovereigntySovereign Cloud Stack (tooltip)financial100%1 2 3
OpenStack was created in 2010 by NASA and Rackspacecloud-sovereigntySovereign Cloud Stack (tooltip)date100%1 2 3
Kubernetes was created by Google and donated to CNCF in 2014cloud-sovereigntySovereign Cloud Stack (tooltip)date100%1 2 3 4
Kubernetes is the de facto standard for cloud application deploymentcloud-sovereigntySovereign Cloud Stack (tooltip)technical100%1 2 3
The term 'open source' was coined in 1998 by Christine Petersoncloud-sovereigntySovereign Cloud Stack (tooltip)date100%1 2
The Open Source Initiative (OSI) maintains the official definition of open sourcecloud-sovereigntySovereign Cloud Stack (tooltip)organizational100%1 2 3
Open source powers 90 %+ of cloud infrastructure worldwidecloud-sovereigntySovereign Cloud Stack (tooltip)statistic100%1 2 3
Providers that adopted SCS include plusserver, REGIO.cloud, and Waveconcloud-sovereigntySovereign Cloud Stackorganizational100%1 2 3
BMWK funding for SCS expired at the end of 2024cloud-sovereigntySovereign Cloud Stackdate100%1 2 3
SCS transitioned to community governance under the Open Source Business Alliance (OSBA)cloud-sovereigntySovereign Cloud Stackorganizational100%1 2 3
On 10 March 2021, a fire destroyed the SBG2 data centre in Strasbourgcloud-sovereigntyThe OVH Firedate100%1 2 3
3.6 million websites went offline due to the OVH Strasbourg firecloud-sovereigntyThe OVH Firestatistic100%1 2 3
The OVH fire also damaged the adjacent SBG1 facilitycloud-sovereigntyThe OVH Firetechnical100%1 2 3
OVHcloud's lower-tier offerings did not include off-site backups as standardcloud-sovereigntyThe OVH Firetechnical100%1 2 3
A fire at a Cyxtera (US) facility in London in 2022 caused similar disruptioncloud-sovereigntyThe OVH Firedate100%1 2 3
Bleu is a joint venture between Orange and Capgeminicloud-sovereigntyFrance: SecNumCloud and Bleuorganizational100%1 2 3
Bleu was launched in 2024cloud-sovereigntyFrance: SecNumCloud and Bleudate100%1 2 3
Bleu operates Microsoft 365 and Azure services under SecNumCloud certificationcloud-sovereigntyFrance: SecNumCloud and Bleutechnical100%1 2 3
Delos Cloud is a joint venture between SAP and Arvato Systems (Bertelsmann)cloud-sovereigntyGermany: Delos Cloud and SCSorganizational100%1 2 3
Microsoft announced Microsoft 365 Local in June 2025cloud-sovereigntyGermany: Delos Cloud and SCSdate100%1 2 3
openDesk is the German government 'sovereign workplace' initiative run by ZenDiScloud-sovereigntyGermany: Delos Cloud and SCS (tooltip)organizational100%1 2 3
openDesk integrates Nextcloud, Open-Xchange, Collabora, Jitsi, and Elementcloud-sovereigntyGermany: Delos Cloud and SCS (tooltip)technical100%1
openDesk released version 1.0 in 2024cloud-sovereigntyGermany: Delos Cloud and SCS (tooltip)date100%1
LaSuite is the sovereign digital workplace of the French public administration (DINUM)cloud-sovereigntyGermany: Delos Cloud and SCS (tooltip)organizational100%1 2 3
In the summer of 2025, Denmark announced a programme to reduce Microsoft 365 dependency across governmentcloud-sovereigntyDenmarkdate100%1 2 3
Danish Digital Affairs Minister Caroline Stage Olsen framed the initiative in concentration-risk termscloud-sovereigntyDenmarkattribution100%1 2 3
Caroline Stage Olsen said: 'We must never make ourselves so dependent on so few.'cloud-sovereigntyDenmarkquote100%1 2
The Danish Ministry of Digital Affairs began rolling out LibreOffice across government workstations in summer–autumn 2025cloud-sovereigntyDenmarkdate100%1 2 3
Copenhagen and Aarhus announced similar LibreOffice initiatives at the municipal levelcloud-sovereigntyDenmarkorganizational100%1 2 3
LibreOffice was forked from OpenOffice in 2010cloud-sovereigntyDenmark (tooltip)date100%1 2 3
LibreOffice's native format is ODF, which is an ISO standardcloud-sovereigntyDenmark (tooltip)technical100%1 2 3
LibreOffice is deployed on 30,000+ PCs in Schleswig-Holsteincloud-sovereigntyDenmark (tooltip)statistic100%1 2 3
AWS offers over 200 managed servicescloud-sovereigntyThe Managed Services Gapstatistic100%1 2
Bare-metal servers offer 10–30 % more raw performance vs. VMscloud-sovereigntyThe Managed Services Gap (tooltip)technical100%1 2 3
Vendor lock-in switching costs are typically 2–10x the original investmentcloud-sovereigntyThe Managed Services Gap (tooltip)financial100%1 2 3
EU Commission flagged vendor lock-in as a key risk in 2020cloud-sovereigntyThe Managed Services Gap (tooltip)attribution100%1 2 3
The EU Data Act is regulation EU 2023/2854cloud-sovereigntyThe Data Actlegal100%1 2
The Data Act became applicable from 12 September 2025cloud-sovereigntyThe Data Actdate100%1 2 3
From January 2027, cloud switching charges must be eliminated entirely under the Data Actcloud-sovereigntyThe Data Actlegal100%1 2 3
European providers offer standard infrastructure workloads at 3–5x lower cost than AWS or Azurecloud-sovereigntyWhat Remainscomparison100%1 2 3
The EU actively promotes open standards via the European Interoperability Frameworkcloud-sovereigntyWhat Remains (tooltip)organizational100%1 2 3
The term API originates from 1968, REST paradigm since 2000 (Roy Fielding)ai-sovereigntyIntroduction (tooltip)date100%1 2 3
Proprietary APIs are the primary lock-in mechanism in cloud computing.ai-sovereigntyIntroduction (tooltip)technical100%1 2 3
Switching costs are typically 2–10× original investmentai-sovereigntyIntroduction (tooltip)statistic100%1 2 3
EU Commission flagged vendor lock-in as key risk (2020)ai-sovereigntyIntroduction (tooltip)organizational100%1 2 3
Main drivers of vendor lock-in: proprietary formats, APIs, contractsai-sovereigntyIntroduction (tooltip)technical100%1 2 3
On 20 January 2025, the Chinese AI lab DeepSeek released its R1 modelai-sovereigntyIntroductiondate100%1 2 3
DeepSeek R1 matched or exceeded OpenAI's o1 on most benchmarksai-sovereigntyIntroductioncomparison100%1 2 3
On 27 January 2025, Nvidia lost $589 billion in market capitalisationai-sovereigntyIntroductionfinancial100%1 2 3
Nvidia's loss was the largest single-day loss in stock market historyai-sovereigntyIntroductionfinancial100%1 2 3
DeepSeek disclosed the training cost of its predecessor model V3 at $5.6 millionai-sovereigntyIntroductionfinancial100%1 2 3
The term 'foundation model' was coined by Stanford HAI (2021)ai-sovereigntyThe European AI Landscape (tooltip)date100%1 2
Training cost is estimated $100M+ per frontier modelai-sovereigntyThe European AI Landscape (tooltip)financial100%1 2 3
Only ~10 organisations worldwide can build frontier modelsai-sovereigntyThe European AI Landscape (tooltip)editorial100%1
Mistral AI was founded in Paris in 2023ai-sovereigntyMistral AI: The European Contenderdate100%1 2 3 4
Mistral AI was founded by former Google DeepMind and Meta researchersai-sovereigntyMistral AI: The European Contenderorganizational100%1 2 3
Mistral AI reached a €12 billion valuation in under three yearsai-sovereigntyMistral AI: The European Contenderfinancial100%1 2 3
Mistral AI has over $400 million in annual recurring revenueai-sovereigntyMistral AI: The European Contenderfinancial100%1 2 3
Mistral's September 2025 funding round raised €2 billionai-sovereigntyMistral AI: The European Contenderfinancial100%1 2 3
Mistral's total valuation reached €12 billion after the September 2025 roundai-sovereigntyMistral AI: The European Contenderfinancial100%1 2
Mistral has over 100 enterprise customers including government agenciesai-sovereigntyMistral AI: The European Contenderstatistic100%1 2 3
Open-weight model concept was popularised by Meta's LLaMA release (2023)ai-sovereigntyMistral AI: The European Contender (tooltip)date100%1 2 3 4
OSI ruled that LLaMA's licence does not qualify as open sourceai-sovereigntyMistral AI: The European Contender (tooltip)legal100%1 2
Mistral's open-weight models include Mistral 7B and Mixtral 8x7Bai-sovereigntyMistral AI: The European Contendertechnical100%1 2 3 4
Mistral's premium proprietary model is called Mistral Largeai-sovereigntyMistral AI: The European Contendertechnical100%1 2 3
Mistral Large 3 was released in December 2025ai-sovereigntyMistral AI: The European Contenderdate100%1 2 3
Mistral Large 3 uses 41 billion active parameters (675 billion total in mixture-of-experts architecture)ai-sovereigntyMistral AI: The European Contendertechnical100%1 2 3
Mistral Large 3 is competitive with GPT-4-class models on most benchmarksai-sovereigntyMistral AI: The European Contendercomparison100%1 2 3
GPT-3 (2020) had 175 billion parametersai-sovereigntyMistral AI: The European Contender (tooltip)technical100%1 2 3
Training costs are $100M+ for frontier modelsai-sovereigntyMistral AI: The European Contender (tooltip)financial100%1 2 3
Mistral 7B showed that smaller models can competeai-sovereigntyMistral AI: The European Contender (tooltip)technical100%1 2 3
Mistral's investors include General Catalyst, Andreessen Horowitz, and Lightspeed — US venture capital firmsai-sovereigntyMistral AI: The European Contenderorganizational100%1 2 3
Mistral's headquarters is in Paris and its largest team is Frenchai-sovereigntyMistral AI: The European Contenderorganizational100%1 2 3
Aleph Alpha was founded in Heidelberg in 2019ai-sovereigntyAleph Alpha: The Cautionary Taledate100%1 2 3
Aleph Alpha raised approximately $500 million (only about €110 million was equity — the rest was debt and service contracts)ai-sovereigntyAleph Alpha: The Cautionary Talefinancial100%1 2 3
Aleph Alpha's foundation model family was called Luminousai-sovereigntyAleph Alpha: The Cautionary Taletechnical100%1 2 3
In September 2024, Aleph Alpha pivoted and stopped developing its own foundation modelsai-sovereigntyAleph Alpha: The Cautionary Taledate100%1 2 3
Aleph Alpha repositioned as an enterprise AI infrastructure provider under the brand PhariaAIai-sovereigntyAleph Alpha: The Cautionary Taleorganizational100%1 2 3
Training frontier models costs hundreds of millions of dollars per generationai-sovereigntyAleph Alpha: The Cautionary Talefinancial100%1 2
Microsoft invested $13 billion into OpenAIai-sovereigntyAleph Alpha: The Cautionary Talefinancial100%1 2
Hugging Face hosts over 2 million models and 500,000+ datasetsai-sovereigntyHugging Face: European Roots, American Addressstatistic100%1 2
The term open source was coined in 1998 by Christine Petersonai-sovereigntyHugging Face: European Roots, American Address (tooltip)date100%1 2 3 4
OSI maintains the official open source definitionai-sovereigntyHugging Face: European Roots, American Address (tooltip)organizational100%1 2 3
Open source powers 90%+ of cloud infrastructure worldwideai-sovereigntyHugging Face: European Roots, American Address (tooltip)statistic100%1 2 3 4
Hugging Face was founded in Paris by French entrepreneurs Clément Delangue, Julien Chaumond, and Thomas Wolfai-sovereigntyHugging Face: European Roots, American Addressorganizational100%1 2 3
Hugging Face's largest engineering team — roughly 70 of the original core — remains in Parisai-sovereigntyHugging Face: European Roots, American Addresseditorial100%1
Hugging Face is headquartered in New Yorkai-sovereigntyHugging Face: European Roots, American Addressorganizational100%1 2 3
US salaries for developers are ~50% higher than in Western Europe (OECD)ai-sovereigntyHugging Face: European Roots, American Address (tooltip)statistic100%1 2
Meta released LLaMA in February 2023ai-sovereigntyOpen Weight: The Sovereignty Enablerdate100%1 2 3 4
Before LLaMA, using a competitive LLM meant sending data to OpenAI's API, hosted on Microsoft Azureai-sovereigntyOpen Weight: The Sovereignty Enablertechnical100%1 2 3
Meta LLaMA 3.1/3.2 is the most widely adopted open-weight familyai-sovereigntyOpen Weight: The Sovereignty Enablertechnical100%1 2 3
LLaMA licence restricts commercial use for applications with more than 700 million monthly active usersai-sovereigntyOpen Weight: The Sovereignty Enablerlegal100%1 2
LLaMA is not open source by the OSI definitionai-sovereigntyOpen Weight: The Sovereignty Enablerlegal100%1 2 3
Several Mistral models are released under Apache 2.0 licenceai-sovereigntyOpen Weight: The Sovereignty Enablerlegal100%1 2 3 4
DeepSeek R1 is released under the MIT licenceai-sovereigntyOpen Weight: The Sovereignty Enablerlegal100%1 2 3
DeepSeek R1 under MIT licence is the most permissive licence of any frontier modelai-sovereigntyOpen Weight: The Sovereignty Enablerlegal100%1 2 3
Qwen is made by Alibaba and released under Apache 2.0 licenceai-sovereigntyOpen Weight: The Sovereignty Enablerlegal100%1 2
Scaleway (France) offers NVIDIA H100 instances from approximately €2.73 per hourai-sovereigntyThe Compute Questionfinancial100%1 2
OVHcloud (France) offers dedicated GPU serversai-sovereigntyThe Compute Questionorganizational100%1 2 3
Quantisation techniques reduce model precision from 16-bit to 8-bit or 4-bitai-sovereigntyThe Compute Questiontechnical100%1 2 3 4
A quantised Mistral 7B runs comfortably on a laptop with a decent GPUai-sovereigntyThe Compute Questiontechnical100%1 2 3
The EU AI Act is regulation EU 2024/1689ai-sovereigntyThe EU AI Act: Regulation as Double-Edged Swordlegal100%1 2 3
The EU AI Act entered into force on 1 August 2024ai-sovereigntyThe EU AI Act: Regulation as Double-Edged Sworddate100%1 2 3
The EU AI Act is the world's first comprehensive AI regulationai-sovereigntyThe EU AI Act: Regulation as Double-Edged Swordlegal100%1 2 3
The AI Act's phased implementation runs through August 2027ai-sovereigntyThe EU AI Act: Regulation as Double-Edged Sworddate100%1 2 3
The EU AI Act was proposed in 2021 and adopted in 2024ai-sovereigntyThe EU AI Act (tooltip)date100%1 2 3
The EU AI Act bans social scoring and most biometric surveillanceai-sovereigntyThe EU AI Act (tooltip)legal100%1 2 3
Models with systemic risk are defined as those with training compute exceeding 10²⁵ FLOPsai-sovereigntyThe EU AI Act: Regulation as Double-Edged Swordtechnical100%1 2 3
Open-weight GPAI model providers are exempt from publishing technical documentation and copyright transparency requirements unless classified as systemic riskai-sovereigntyThe EU AI Act: Regulation as Double-Edged Swordlegal100%1 2 3
EU Court of Auditors found that regulatory fragmentation disadvantages European companiesai-sovereigntyThe EU AI Act (tooltip)organizational100%1 2 3
The Berlin summit on digital sovereignty in November 2025 called for a 12-month postponement of the AI Act's high-risk provisionsai-sovereigntyThe EU AI Act: Regulation as Double-Edged Swordlegal100%1 2 3
SCS received ~€15M funding from German BMWKai-sovereigntyBuilding a Sovereign AI Stack (tooltip)editorial100%1
SCS is based on OpenStack and Kubernetesai-sovereigntyBuilding a Sovereign AI Stack (tooltip)technical100%1 2 3 4
Several German providers are now SCS-certifiedai-sovereigntyBuilding a Sovereign AI Stack (tooltip)organizational100%1 2
The OpenAI API format has become a de facto standard implemented by most open-weight inference serversai-sovereigntyBuilding a Sovereign AI Stacktechnical100%1 2 3 4
GDPR is EU regulation 2016/679, applicable since 25 May 2018ai-sovereigntyWhat Follows (tooltip)legal100%1 2 3 4
The highest GDPR fine was €1.2 billion against Meta (2023)ai-sovereigntyWhat Follows (tooltip)financial100%1 2 3
AI Act phased implementation runs from February 2025 to August 2027ai-sovereigntyWhat Follows (tooltip)date100%1 2 3
The EU AI Act defines four risk levels: unacceptable, high, limited, minimalai-sovereigntyWhat Follows (tooltip)legal100%1 2 3
A Hetzner GPU server costs around €150/month and can serve a team of 20–50 peopleai-sovereigntyWhat Followsfinancial100%1 2
The AI Act's conformity requirements for high-risk domains take full effect in August 2027ai-sovereigntyWhat Followsdate100%1 2 3 4
High-risk AI domains include HR screening, healthcare triage, law enforcement, and credit scoringai-sovereigntyWhat Followslegal100%1 2 3
OSI published the Open Source AI Definition v1.0 in October 2024ai-sovereigntySourcesdate100%1 2 3
Every time an employee clicks 'Sign in with Google' or 'Sign in with Microsoft,' a US company learns when, where, and to which service that person authenticated.identity-sovereigntyopening paragraphtechnical100%1 2 3
The identity provider is the most strategically important piece of infrastructure most IT departments never think about.identity-sovereigntyopening sectiontechnical100%1 2 3
Okta reported $2.61 billion in revenue for fiscal year 2025.identity-sovereigntyopening sectionfinancial100%1
Okta serves 19,100 customers.identity-sovereigntyopening sectionstatistic100%1 2 3
Okta is the largest dedicated identity provider.identity-sovereigntyopening sectionorganizational100%1 2 3
Microsoft Entra ID (formerly Azure AD) is bundled with Microsoft 365 and is the default identity provider for hundreds of millions of organisations using Microsoft's ecosystem.identity-sovereigntyopening sectiontechnical100%1 2 3
Google Identity serves a similar function for Google Workspace users.identity-sovereigntyopening sectiontechnical100%1 2 3
When your identity provider is American, the authentication data is subject to the CLOUD Act and US jurisdiction.identity-sovereigntyopening sectionlegal100%1 2 3
CLOUD Act was signed March 2018 under Trump (omnibus bill) with bipartisan support in Congress.identity-sovereigntytooltip on CLOUD Actlegal100%1 2
UK signed first bilateral CLOUD Act agreement in 2019.identity-sovereigntytooltip on CLOUD Actlegal100%1 2 3
Providers can challenge CLOUD Act orders in court.identity-sovereigntytooltip on CLOUD Actlegal100%1 2 3
DigiD is the Dutch government's digital identity system.identity-sovereigntyDigiD Controversyorganizational100%1 2 3
DigiD has 16.5 million registered users.identity-sovereigntyDigiD Controversystatistic100%1 2 3
DigiD has over 500 million logins annually.identity-sovereigntyDigiD Controversystatistic100%1 2 3
DigiD is one of the most widely used national identity systems in Europe.identity-sovereigntyDigiD Controversycomparison100%1 2 3
DigiD's infrastructure was operated by Solvinity, a Dutch managed hosting company.identity-sovereigntyDigiD Controversyorganizational100%1 2 3
In 2024, Kyndryl acquired Solvinity.identity-sovereigntyDigiD Controversyorganizational100%1 2 3
Kyndryl is the former IBM infrastructure services division, now an independent US-listed company.identity-sovereigntyDigiD Controversyorganizational100%1 2 3
After Kyndryl acquisition, the company operating the Dutch government's identity infrastructure was under US corporate control.identity-sovereigntyDigiD Controversyorganizational100%1 2 3
The Dutch Parliament adopted multiple motions calling on the government to ensure DigiD infrastructure would not be controlled by a non-European entity.identity-sovereigntyDigiD Controversylegal100%1 2 3
The Dutch government committed to not renewing the Solvinity/Kyndryl contract beyond 2028.identity-sovereigntyDigiD Controversylegal100%1 2 3
The Dutch government committed to migrating DigiD to sovereign infrastructure.identity-sovereigntyDigiD Controversylegal100%1 2 3
eIDAS 2.0 (EU 2024/1183) was adopted in April 2024.identity-sovereigntyeIDAS 2.0legal100%1 2
eIDAS 2.0's centrepiece is the European Digital Identity Wallet (EUDIW).identity-sovereigntyeIDAS 2.0legal100%1 2 3
Every EU member state must offer the EUDIW to its citizens by 2026.identity-sovereigntyeIDAS 2.0legal100%1 2 3
Original eIDAS regulation dates from 2014.identity-sovereigntytooltip on eIDASdate100%1 2 3
eIDAS 2.0 revised 2024: Digital Identity Wallet required by 2026.identity-sovereigntytooltip on eIDASlegal100%1 2 3
eIDAS 2.0 affects 450 million EU citizens.identity-sovereigntytooltip on eIDASstatistic100%1 2 3
The EUDIW is a government-issued digital wallet on the citizen's phone that can store government-issued identity credentials, driving licences, diplomas/professional qualifications, health insurance cards, and other verifiable attributes.identity-sovereigntyeIDAS 2.0technical100%1 2 3
The EUDIW works both online and offline.identity-sovereigntyeIDAS 2.0technical100%1 2 3
Very large online platforms (as defined by the Digital Services Act) are required to accept the EUDIW for user authentication.identity-sovereigntyeIDAS 2.0legal100%1 2 3
The wallet is designed to present credentials directly without the identity provider seeing the transaction (unlike 'Sign in with Google').identity-sovereigntyeIDAS 2.0 – The Promisetechnical100%1 2 3
Implementation across 27 member states, each with different existing identity systems, different legal frameworks, and different levels of digital maturity.identity-sovereigntyeIDAS 2.0 – The Reality Checkorganizational100%1 2 3
The EUDIW technical architecture (Architecture and Reference Framework, ARF) is still being refined.identity-sovereigntyeIDAS 2.0 – The Reality Checktechnical100%1 2 3
The EUDIW architecture is designed to prevent surveillance (selective disclosure, no central logging).identity-sovereigntyeIDAS 2.0 – The Reality Checktechnical100%1 2 3
FranceConnect has been operational since 2016.identity-sovereigntyFranceConnectdate100%1 2 3
FranceConnect has over 43 million users as of mid-2024.identity-sovereigntyFranceConnectstatistic100%1 2 3
FranceConnect is connected to over 1,400+ services.identity-sovereigntyFranceConnectstatistic100%1 2 3
FranceConnect works as a federation layer: citizens use existing government credentials (from tax office, health insurance, or other government agencies) to authenticate to any connected service.identity-sovereigntyFranceConnecttechnical100%1 2 3
If you're a French government online service, you must accept FranceConnect (mandatory integration).identity-sovereigntyFranceConnectlegal100%1 2 3
Two open-source identity providers have emerged as the main alternatives to Okta and Microsoft Entra ID: Keycloak and Authentik.identity-sovereigntyKeycloak and Authentiktechnical100%1 2 3
Keycloak was originally developed by Red Hat (now IBM).identity-sovereigntyKeycloakorganizational100%1 2 3 4
Keycloak is a CNCF incubating project — the same foundation that hosts Kubernetes.identity-sovereigntyKeycloakorganizational100%1 2 3
CNCF was founded in 2015, part of Linux Foundation.identity-sovereigntytooltip on CNCForganizational100%1 2 3
CNCF has 170+ projects including Kubernetes (graduated 2018).identity-sovereigntytooltip on CNCFstatistic100%1 2 3
KubeCon has approximately 9,000 attendees per event (NA 2024).identity-sovereigntytooltip on CNCFstatistic100%1 2 3
Keycloak supports SSO via SAML 2.0, OpenID Connect, and OAuth 2.0; LDAP and Active Directory integration; multi-factor authentication; fine-grained authorisation policies; user self-service; federation with external identity providers.identity-sovereigntyKeycloaktechnical100%1 2 3
Active Directory is Microsoft's proprietary directory service (since Windows 2000).identity-sovereigntytooltip on Active Directorytechnical100%1 2 3
Active Directory is de facto standard for enterprise identity management.identity-sovereigntytooltip on Active Directorytechnical100%1 2 3
Open-source alternatives to Active Directory: FreeIPA, Samba AD.identity-sovereigntytooltip on Active Directorytechnical100%1 2 3 4
LDAP is an open protocol for directory services (RFC 4511).identity-sovereigntytooltip on LDAPtechnical100%1 2 3
Authentik is a public benefit company funded by Open Core Ventures.identity-sovereigntyAuthentikorganizational100%1 2 3
Authentik follows an open-core model: core is open source, enterprise features (audit logging, outpost management, premium support) are paid.identity-sovereigntyAuthentiktechnical100%1 2 3
FIDO2/WebAuthn replaces passwords with public-key cryptography.identity-sovereigntyFIDO2 and Passkeystechnical100%1 2 3
FIDO Alliance was founded in 2012 (after password breach wave).identity-sovereigntytooltip on FIDO2date100%1 2 3
Apple, Google, Microsoft committed to passkeys in 2022.identity-sovereigntytooltip on FIDO2date100%1 2 3
As of late 2025, 69% of users have at least one passkey-capable device.identity-sovereigntyFIDO2 and Passkeysstatistic100%1 2 3
As of late 2025, 48% of the top 100 websites support passkey authentication.identity-sovereigntyFIDO2 and Passkeysstatistic100%1 2 3
Microsoft made passkeys the default sign-in method in May 2025.identity-sovereigntyFIDO2 and Passkeysdate100%1 2 3
Microsoft reported a 120% increase in passkey adoption.identity-sovereigntyFIDO2 and Passkeysstatistic100%1 2 3
Passkeys sync credentials via cloud accounts (iCloud Keychain, Google Password Manager, Microsoft Account).identity-sovereigntyFIDO2 – Sovereignty Angletechnical100%1 2 3
Hardware FIDO2 keys (YubiKey, SoloKeys, Nitrokey) — the private key never leaves the physical device; no cloud sync.identity-sovereigntyFIDO2 – Sovereignty Angletechnical100%1 2 3
Keycloak and Authentik both support FIDO2 and passkeys.identity-sovereigntyFIDO2 – Sovereignty Angletechnical100%1 2 3
The identity-as-a-service (IDaaS) market is dominated by US providers.identity-sovereigntyIDaaS Marketorganizational100%1 2 3
Okta holds roughly 27% market share.identity-sovereigntyIDaaS Marketstatistic100%1 2 3
Okta has $2.61 billion in revenue (FY2025) and 19,100 customers.identity-sovereigntyIDaaS Marketfinancial100%1
Microsoft Entra ID, bundled with Microsoft 365, is effectively free for existing Microsoft customers.identity-sovereigntyIDaaS Marketfinancial100%1 2 3
For a 500-person organisation, a managed Keycloak deployment might cost €15,000–30,000 per year in hosting and support.identity-sovereigntyIDaaS Marketfinancial100%1 2 3
For a 500-person organisation, Okta's equivalent plan would cost $50,000–100,000 per year.identity-sovereigntyIDaaS Marketfinancial100%1 2 3
Switching costs are typically 2–10× original investment.identity-sovereigntytooltip on vendor lock-infinancial100%1 2 3
EU Commission flagged vendor lock-in as key risk (2020).identity-sovereigntytooltip on vendor lock-inlegal100%1 2 3
FranceConnect's 43 million users show that government identity federation scales.identity-sovereigntyWhat Followsstatistic100%1 2 3
A YubiKey costs €50.identity-sovereigntyWhat Follows – recommendationsfinancial100%1 2 3
A typical migration for an organisation with 50 SAML-connected applications takes 3–6 months.identity-sovereigntyWhat Follows – recommendationstechnical100%1 2 3
Annual savings of €35,000–70,000 for a 500-person organisation compared to Okta.identity-sovereigntyWhat Follows – recommendationsfinancial100%1 2 3
The savings fund the migration effort within 12 months.identity-sovereigntyWhat Follows – recommendationsfinancial100%1 2 3
Every EU member state must offer the European Digital Identity Wallet by 2026.identity-sovereigntyWhat Follows – recommendationslegal100%1 2 3
Microsoft 365 has over 400 million paid seats worldwide.sovereign-workplaceopening paragraphstatistic100%1 2 3
In European public administration, Microsoft's market share is estimated north of 80%.sovereign-workplaceopening paragraphstatistic100%1 2 3
Microsoft licence terms include compliance with US export control laws.sovereign-workplaceopening paragraphlegal100%1 2 3
Three governments — Germany, France, and the Netherlands — are building open-source workplace platforms.sovereign-workplaceopening sectionorganizational100%1 2 3
Austria, Denmark, Schleswig-Holstein are deploying individual components with measurable success.sovereign-workplaceopening sectionorganizational100%1 2 3
Term 'open source' coined in 1998 by Christine Peterson.sovereign-workplacetooltip on open-sourcedate100%1 2
OSI maintains the official definition of open source.sovereign-workplacetooltip on open-sourceorganizational100%1 2 3
Open source powers 90%+ of cloud infrastructure worldwide.sovereign-workplacetooltip on open-sourcestatistic100%1 2 3
EGroupware has been a dedicated groupware solution since 2003 (building on phpgroupware roots from 2000).sovereign-workplaceWhat Do You Actually Needdate100%1 2 3
Term 'groupware' coined 1978 (Johnson-Lenz).sovereign-workplacetooltip on groupwareattribution100%1 2 3
Lotus Notes (1989) was the first major groupware product.sovereign-workplacetooltip on groupwaredate100%1 2 3
Microsoft 365 today: 400M+ paid seats.sovereign-workplacetooltip on groupwarestatistic100%1 2 3
Nextcloud was forked from ownCloud in 2016 to focus on file management.sovereign-workplaceWhat Do You Actually Needdate100%1 2 3
Nextcloud is the most widely deployed open-source collaboration platform in European public administration.sovereign-workplaceWhat Do You Actually Needcomparison100%1 2 3
Matrix/Element is decentralised, end-to-end encrypted, used by the French government and the German Bundeswehr.sovereign-workplaceWhat Do You Actually Need – messagingtechnical100%1 2
Matrix is an open, decentralised communication protocol used by French government (Tchap) and German Bundeswehr (BwMessenger), with end-to-end encryption support.sovereign-workplacetooltip on Matrixtechnical100%1 2 3
openDesk is the German government's answer to Microsoft 365.sovereign-workplaceopenDeskorganizational100%1 2 3
openDesk is developed by the Centre for Digital Sovereignty (ZenDiS), a subsidiary of the Federal Ministry of the Interior.sovereign-workplaceopenDeskorganizational100%1 2 3
openDesk integrates Nextcloud, Open-Xchange, Collabora Online, Jitsi, and Element/Matrix.sovereign-workplaceopenDesktechnical100%1
openDesk released version 1.0 in 2024.sovereign-workplacetooltip on openDeskdate100%1
Version 1.0 of openDesk was released in October 2024.sovereign-workplaceopenDeskdate100%1 2 3
LaSuite was developed by DINUM (the Interministerial Directorate for Digital Affairs).sovereign-workplaceLaSuiteorganizational100%1 2 3
DINUM coordinates IT strategy across all French ministries and develops LaSuite and the 'digital commons' programme.sovereign-workplacetooltip on DINUMorganizational100%1 2 3
France built custom forks with a consistent user interface for LaSuite (instead of integrating upstream projects as-is like openDesk).sovereign-workplaceLaSuitetechnical100%1 2 3
In February 2026, the open-source spreadsheet and database tool Grist joined LaSuite.sovereign-workplaceLaSuitedate100%1 2 3
Grist reached 20,000 monthly active users across 15 ministries — a tenfold increase in one year.sovereign-workplaceLaSuitestatistic100%1 2 3
MijnBureau is the Netherlands' sovereign workplace, combining components from both openDesk and LaSuite.sovereign-workplaceMijnBureauorganizational100%1 2 3
MijnBureau is the newest of the three sovereign workplace platforms.sovereign-workplaceMijnBureauorganizational100%1 2 3
A German civil servant on openDesk can collaborate on a document with a French colleague on LaSuite, or a Dutch colleague on MijnBureau, without the data leaving European sovereign infrastructure (federation).sovereign-workplaceFederationtechnical100%1 2 3
Tchap is the French government's instant messenger, built on the Matrix protocol and developed by DINUM.sovereign-workplaceTchaptechnical100%1 2 3 4
Tchap has been available since 2019.sovereign-workplaceTchapdate100%1 2 3
In September 2025, French Prime Minister's circular n°6497/SG made Tchap mandatory for interministerial communication.sovereign-workplaceTchaplegal100%1 2 3
Over 600,000 French government employees now use Tchap.sovereign-workplaceTchapstatistic100%1 2 3
Signal protocol (2013) is the gold standard for end-to-end encryption.sovereign-workplacetooltip on E2EEtechnical100%1 2 3
WhatsApp adopted the Signal protocol in 2016 for 1 billion users.sovereign-workplacetooltip on E2EEstatistic100%1 2
EU repeatedly debates 'chat control' that could weaken E2EE.sovereign-workplacetooltip on E2EElegal100%1 2 3
The German Bundeswehr uses BwMessenger, also Matrix-based, serving the armed forces.sovereign-workplaceTchaporganizational100%1 2 3
The German healthcare system (gematik) adopted Matrix for the TI-Messenger.sovereign-workplaceTchaporganizational100%1 2 3
Tchap succeeded because the French government didn't ask civil servants whether they preferred it; it told them to use it (binding mandate).sovereign-workplaceTchaporganizational100%1 2 3
In 2024, the Austrian Federal Ministry of Climate Action (BMWET) completed a migration of 1,200 employees to Nextcloud.sovereign-workplaceAustriaorganizational100%1 2 3
In 2024, Austria's Federal Ministry of Climate Action (BMWET — now restructured) completed a migration of 1,200 employees to Nextcloud in four months.sovereign-workplaceAustriastatistic100%1 2 3
The BMWET retained Microsoft Teams for external meetings where partners expected it.sovereign-workplaceAustriaorganizational100%1 2 3
Denmark has gone further than any other Western European country in explicitly reducing Microsoft dependency at the national level.sovereign-workplaceDenmarkcomparison100%1 2 3
In the summer of 2025, Danish Digital Affairs Minister Caroline Stage Olsen announced a government-wide rollout of LibreOffice.sovereign-workplaceDenmarkorganizational100%1 2 3
The cities of Copenhagen and Aarhus followed suit at the municipal level.sovereign-workplaceDenmarkorganizational100%1 2 3
Danish minister's quote: 'We must never make ourselves so dependent on so few.'sovereign-workplaceDenmarkquote100%1 2
In June 2025, Microsoft announced Microsoft 365 Local — an on-premises deployment option designed to address sovereignty concerns.sovereign-workplaceMicrosoft's Responseorganizational100%1 2 3
Bleu in France is a National Partner Cloud by Orange/Capgemini.sovereign-workplaceMicrosoft's Responseorganizational100%1 2 3
Delos Cloud in Germany is a National Partner Cloud by SAP/Arvato.sovereign-workplaceMicrosoft's Responseorganizational100%1 2 3
Bleu and Delos offer Microsoft 365 operated by European entities under local jurisdiction.sovereign-workplaceMicrosoft's Responseorganizational100%1 2 3 4
LibreOffice is deployed on 30,000+ PCs in Schleswig-Holstein.sovereign-workplaceDocument Editingstatistic100%1 2 3
LibreOffice is deployed on 150,000 Italian military workstations.sovereign-workplaceDocument Editingstatistic100%1 2 3
LibreOffice's native format is ODF (an ISO standard).sovereign-workplaceDocument Editingtechnical100%1 2 3
LibreOffice was forked from OpenOffice in 2010.sovereign-workplacetooltip on LibreOfficedate100%1 2 3
OnlyOffice is from Latvia (Ascensio System SIA), designed for browser-based collaborative editing with strong Microsoft format compatibility.sovereign-workplaceDocument Editing / tooltip on OnlyOfficeorganizational100%1 2 3
OnlyOffice has an AGPL core with proprietary enterprise features.sovereign-workplaceDocument Editinglegal100%1 2 3
New mail servers with low-reputation IP addresses routinely see legitimate emails classified as spam by Google and Microsoft.sovereign-workplaceEmailtechnical100%1 2 3
European email providers listed: Mailbox.org, Posteo, Proton Mail, Open-Xchange.sovereign-workplaceEmailorganizational100%1 2 3
Schleswig-Holstein's migration to Open-Xchange for email was completed in October 2025.sovereign-workplaceEmaildate100%1 2
Schleswig-Holstein's numbers: approximately €9 million in one-time investment, offset by estimated annual savings of €15 million — primarily from eliminated Microsoft licence costs.sovereign-workplaceTCOfinancial100%1 2 3
Tchap/Matrix: 600,000+ users in the French government demonstrate viability.sovereign-workplaceWhat Worksstatistic100%1 2 3
LibreOffice has 20+ years of development.sovereign-workplaceWhat Worksdate100%1 2 3
Schleswig-Holstein has migrated 30,000 workstations.sovereign-workplaceWhat Followsstatistic100%1 2 3
Schleswig-Holstein has migrated 80% of 30,000 workstations to ODF and LibreOffice.sovereign-workplaceWhat Follows – recommendationsstatistic100%1 2 3
Schleswig-Holstein is saving €15 million annually by having already moved.sovereign-workplaceWhat Follows – cost of waitingfinancial100%1 2 3
Microsoft raised government pricing by 30% at Enterprise Agreement renewal for commercial customers in 2023.sovereign-workplaceWhat Follows – cost of waitingfinancial100%1 2 3
Full openDesk/LaSuite deployment as a Microsoft 365 replacement should be planned for a 2–4 year migration with gradual adoption.sovereign-workplaceWhat Follows – recommendationsstatistic100%1 2 3
Friday, 27 February 2026, just before five p.m.: negotiations between Anthropic and the Pentagon.technology-as-leverageopening scenedate100%1 2 3
US Department of War (formerly Department of Defense) is the world's largest employer (approx. 2.85 million personnel).technology-as-leveragetooltip on Pentagonstatistic100%1 2
Pentagon FY2026 budget: approx. $895 billion.technology-as-leveragetooltip on Pentagonfinancial100%1 2 3
Anthropic is a US-based AI company, founded in 2021 by former OpenAI researchers.technology-as-leveragetooltip on Anthropicorganizational100%1 2 3
Anthropic is valued at approx. $380 billion (Feb. 2026).technology-as-leveragetooltip on Anthropicfinancial100%1 2
The Pentagon budgeted $13.4 billion for autonomous systems in FY2026.technology-as-leveragetooltip on autonomous weaponsfinancial100%1 2 3
There is no binding international prohibition on autonomous weapons (LAWS) to date.technology-as-leveragetooltip on autonomous weaponslegal100%1 2 3
Claude is the only AI model previously cleared for use on US classified networks.technology-as-leveragetooltip on Claudetechnical100%1 2 3
NSA operates global surveillance programmes (including PRISM, XKeyscore).technology-as-leveragetooltip on NSAorganizational100%1 2 3
NSA was brought into public focus by the Snowden revelations in 2013.technology-as-leveragetooltip on NSAdate100%1 2 3
Foreign Intelligence Surveillance Act (FISA) dates from 1978.technology-as-leveragetooltip on FISAlegal100%1 2 3
FISA permits surveillance of non-US persons for foreign intelligence purposes and requires authorisation by a special court (FISC).technology-as-leveragetooltip on FISAlegal100%1 2 3
Anthropic drew two red lines: no autonomous weapons, no mass surveillance.technology-as-leverageopening sceneorganizational100%1 2 3
The Pentagon had yielded on autonomous weapons — the phrase 'as appropriate' (loophole for weapons deployment) was to be removed.technology-as-leverageopening sceneorganizational100%1 2 3
Anthropic offered to work with the NSA on data collected under judicial oversight pursuant to FISA.technology-as-leverageopening sceneorganizational100%1 2 3
The Pentagon demanded access to commercial bulk data of American citizens — chatbot queries, GPS locations, credit card transactions.technology-as-leverageopening sceneorganizational100%1 2 3
Anthropic refused the bulk data demand.technology-as-leverageopening sceneorganizational100%1 2 3
At 5:01 p.m., the deadline expired.technology-as-leverageopening scenedate100%1 2 3
Three hours after the deadline, US Secretary of War Pete Hegseth designated Anthropic a 'supply chain risk'.technology-as-leverageopening scenelegal100%1 2 3
Pete Hegseth is Secretary of War, in office since January 2025; former Fox News host and military veteran.technology-as-leveragetooltip on Pete Hegsethorganizational100%1 2 3
The supply chain risk designation was previously reserved exclusively for foreign actors.technology-as-leverageopening scenelegal100%1 2 3
The next morning, OpenAI signed the replacement contract.technology-as-leverageopening sceneorganizational100%1 2 3
OpenAI is a US-based AI company, founded in 2015.technology-as-leveragetooltip on OpenAIorganizational100%1 2 3
OpenAI has a close partnership with Microsoft.technology-as-leveragetooltip on OpenAIorganizational100%1 2 3
The instruments deployed — sanctions law, supply chain designation, Defense Production Act — are available to the US government against any American technology company.technology-as-leverageopening sectionlegal100%1 2 3
Reporting by The Atlantic and Golem.de revealed details of the Anthropic-Pentagon negotiation week.technology-as-leverageWhose data is it?attribution100%1 2 3
The core of the negotiation failure was about access to commercial bulk data, not autonomous weapons.technology-as-leverageWhose data is it?organizational100%1 2 3
Anthropic offered cooperation with the NSA on FISA data — material collected under judicial authorisation.technology-as-leverageWhose data is it?organizational100%1 2 3
Anthropic argued that even a purely cloud-based solution offered no guarantee against uncontrolled use because modern military architectures operate with mesh networks.technology-as-leverageWhose data is it?technical100%1 2 3
Emil Michael led the Pentagon side of the negotiations; he was a former Uber senior executive and Silicon Valley investor.technology-as-leverageWhose data is it?organizational100%1 2 3
Emil Michael publicly called Anthropic CEO Dario Amodei a 'liar' with a 'God complex'.technology-as-leverageWhose data is it?quote100%1 2
Dario Amodei is co-founder and CEO of Anthropic since 2021, former VP of Research at OpenAI, PhD in physics (Princeton).technology-as-leveragetooltip on Dario Amodeiorganizational100%1 2 3
J. Robert Oppenheimer (1904–1967) led the Manhattan Project; argued against the hydrogen bomb; had his security clearance revoked in 1954; posthumously rehabilitated in 2022.technology-as-leveragetooltip on Oppenheimerdate100%1 2 3
Despite the supply chain risk designation, the US military continued using Claude for active military operations, invoking the six-month transition clause in the existing contract.technology-as-leverageWhose data is it?legal100%1 2 3
One day after the Anthropic negotiations collapsed, OpenAI signed a contract with the Pentagon.technology-as-leverageReplacement dealorganizational100%1 2 3
Sam Altman is co-founder and CEO of OpenAI, former president of Y Combinator.technology-as-leveragetooltip on Sam Altmanorganizational100%1 2 3
OpenAI's three red lines: (1) no mass surveillance of US citizens domestically, (2) no autonomous weapons, (3) no social credit system for US citizens.technology-as-leverageReplacement dealorganizational100%1 2 3
OpenAI makes its models available to the Pentagon for 'all lawful purposes'.technology-as-leverageReplacement deallegal100%1 2 3
Executive Order 14110 established AI safety standards at the federal level.technology-as-leverageReplacement deal – the law problemlegal100%1 2 3
Executive Order 14110 was a US executive order dated 30 October 2023, 36 pages of mandatory AI safety, testing, and transparency requirements.technology-as-leveragetooltip on Executive Orderlegal100%1 2 3
Executive Order 14110 was revoked on 20 January 2025 — the successor's first day in office.technology-as-leveragetooltip on Executive Order / Replacement deallegal100%1 2 3
Around 100 OpenAI staff signed an open letter that expressly supported Anthropic's red lines.technology-as-leverageReplacement deal – credibility problemstatistic100%1 2 3
Altman initially signalled solidarity with Anthropic, then signed the replacement contract.technology-as-leverageReplacement deal – credibility problemorganizational100%1 2 3
OpenAI also asked the government to offer the same contractual terms to all AI labs and to resolve the dispute with Anthropic.technology-as-leverageReplacement dealorganizational100%1 2 3
Iran has been cut off from Google, Apple, cloud platforms, software updates for over a decade due to OFAC sanctions.technology-as-leverageThe patternlegal100%1 2 3
AWS, Microsoft Azure, Google Cloud Platform together account for approx. 65–70% of the global cloud infrastructure market.technology-as-leveragetooltip on hyperscalerstatistic100%1 2 3
European cloud alternatives listed: OVHcloud, Hetzner, IONOS, Scaleway.technology-as-leveragetooltip on hyperscalerorganizational100%1 2 3
OFAC (Office of Foreign Assets Control) is an agency of the US Department of the Treasury that administers and enforces US sanctions programmes worldwide.technology-as-leveragetooltip on OFACorganizational100%1 2 3
March 2022: Microsoft revoked Russian companies' access to licences, cloud services and updates overnight, without a transition period.technology-as-leverageThe pattern – Russiadate100%1 2 3
Google, Apple, SAP and Oracle followed Microsoft in revoking Russian access.technology-as-leverageThe pattern – Russiaorganizational100%1 2 3
2019: The US government placed Huawei on the Entity List. No chips, no software, no licences.technology-as-leverageThe pattern – Huaweilegal100%1 2 3
Huawei is a Chinese technology conglomerate (Shenzhen, founded 1987), world's largest 5G equipment manufacturer before the ban; forced to develop HarmonyOS and its own chips.technology-as-leveragetooltip on Huaweiorganizational100%1 2 3
The Entity List is maintained by the US Department of Commerce (Bureau of Industry and Security). Companies on the list may not receive US technology.technology-as-leveragetooltip on Entity Listlegal100%1 2 3
A French ICC judge cannot book hotel rooms, rent a car, or shop online because European payment transactions run through Visa and Mastercard subject to US sanctions law.technology-as-leverageThe pattern – French judgelegal100%1 2 3
The International Criminal Court is headquartered in The Hague with 123 member states; the United States is not a member. Several staff members are on US sanctions lists.technology-as-leveragetooltip on ICCorganizational100%1 2 3 4
Visa (San Francisco) and Mastercard (Purchase, NY) process the majority of European card transactions and are subject to US sanctions law including for transactions outside the US.technology-as-leveragetooltip on Visa/Mastercardfinancial100%1 2 3
February 2026: For the first time, a US company (Anthropic) is designated a supply chain risk. Not a foreign actor.technology-as-leverageThe pattern – Anthropiclegal100%1 2 3
The escalation pattern: countries classified as enemies → countries in active conflicts → foreign companies → individuals on European soil → domestic companies.technology-as-leverageThe patterncomparison100%1 2
Every EULA signed with a US software provider contains an obligation to comply with US export control and sanctions law.technology-as-leverageEvery licence is conditionaleditorial100%1 2 3
This clause appears in the terms of service of Microsoft, Apple, Google, Amazon, Salesforce, Oracle and virtually every other US technology company.technology-as-leverageEvery licence is conditionaleditorial100%1 2 3 4 5
Escalation ladder table: CLOUD Act → data access (all US tech companies); Sanctions law (OFAC) → licences/services (Iran, Russia, Cuba, North Korea, individuals); Entity List → technology exports (Huawei, Kaspersky); Defense Production Act → technology itself (Anthropic, first use against US company); Supply chain designation → economic isolation (Huawei, Kaspersky, Anthropic).technology-as-leverageEvery licence is conditionaleditorial100%1 2 3 4 5 6
Broadcom acquired VMware in November 2023 for $69 billion.technology-as-leveragetooltip on Broadcomfinancial100%1 2 3 4 5
After VMware acquisition, Broadcom abolished perpetual licences, forced migration to subscription model; licence costs for European cloud providers multiplied.technology-as-leveragetooltip on Broadcom / Every licence is conditionalfinancial100%1 2 3
Broadcom imposed tenfold price increases after VMware acquisition.technology-as-leverageEvery licence is conditionalfinancial100%1 2 3 4
On 2 March 2026, SPD digital policy spokesperson Matthias Mieves wrote letters to EU Commission President Ursula von der Leyen, CDU leader Friedrich Merz and other decision-makers in Berlin and Brussels.technology-as-leverageEurope's responseorganizational100%1 2
Mieves' message: Europe should actively invite Anthropic to continue its AI development under European law.technology-as-leverageEurope's responseorganizational100%1 2 3
Mieves describes the pressure on Anthropic as 'existentially threatening'.technology-as-leverageEurope's responsequote100%1 2 3
Mieves argues the EU under the EU AI Act offers 'optimal conditions' for human-centred AI development.technology-as-leverageEurope's responsequote100%1 2 3
This is the first time the EU AI Act has been explicitly framed as a location advantage for a specific company.technology-as-leverageEurope's responselegal100%1 2 3
EU AI Act (Regulation 2024/1689) is the world's first comprehensive AI regulation.technology-as-leveragetooltip on EU AI Actlegal100%1 2 3
EU AI Act in force since 1 August 2024, phased enforcement through August 2027.technology-as-leveragetooltip on EU AI Actlegal100%1 2 3
EU AI Act bans 8 AI practices (including social scoring, indiscriminate facial recognition).technology-as-leveragetooltip on EU AI Actlegal100%1 2 3
EU AI Act penalties up to 7% of global annual turnover.technology-as-leveragetooltip on EU AI Actlegal100%1 2 3
Anthropic's lead investor is Amazon ($8 billion), infrastructure on AWS, talent pool in San Francisco.technology-as-leverageEurope's response – what speaks againstfinancial100%1 2
The EU currently has neither the compute infrastructure nor the venture capital to support an AI company of Anthropic's scale on its own.technology-as-leverageEurope's response – what speaks againstorganizational100%1 2
Friedrich Merz is CDU chairman and incoming chancellor (as of March 2026), led CDU/CSU to victory in 2025 federal election, former head of BlackRock Germany.technology-as-leveragetooltip on Friedrich Merzorganizational100%1 2 3 4
Ursula von der Leyen is President of the European Commission since 2019 (CDU), second term since November 2024.technology-as-leveragetooltip on von der Leyenorganizational100%1 2 3
CLOUD Act was signed into law under Trump in March 2018 (omnibus bill), enables US authorities to access data held by US companies worldwide regardless of physical data location.technology-as-leveragetooltip on CLOUD Actlegal100%1 2
Defense Production Act is a US war-production law from 1950 (Korean War) that allows the president to compel companies to produce or supply goods for national defence, not limited to wartime.technology-as-leveragetooltip on Defense Production Actlegal100%1 2 3
Defense Production Act was most recently used for COVID-19 ventilators and AI safety tests.technology-as-leveragetooltip on Defense Production Actlegal100%1 2 3
Russia has gained operational experience from three years of war in Ukraine.technology-as-leverageFor the debateorganizational100%1 2
Russia launches over a thousand attack drones against Ukrainian civilian infrastructure per week.technology-as-leverageFor the debatestatistic100%1 2 3
Ten Ukrainian pilots disabled two entire NATO battalions in a single exercise.technology-as-leverageFor the debatestatistic100%1 2 3
A 36-page executive order (Biden's EO 14110) was revoked on the first day in office without replacement.technology-as-leverageFor the debatelegal100%1 2 3
Biden's Executive Order 14110 (36 pages of AI safety requirements) was revoked on the successor's first day in office without replacement.technology-as-leveragetooltip on executive orderlegal100%1 2 3
In February 2026, the US Department of Defense issued an ultimatum to AI company Anthropic.pentagon-vs-anthropicopeninglegal100%1 2 3
The demand: unrestricted access to Anthropic's AI models, including applications Anthropic's own terms of service explicitly prohibit.pentagon-vs-anthropicopeninglegal100%1 2 3
The threat: a war-production law dating from 1950.pentagon-vs-anthropicopeninglegal100%1 2 3
Seven months earlier (July 2025), Anthropic signed a $200 million contract with the Department of Defense.pentagon-vs-anthropicopeningfinancial100%1
Anthropic was the first AI company cleared for deployment on classified military networks.pentagon-vs-anthropicopeningorganizational100%1 2 3
Since 2018, the US DOJ has had the CLOUD Act, which compels US companies to hand over any data they store regardless of where in the world that data physically resides.pentagon-vs-anthropicWhat this is not aboutlegal100%1 2 3
CLOUD Act signed into law under Trump in March 2018 (omnibus bill), enables US authorities to access data held by US companies worldwide regardless of physical data location. Providers can challenge orders in court.pentagon-vs-anthropictooltip on CLOUD Actlegal100%1 2 3
The CLOUD Act applies to Microsoft, Google, Amazon, Meta, OpenAI, Anthropic and every other US technology company.pentagon-vs-anthropicWhat this is not aboutlegal100%1 2 3
What is at stake is unrestricted access to the technology itself — to use the AI models for mass surveillance and autonomous weapons systems.pentagon-vs-anthropicWhat this is not aboutorganizational100%1 2 3
Anthropic's Acceptable Use Policy explicitly prohibits mass surveillance of populations and the deployment of autonomous weapons systems without human oversight.pentagon-vs-anthropicSafety pledge and military contractlegal100%1 2 3
Anthropic accepted a $200 million prototype contract with the Department of Defense in July 2025.pentagon-vs-anthropicSafety pledge and military contractfinancial100%1
US Department of Defense is the world's largest employer (approx. 2.85 million personnel); FY2025 budget: approx. $886 billion.pentagon-vs-anthropictooltip on DoDfinancial100%1 2 3
Anthropic developed dedicated Claude Gov Models for government clients.pentagon-vs-anthropicSafety pledge and military contracttechnical100%1 2 3
Through partners such as Palantir, Anthropic was already operating on classified military networks.pentagon-vs-anthropicSafety pledge and military contractorganizational100%1 2 3
Palantir is a US data analytics company, founded 2003 by Peter Thiel; key clients include US intelligence agencies, military, law enforcement.pentagon-vs-anthropictooltip on Palantirorganizational100%1 2 3
At the time the conflict erupted, Anthropic was the only AI company cleared for use on classified systems.pentagon-vs-anthropicSafety pledge and military contractorganizational100%1 2 3
Defense Production Act was enacted in 1950 (Korean War); empowers the president to compel companies to produce or provide goods; not limited to wartime; used in 2020 for COVID-19 ventilators; used in 2023 for AI safety testing under Biden.pentagon-vs-anthropictooltip on Defense Production Actlegal100%1 2 3
Contract termination: the $200 million contract is financially manageable for Anthropic, which derives most of its revenue from the commercial market.pentagon-vs-anthropicThree levels of escalationfinancial100%1 2 3
Supply chain risk designation: every company doing business with the US military would have to remove Anthropic from its systems.pentagon-vs-anthropicThree levels of escalationlegal100%1 2 3
Anthropic is connected to AWS (Amazon), Palantir and numerous government partners.pentagon-vs-anthropicThree levels of escalationorganizational100%1 2 3
Supply chain risk designations have so far been reserved for foreign adversaries: Huawei (China), Kaspersky (Russia).pentagon-vs-anthropicThree levels of escalationlegal100%1 2 3
Huawei: Chinese technology conglomerate (Shenzhen, est. 1987), placed on US Entity List in 2019, world's largest 5G equipment maker before the ban.pentagon-vs-anthropictooltip on Huaweiorganizational100%1 2 3
Kaspersky: Russian cybersecurity vendor (Moscow, est. 1997), sales banned in the US from 2024 over security concerns. Germany's BSI warned against its use as early as 2022.pentagon-vs-anthropictooltip on Kasperskyorganizational100%1 2 3 4
Applying the supply chain risk instrument to a domestic US company would set a precedent.pentagon-vs-anthropicThree levels of escalationeditorial100%1 2 3
The Pentagon set the deadline for Friday, 5:01 p.m.pentagon-vs-anthropicThree levels of escalationdate100%1 2 3
The mechanism potentially applies to any technology the Pentagon deems defence-relevant: cloud infrastructure, quantum computing, biotechnology, semiconductors, cryptography.pentagon-vs-anthropicBeyond one companylegal100%1 2 3
Biden used the DPA in 2023 to require AI companies to conduct safety tests and share information.pentagon-vs-anthropicBeyond one companylegal100%1 2 3
The legal framework for DPA use without existing business relationship exists.pentagon-vs-anthropicBeyond one companylegal100%1 2 3
European customers must justify under the GDPR why they trust a provider whose technology can be requisitioned by the US military at any time.pentagon-vs-anthropicConsequences for business locationlegal100%1 2 3
GDPR (EU 2016/679) applicable since 25 May 2018. Largest fine: Meta, €1.2 billion (2023).pentagon-vs-anthropictooltip on GDPRlegal100%1 2 3
A US company's terms of service are valid only for as long as the US government chooses not to override them.pentagon-vs-anthropicConsequences for business locationlegal100%1 2 3
OpenAI, Google and xAI have already agreed to make their AI available for all 'lawful purposes'.pentagon-vs-anthropicConsequences for business locationorganizational100%1 2 3
Anthropic was the last major US provider to set limits on military use.pentagon-vs-anthropicConsequences for business locationorganizational100%1 2 3
If the US uses the DPA to force an AI company into military cooperation, other states (China, Russia, India, Turkey) could cite it as justification for their own measures.pentagon-vs-anthropicGeopolitical chain reactions – precedentlegal100%1 2 3
Logical consequence is partitioning of the global AI market along geopolitical lines: US AI, Chinese AI (DeepSeek, Baidu), European AI.pentagon-vs-anthropicGeopolitical chain reactions – market fragmentationcomparison100%1 2 3
DeepSeek is a Chinese AI company (Hangzhou, est. 2023). DeepSeek-R1 is competitive with GPT-4 at a fraction of the cost. Triggered a Wall Street shock in January 2025.pentagon-vs-anthropictooltip on DeepSeekorganizational100%1 2 3
Anthropic is planning an IPO later this year, according to NPR.pentagon-vs-anthropicGeopolitical chain reactions – investor riskfinancial100%1 2 3
CLOUD Act provides access to data; Defense Production Act provides access to technology; Supply Chain Risk Designation provides economic isolation in case of refusal. All three are being deployed or threatened in a contract dispute.pentagon-vs-anthropicLocation risk USAeditorial100%1 2 3 4
Risk comparison table: US HQ has highest global concentration of venture capital, talent and infrastructure; full legal access to data and technology; compulsion via DPA possible; economic isolation if non-cooperative.pentagon-vs-anthropicLocation risk USA – risk comparisoncomparison100%1 2 3
Silicon Valley still offers the world's highest concentration of venture capital, talent and infrastructure. No other location comes close.pentagon-vs-anthropicLocation risk USA – counterargumentcomparison100%1 2 3
European and Asian alternatives gaining relevance: Mistral (France), Aleph Alpha (Germany), DeepSeek (China).pentagon-vs-anthropicLocation risk USAorganizational100%1 2 3
Mistral is a French AI company (Paris, est. 2023), open-weight models (Mistral, Mixtral, Codestral), Europe's largest independent AI company.pentagon-vs-anthropictooltip on Mistralorganizational100%1 2 3
Aleph Alpha is a German AI company (Heidelberg, est. 2019); pivoted in 2024 from foundation models to AI infrastructure; Luminous models discontinued, now focused on PhariaAI platform.pentagon-vs-anthropictooltip on Aleph Alphaorganizational100%1 2 3
Strategic response for companies likely involves holding company outside the US, intellectual property in a neutral jurisdiction, operational presence in the US for the US market — similar to what happened after the Snowden revelations for cloud providers and data residency.pentagon-vs-anthropicLocation risk USAlegal100%1 2 3
2013: NSA whistleblower Edward Snowden revealed mass surveillance. PRISM programme: direct access to data from Google, Apple, Microsoft et al. Catalyst for Europe's data privacy debate and the Schrems rulings.pentagon-vs-anthropictooltip on Snowdendate100%1 2 3 4
The technologies at risk extend beyond AI: quantum computing, biotechnology, cryptography, semiconductors, space, cybersecurity, robotics.pentagon-vs-anthropicLocation risk USAtechnical100%1 2 3
Five companies — Microsoft, Apple, Google, Amazon, Meta — form the digital foundation for most of the world.global-digital-dependenciesIntroductionorganizational100%1 2 3
In China, payments run on Alipay and WeChat Pay, not Visa.global-digital-dependenciesIntroductioncomparison100%1 2 3
In India, UPI processes more transactions than Visa and Mastercard combined — on its own infrastructure.global-digital-dependenciesIntroductioncomparison100%1 2 3
In Kenya, sending money requires not a bank account but a mobile phone with M-Pesa.global-digital-dependenciesIntroductiontechnical100%1 2 3
Alipay is a mobile payment service of the Ant Group (Alibaba).global-digital-dependenciestooltip on Alipayorganizational100%1 2 3
Alipay has over 1.3 billion users worldwide.global-digital-dependenciestooltip on Alipaystatistic100%1 2 3
Alipay together with WeChat Pay dominates China's payment market.global-digital-dependenciestooltip on Alipayorganizational100%1 2 3
Alipay works via QR codes, not card networks.global-digital-dependenciestooltip on Alipaytechnical100%1 2 3
WeChat Pay is the payment function within the WeChat platform (Tencent).global-digital-dependenciestooltip on WeChat Payorganizational100%1 2 3
WeChat Pay has over 800 million active users (2019).global-digital-dependenciestooltip on WeChat Paystatistic100%1 2 3
WeChat Pay works via QR codes, deeply integrated into the WeChat ecosystem.global-digital-dependenciestooltip on WeChat Paytechnical100%1 2 3
UPI (Unified Payments Interface) was launched in 2016.global-digital-dependenciestooltip on UPIdate100%1 2 3
UPI was developed by NPCI (National Payments Corporation of India).global-digital-dependenciestooltip on UPIorganizational100%1 2 3
UPI processes over 16 billion transactions per month (2024).global-digital-dependenciestooltip on UPIstatistic100%1 2 3
UPI is government infrastructure, open to all banks and payment providers.global-digital-dependenciestooltip on UPIorganizational100%1 2 3
UPI is free for end users.global-digital-dependenciestooltip on UPIfinancial100%1 2 3
M-Pesa is a mobile payment service launched in 2007 in Kenya (Safaricom/Vodafone).global-digital-dependenciestooltip on M-Pesadate100%1 2 3
M-Pesa has over 50 million active users in East Africa.global-digital-dependenciestooltip on M-Pesastatistic100%1 2 3
M-Pesa enables payments, transfers and microloans via SMS.global-digital-dependenciestooltip on M-Pesatechnical100%1 2 3
M-Pesa has given millions of unbanked people access to financial services.global-digital-dependenciestooltip on M-Pesaorganizational100%1 2 3
The five major platforms — Microsoft, Apple, Google, Amazon, Meta — are American companies, subject to American law.global-digital-dependenciesUSA and Canadalegal100%1 2 3
US Executive Orders require no Congressional approval and can impose sanctions, trade restrictions and technology access controls.global-digital-dependenciestooltip on Executive Orderslegal100%1
EO 13928 imposed ICC sanctions; EO 14110 addressed AI safety (revoked).global-digital-dependenciestooltip on Executive Orderslegal100%1 2 3
Canada is de facto fully integrated into the US tech stack — same products, same cloud regions, same payment networks.global-digital-dependenciesUSA and Canadaorganizational100%1 2 3 4
Canadian companies use Microsoft 365, AWS and Visa/Mastercard like their US counterparts.global-digital-dependenciesUSA and Canadaorganizational100%1 2 3
WhatsApp has over 2 billion users worldwide.global-digital-dependenciestooltip on WhatsAppstatistic100%1
WhatsApp is the dominant communication platform in Latin America and South Asia.global-digital-dependenciestooltip on WhatsApporganizational100%1 2 3
WhatsApp is subject to US law (Meta, Menlo Park, California).global-digital-dependenciestooltip on WhatsApplegal100%1 2 3
From Mexico to Argentina, the US tech stack dominates almost completely: Windows on the desktops, Google and Microsoft in the schools, WhatsApp as the communications infrastructure.global-digital-dependenciesLatin Americaorganizational100%1 2 3
Cloud infrastructure in Latin America comes almost exclusively from AWS and Azure.global-digital-dependenciesLatin Americaorganizational100%1 2 3 4
SPEI is a Mexican interbank real-time payment system operated by Mexico's central bank (Banxico).global-digital-dependenciestooltip on SPEIorganizational100%1
Latin America has the highest WhatsApp penetration in the world.global-digital-dependenciesLatin America key pointstatistic100%1 2 3
Brazil is the only country in Latin America actively pushing back on digital dependency.global-digital-dependenciesBrazilorganizational100%1 2
PIX is a real-time payment system run by Brazil's central bank, launched November 2020.global-digital-dependenciestooltip on PIXdate100%1 2 3
PIX has over 175 million registered users (2025).global-digital-dependenciestooltip on PIXstatistic100%1 2 3
PIX is free for individuals, available 24/7.global-digital-dependenciestooltip on PIXfinancial100%1 2 3
PIX went from zero to over 175 million users in three years.global-digital-dependenciesBrazilstatistic100%1 2
LGPD (Lei Geral de Proteção de Dados) has been in force since September 2020.global-digital-dependenciestooltip on LGPDdate100%1 2 3
LGPD is closely modelled on the EU GDPR.global-digital-dependenciestooltip on LGPDlegal100%1 2 3
LGPD enforcement authority is ANPD (Autoridade Nacional de Proteção de Dados).global-digital-dependenciestooltip on LGPDorganizational100%1 2
Locaweb is a Brazilian cloud provider (São Paulo, est. 1998).global-digital-dependenciestooltip on Locawebdate100%1 2 3
GDPR has been in force since May 2018.global-digital-dependenciestooltip on GDPRdate100%1 2 3
GDPR fines can be up to 4% of global annual revenue.global-digital-dependenciestooltip on GDPRlegal100%1 2 3
EU AI Act has been in force since August 2024, with transition periods until 2027.global-digital-dependenciestooltip on EU AI Actdate100%1 2 3
EU AI Act is the world's first comprehensive AI law.global-digital-dependenciestooltip on EU AI Actlegal100%1 2 3
Data Act has been in force since January 2024, applicable from September 2025.global-digital-dependenciestooltip on Data Actdate100%1 2 3
Data Act gives users the right to port their data from cloud providers and prohibits unreasonable switching barriers.global-digital-dependenciestooltip on Data Actlegal100%1 2 3
LaSuite is the sovereign productivity suite of the French civil service, built entirely on open-source components, deployed across 15 ministries with 500,000 employees.global-digital-dependenciestooltip on LaSuiteorganizational100%1 2 3
openDesk is the sovereign workplace suite for the German public sector, initiated by the Federal Ministry of the Interior, built on Nextcloud, Open-Xchange, Collabora, Jitsi, Element.global-digital-dependenciestooltip on openDeskorganizational100%1 2 3
OpenDesktop NL is the Dutch sovereign workplace project, built on open-source technology.global-digital-dependenciestooltip on OpenDesktop NLorganizational100%1 2 3
Estonia has X-Road (decentralised data exchange system since 2001) and e-Residency (digital identity for non-Estonians since 2014).global-digital-dependenciestooltip on Estonia e-governmentdate100%1 2 3
Estonia's e-government is widely regarded as the world's most advanced digital government.global-digital-dependenciestooltip on Estonia e-governmentorganizational100%1 2
Estonia has built a sovereign digital identity layer — albeit on top of US cloud infrastructure underneath.global-digital-dependenciesEU Eastern Europetechnical100%1 2 3
The UK has its own data protection framework post-Brexit (UK GDPR and Data Protection Act 2018).global-digital-dependenciesNon-EU Europelegal100%1 2
Five Eyes is an intelligence alliance of the US, UK, Canada, Australia and New Zealand, founded after World War II (UKUSA Agreement, 1946).global-digital-dependenciestooltip on Five Eyesdate100%1 2 3 4
Five Eyes shares signals intelligence (SIGINT) among member states.global-digital-dependenciestooltip on Five Eyesorganizational100%1 2
Five Eyes was exposed by the Snowden revelations in 2013.global-digital-dependenciestooltip on Five Eyesdate100%1 2 3 4 5
Proton (Mail, VPN, Drive) and Threema are Swiss products with global reach.global-digital-dependenciesNon-EU Europe (Switzerland)organizational100%1
Norway has no domestic tech infrastructure whatsoever — full US dependency.global-digital-dependenciesNon-EU Europeorganizational100%1 2 3
In 2022, Microsoft suspended new sales in Russia.global-digital-dependenciesPost-Soviet spacedate100%1 2
In 2022, Google restricted services in Russia.global-digital-dependenciesPost-Soviet spacedate100%1 2 3
In 2022, Apple Pay stopped working in Russia.global-digital-dependenciesPost-Soviet spacedate100%1 2 3
In 2022, Visa and Mastercard blocked Russian cards.global-digital-dependenciesPost-Soviet spacedate100%1 2 3
Mir is a Russian payment card system launched in 2015, developed in response to the 2014 Crimea sanctions.global-digital-dependenciestooltip on Mirdate100%1 2 3 4
Mir is accepted in around 12 countries (incl. Turkey, Vietnam, Cuba).global-digital-dependenciestooltip on Mirstatistic100%1 2
Mir is operated by the Central Bank of the Russian Federation.global-digital-dependenciestooltip on Mirorganizational100%1 2 3
Yandex is a Russian technology company (Moscow, est. 1997).global-digital-dependenciestooltip on Yandexdate100%1 2 3
Yandex operates Russia's largest search engine (approx. 72% market share in Russia).global-digital-dependenciestooltip on Yandexstatistic100%1 2 3
Yandex Cloud has been growing since 2022 as AWS/Azure replacement.global-digital-dependenciestooltip on Yandexorganizational100%1 2
In 2024, Yandex business was sold to Russian investors.global-digital-dependenciestooltip on Yandexdate100%1 2
VKontakte (est. 2006) has over 100 million monthly active users.global-digital-dependenciestooltip on VKontaktestatistic100%1 2 3 4
VKontakte is owned by the VK Group (formerly Mail.ru Group).global-digital-dependenciestooltip on VKontakteorganizational100%1 2
China is the only case worldwide in which a complete, parallel tech stack exists.global-digital-dependenciesChinacomparison100%1 2 3 4
Baidu is a Chinese search engine (Beijing, est. 2000).global-digital-dependenciestooltip on Baidudate100%1 2
Baidu has over 60% market share in China.global-digital-dependenciestooltip on Baidustatistic100%1 2 3
Google Search is blocked in China.global-digital-dependenciestooltip on Baidutechnical100%1 2 3
Alibaba Cloud is the largest cloud provider in China, fourth-largest globally.global-digital-dependenciestooltip on Alibaba Cloudcomparison100%1 2 3
Alibaba Cloud is subject to Chinese law, including the 2017 National Intelligence Law.global-digital-dependenciestooltip on Alibaba Cloudlegal100%1 2
WeChat (Tencent, launched 2011) has over 1.2 billion monthly active users.global-digital-dependenciestooltip on WeChatstatistic100%1 2 3 4
HarmonyOS (Huawei) is a mobile operating system; China aims for full independence from US operating systems by 2027.global-digital-dependenciestooltip on HarmonyOSdate100%1 2 3 4
China's Great Firewall blocks Google, Facebook, Twitter/X, YouTube, WhatsApp and many other foreign services.global-digital-dependenciestooltip on Great Firewalltechnical100%1 2 3
The Great Firewall is technically implemented via DNS manipulation, IP blocking and deep packet inspection.global-digital-dependenciestooltip on Great Firewalltechnical100%1 2 3
The Great Firewall has been continuously expanded since the late 1990s.global-digital-dependenciestooltip on Great Firewalldate100%1 2 3
Chinese tech companies are expanding aggressively — Alibaba Cloud in Southeast Asia, Huawei infrastructure in Africa, TikTok globally.global-digital-dependenciesChinaorganizational100%1 2 3
Suica is a contactless payment and transit card system in Japan (JR East, launched 2001), based on Sony FeliCa technology.global-digital-dependenciestooltip on Suicadate100%1 2 3
LINE (launched 2011) has over 95 million active users in Japan (over 70% of the population).global-digital-dependenciestooltip on LINEstatistic100%1 2 3
LINE is owned since 2021 by Z Holdings (Softbank/Naver joint venture).global-digital-dependenciestooltip on LINEdate100%1 2 3
Naver is a South Korean internet company (Seongnam, est. 1999), operating the dominant search engine in South Korea (approx. 55% market share).global-digital-dependenciestooltip on Naverstatistic100%1 2 3
Naver Cloud is the largest local cloud provider in South Korea.global-digital-dependenciestooltip on Naverorganizational100%1 2 3
Naver is the parent company of LINE (Japan).global-digital-dependenciestooltip on Naverorganizational100%1 2 3
Kakao (est. 2010 as Kakao Corp.) operates KakaoTalk with approx. 90% messaging market share in South Korea.global-digital-dependenciestooltip on Kakaostatistic100%1 2 3
Kakao's ecosystem includes KakaoPay, KakaoT, KakaoBank.global-digital-dependenciestooltip on Kakaoorganizational100%1 2 3
South Korea's cloud infrastructure is partly on AWS, and workstation OS is Windows.global-digital-dependenciesJapan and South Koreatechnical100%1 2 3
UPI processes over 16 billion transactions per month.global-digital-dependenciesIndiastatistic100%1 2 3
UPI is free for end users and open to all banks.global-digital-dependenciesIndiafinancial100%1 2 3
RuPay was launched in 2012 as an alternative to Visa/Mastercard for the domestic Indian market.global-digital-dependenciestooltip on RuPaydate100%1 2 3
RuPay has over 750 million cards issued (2020).global-digital-dependenciestooltip on RuPaystatistic100%1 2 3
Aadhaar is the world's largest biometric identity system with over 1.4 billion registered Indians (near-100% coverage).global-digital-dependenciestooltip on Aadhaarstatistic100%1 2 3
Aadhaar captures fingerprints, iris scans and demographic data.global-digital-dependenciestooltip on Aadhaartechnical100%1 2 3
Aadhaar is operated by UIDAI (Unique Identification Authority of India).global-digital-dependenciestooltip on Aadhaarorganizational100%1 2 3
WhatsApp dominates in India with over 500 million users.global-digital-dependenciesIndiastatistic100%1 2 3
TikTok was banned in India in 2020.global-digital-dependenciesIndiadate100%1 2 3
Southeast Asia (Indonesia, Vietnam, Thailand, Philippines, Malaysia) is the fastest-growing digital market in the world.global-digital-dependenciesSoutheast Asiacomparison100%1 2 3
GoPay is an Indonesian mobile payment service (Gojek/GoTo group).global-digital-dependenciestooltip on GoPayorganizational100%1 2 3
ASEAN (Association of Southeast Asian Nations) was established in 1967.global-digital-dependenciestooltip on ASEANdate100%1 2 3
ASEAN has 10 member states: Brunei, Indonesia, Cambodia, Laos, Malaysia, Myanmar, the Philippines, Singapore, Thailand, Vietnam.global-digital-dependenciestooltip on ASEANorganizational100%1 2 3
ASEAN has over 680 million inhabitants, making it the third-largest market in the world after China and India.global-digital-dependenciestooltip on ASEANstatistic100%1 2 3
Central Asia (Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan, Kyrgyzstan) has post-Soviet infrastructure with increasing Chinese investment.global-digital-dependenciesCentral Asiaorganizational100%1 2 3
Central Asian digital infrastructure is split three ways: Russian telecom from the Soviet era, Chinese hardware (Huawei networks), and US software (Windows, Google, WhatsApp).global-digital-dependenciesCentral Asiatechnical100%1 2 3
Saudi Arabia, UAE, Qatar and Bahrain are pursuing the most lavishly funded digital sovereignty strategy in the world — financed by oil and gas revenues.global-digital-dependenciesGulf statesfinancial100%1 2 3
NEOM is a planned megacity in northwestern Saudi Arabia with original project costs of $1.6 trillion (scope since significantly scaled back).global-digital-dependenciestooltip on NEOMfinancial100%1 2 3
NEOM is intended to run entirely on renewable energy and AI-driven infrastructure.global-digital-dependenciestooltip on NEOMtechnical100%1 2 3
NEOM is part of Crown Prince Mohammed bin Salman's Vision 2030.global-digital-dependenciestooltip on NEOMorganizational100%1 2 3
mada is a Saudi payment card network that processes the majority of domestic card payments.global-digital-dependenciestooltip on madaorganizational100%1 2 3
Technology Innovation Institute (TII) in Abu Dhabi was established in 2020, part of the Advanced Technology Research Council.global-digital-dependenciestooltip on TIIdate100%1 2 3
TII develops Falcon, an open-weight AI model family; Falcon 180B was for a time the most capable open AI model.global-digital-dependenciestooltip on TIItechnical100%1 2 3
TII is funded by the Abu Dhabi government through the Advanced Technology Research Council (ATRC).global-digital-dependenciestooltip on TIIfinancial100%1 2 3
AWS operates cloud regions in Bahrain and the UAE.global-digital-dependenciesGulf statestechnical100%1 2 3
North Africa's digital infrastructure bears traces of two spheres of influence: francophone west (Morocco, Tunisia, Algeria) with French telecom companies (Orange, SFR subsidiaries) and US software; Arabic-anglophone east (Egypt) with a stronger US orientation.global-digital-dependenciesNorth Africaorganizational100%1 2 3
Egypt has the Meeza local payment system; Morocco has CMI.global-digital-dependenciesNorth Africaorganizational100%1 2 3
Iran has been under comprehensive US sanctions for decades, with no access to Google services, Apple features, AWS, Azure.global-digital-dependenciesLevant and Iraq (Iran)legal100%1 2 3
Shetab is an Iranian electronic banking network that connects all Iranian banks for card transactions, operating independently of SWIFT and Western payment networks.global-digital-dependenciestooltip on Shetabtechnical100%1 2 3
US sanctions blocked Iran's access to Visa/Mastercard and SWIFT.global-digital-dependenciestooltip on Shetablegal100%1 2 3
Soroush is an Iranian messaging app, state-sponsored after Telegram was blocked in Iran in 2018.global-digital-dependenciestooltip on Soroushdate100%1 2 3
Kenya, Tanzania, Rwanda, Uganda: Africa has leapfrogged an entire technology generation — smartphones and mobile money instead of desktop PCs and bank branches.global-digital-dependenciesEast Africacomparison100%1 2 3
M-Pesa has over 50 million active users in East Africa.global-digital-dependenciesEast Africastatistic100%1 2 3
Huawei is a Chinese technology company (Shenzhen, est. 1987), the world's largest provider of telecommunications infrastructure.global-digital-dependenciestooltip on Huaweiorganizational100%1 2 3
Huawei has built a large share of the mobile networks in Africa.global-digital-dependenciestooltip on Huaweiorganizational100%1 2 3
Huawei is on the US Entity List — US technology export ban.global-digital-dependenciestooltip on Huaweilegal100%1 2 3
Huawei infrastructure investments in Africa are partly tied to Chinese state financing.global-digital-dependenciestooltip on Huaweifinancial100%1 2 3
A large share of East Africa's telecommunications infrastructure — mobile networks, fibre-optic lines, data centres — was built by Huawei.global-digital-dependenciesEast Africaorganizational100%1 2 3
The hyperscalers operate their African cloud regions in South Africa, but connectivity to the East African market is thin.global-digital-dependenciesEast Africatechnical100%1 2 3
Lagos is known as 'Silicon Lagoon' for its dynamic technology startup scene.global-digital-dependenciesWest Africaorganizational100%1 2 3
Flutterwave is a Nigerian fintech company (est. 2016, headquartered San Francisco), valued at over $3 billion (2024).global-digital-dependenciestooltip on Flutterwavefinancial100%1 2 3
Paystack is a Nigerian fintech company (est. 2015), acquired by Stripe in 2020 for over $200 million.global-digital-dependenciestooltip on Paystackfinancial100%1 2 3
Paystack processes payments in Nigeria, Ghana, South Africa and Kenya.global-digital-dependenciestooltip on Paystackorganizational100%1 2 3
POPIA (Protection of Personal Information Act) has been in force since July 2021, modelled on the EU GDPR.global-digital-dependenciestooltip on POPIAdate100%1 2 3
Azure has had a cloud region in South Africa since 2019.global-digital-dependenciesSouthern Africadate100%1 2 3
AWS has had a cloud region in South Africa since 2020.global-digital-dependenciesSouthern Africadate100%1 2 3
GCP has had a cloud region in South Africa since 2024.global-digital-dependenciesSouthern Africadate100%1 2 3
South Africa is the cloud gateway for all of Africa.global-digital-dependenciesSouthern Africatechnical100%1 2 3
Australia and New Zealand are Five Eyes members, closely linked to the United States through intelligence cooperation.global-digital-dependenciesAustralia and New Zealandorganizational100%1 2 3
AWS operates a cloud region in Sydney.global-digital-dependenciesAustralia and New Zealandtechnical100%1 2 3
eftpos is an Australian electronic payment system (since 1984, ePAL as entity est. 2009).global-digital-dependenciestooltip on eftposdate100%1 2 3
Australia's New Payments Platform (NPP) enables real-time transfers since 2018.global-digital-dependenciestooltip on eftposdate100%1 2 3
Australia's dependency on US tech is politically deliberate — the close alliance makes decoupling undesirable.global-digital-dependenciesAustralia and New Zealandorganizational100%1 2 3
For Pacific island states (Fiji, Samoa, Tonga, Papua New Guinea), China and the United States compete over submarine cables, mobile networks and data centres.global-digital-dependenciesPacific Islandsorganizational100%1 2 3
Payments is the area where local alternatives exist most frequently: UPI (India), PIX (Brazil), M-Pesa (East Africa), Mir (Russia), mada (Saudi Arabia).global-digital-dependenciesThe patterncomparison100%1 2 3
Only China has built a complete alternative stack for cloud, operating systems and productivity software.global-digital-dependenciesThe patterncomparison100%1 2 3
Russia, Iran, China — in all three cases, decoupling from US technology has led to a new dependency on the state itself.global-digital-dependenciesThe patterncomparison100%1 2 3
India is the only case in which sovereign infrastructure has been built on open standards while remaining integrated into the global market.global-digital-dependenciesThe patterncomparison100%1 2 3
Executive Order: Imposing Sanctions on the International Criminal Court was published in the Federal Register in February 2025.global-digital-dependenciesSourceslegal100%1 2 3
Microsoft suspended new sales in Russia in March 2022.global-digital-dependenciesSourcesdate100%1 2 3
Europe votes to tackle deep dependence on US tech (Computerworld, January 2026).global-digital-dependenciesSourcesdate100%1 2 3
Anthropic published its Responsible Scaling Policy (RSP) in September 2023ai-safety-under-pressureOpening paragraphdate100%1 2 3
Anthropic is a US-based AI company, founded in 2021 by former OpenAI researchersai-safety-under-pressureTooltip on Anthropicorganizational100%1 2 3
Anthropic is the developer of Claudeai-safety-under-pressureTooltip on Anthropicorganizational100%1 2 3
Anthropic was valued at $380 billion as of February 2026ai-safety-under-pressureTooltip on Anthropicfinancial100%1
The Responsible Scaling Policy was first published in September 2023ai-safety-under-pressureTooltip on RSPdate100%1 2 3
OpenAI and Google DeepMind adopted similar safety frameworks shortly after Anthropic's RSPai-safety-under-pressureOpening paragraphorganizational100%1 2 3
Google DeepMind was formed in 2023 by merging Google Brain and DeepMindai-safety-under-pressureTooltip on Google DeepMindorganizational100%1 2 3
Google DeepMind develops Gemini, Google's most capable AI modelai-safety-under-pressureTooltip on Google DeepMindorganizational100%1 2 3
On 24 February 2026, Anthropic withdrew its binding development-pause promiseai-safety-under-pressureSecond paragraphdate100%1 2 3
RSP 3.0 replaces binding development pauses with 'nonbinding but publicly-declared targets'ai-safety-under-pressureSecond paragraphtechnical100%1 2 3
The US Department of Defense gave Anthropic an ultimatum in the same week as the RSP revisionai-safety-under-pressureThird paragraphdate100%1 2 3
The Pentagon demanded Anthropic deliver Claude without safety restrictions or face the Defense Production Act and designation as a 'supply chain risk'ai-safety-under-pressureThird paragraphorganizational100%1 2 3
The Defense Production Act is a US law from the Korean War era (1950)ai-safety-under-pressureTooltip on Defense Production Actlegal100%1 2 3
The Defense Production Act allows the president to compel companies to produce and deliver goods for national defenceai-safety-under-pressureTooltip on Defense Production Actlegal100%1 2 3
The Defense Production Act was most recently used during the COVID-19 pandemic for vaccines and ventilatorsai-safety-under-pressureTooltip on Defense Production Actlegal100%1 2 3
Non-compliance with the Defense Production Act carries criminal penaltiesai-safety-under-pressureTooltip on Defense Production Actlegal100%1 2 3
Claude is currently the only AI model used in US classified environmentsai-safety-under-pressureTooltip on Claudetechnical100%1 2 3
ASL-3 has been active since May 2025ai-safety-under-pressureTooltip on AI Safety Levelsdate100%1 2 3
ASL-2 covers current models (chat systems like Claude)ai-safety-under-pressureTooltip on AI Safety Levelstechnical100%1 2 3
RSP 3.0 introduces a Frontier Safety Roadmap with ambitious but non-binding milestonesai-safety-under-pressureSection: What has changedtechnical100%1 2 3
Anthropic cites three factors for the RSP change: zone of ambiguity, anti-regulatory political climate, and requirements impossible to meet unilaterallyai-safety-under-pressureSection: What has changedorganizational100%1 2 3
Executive Order 14110 on AI safety was revoked on the first day of the new administration (20 January 2025)ai-safety-under-pressureTooltip on anti-regulatory political climatedate100%1 2 3
Pete Hegseth is US Secretary of Defense since January 2025ai-safety-under-pressureTooltip on Pete Hegsethorganizational100%1 2 3
Pete Hegseth is a former Fox News presenter and military veteranai-safety-under-pressureTooltip on Pete Hegsethattribution100%1 2 3
Pete Hegseth gave Anthropic a public ultimatum in February 2026 to lift AI safety restrictionsai-safety-under-pressureTooltip on Pete Hegsethdate100%1 2 3
Dario Amodei is co-founder and CEO of Anthropic since 2021ai-safety-under-pressureTooltip on Dario Amodeiorganizational100%1 2 3
Dario Amodei is a former VP of Research at OpenAIai-safety-under-pressureTooltip on Dario Amodeiattribution100%1 2 3
Dario Amodei has a PhD in physics from Princetonai-safety-under-pressureTooltip on Dario Amodeiattribution100%1 2 3
Hegseth gave Amodei a deadline of Friday, 24 February, to lift Claude's safety restrictions for military useai-safety-under-pressureSection: Why: Government pressure meets market logicdate100%1 2 3
Hegseth said he would not allow any company to dictate the terms under which the Pentagon makes operational decisionsai-safety-under-pressureSection: Why: Government pressure meets market logicquote100%1 2 3
Axios is a US news outlet founded in 2017 by former Politico journalistsai-safety-under-pressureTooltip on Axiosorganizational100%1 2 3
The legal basis for compelling Anthropic via the Defense Production Act is legally contestedai-safety-under-pressureSection: Why: Government pressure meets market logiclegal100%1 2 3
Alan Rozenshtein is a professor at the University of Minnesota and editor at Lawfareai-safety-under-pressureSection: Why: Government pressure meets market logicattribution100%1 2 3
Alan Rozenshtein is a specialist in national security law, surveillance, and technology regulationai-safety-under-pressureTooltip on Alan Rozenshteinattribution100%1 2 3
Alan Rozenshtein is a former attorney at the US Department of Justice (National Security Division)ai-safety-under-pressureTooltip on Alan Rozenshteinattribution100%1 2 3
Lawfare is a US legal analysis blog and podcast, founded in 2010ai-safety-under-pressureTooltip on Lawfareorganizational100%1 2 3
Lawfare is housed at the Brookings Institutionai-safety-under-pressureTooltip on Lawfareorganizational100%1 2 3
James Baker is former Chief Judge of the U.S. Court of Appeals for the Armed Forcesai-safety-under-pressureSection: Why: Government pressure meets market logicattribution100%1 2 3
James Baker was previously General Counsel of the FBIai-safety-under-pressureTooltip on James Bakerattribution100%1 2 3
James Baker quote: 'Sometimes the availability of potential authority is sufficient leverage to achieve a result through consultation without invoking the law.'ai-safety-under-pressureSection: Why: Government pressure meets market logicquote100%1 2 3
OpenAI was founded in 2015ai-safety-under-pressureTooltip on OpenAIorganizational100%1 2 3
OpenAI is the developer of GPT-4, ChatGPT, and DALL-Eai-safety-under-pressureTooltip on OpenAIorganizational100%1 2 3
OpenAI maintains a close partnership with Microsoftai-safety-under-pressureTooltip on OpenAIorganizational100%1 2 3
xAI was founded in 2023 by Elon Muskai-safety-under-pressureTooltip on xAIorganizational100%1 2 3
xAI develops the Grok AI modelai-safety-under-pressureTooltip on xAIorganizational100%1 2 3
xAI has signed a contract for use in US classified environmentsai-safety-under-pressureSection: Why: Government pressure meets market logicorganizational100%1 2 3
OpenAI and Google provide their models to the Pentagon for 'all lawful purposes'ai-safety-under-pressureSection: Why: Government pressure meets market logicorganizational100%1 2 3
The EU AI Act (Regulation 2024/1689) has been in force since August 2024ai-safety-under-pressureSection: Two worldslegal100%1 2 3
The EU AI Act is the world's first binding AI lawai-safety-under-pressureSection: Two worldslegal100%1 2 3
The EU AI Act is in force since 1 August 2024, with phased enforcement through August 2027ai-safety-under-pressureTooltip on EU AI Actlegal100%1 2 3
The EU AI Act bans 8 AI practices including social scoring and mass facial recognitionai-safety-under-pressureTooltip on EU AI Actlegal100%1 2 3
The EU AI Act imposes fines up to 7% of global annual turnoverai-safety-under-pressureTooltip on EU AI Actlegal100%1 2 3
Since February 2025, eight explicitly prohibited AI practices apply under the EU AI Actai-safety-under-pressureSection: Two worldslegal100%1 2 3
Since August 2025, transparency obligations apply to general-purpose AI models under the EU AI Actai-safety-under-pressureSection: Two worldslegal100%1 2 3
More than 230 companies have signed the EU AI Pactai-safety-under-pressureSection: Two worldsstatistic100%1 2 3
The EU AI Pact was launched by the European Commission in November 2023ai-safety-under-pressureTooltip on EU AI Pactdate100%1 2 3
EU AI Pact signatories include Microsoft, Google, SAP, Siemens, Deutsche Telekomai-safety-under-pressureTooltip on EU AI Pactorganizational100%1 2 3
The UK AI Safety Institute (AISI) employs over 100 technical staffai-safety-under-pressureSection: Two worldsstatistic100%1 2 3
The UK AI Safety Institute has an annual budget of £66 millionai-safety-under-pressureSection: Two worldsfinancial100%1 2 3
The UK AI Safety Institute receives pre-deployment access to leading AI models for safety testingai-safety-under-pressureSection: Two worldstechnical100%1 2 3
The UK AI Safety Institute was founded in November 2023 as a result of the Bletchley Summitai-safety-under-pressureTooltip on AISIdate100%1 2 3
AISI receives pre-deployment access to AI models from Anthropic, OpenAI, Google DeepMind, and Metaai-safety-under-pressureTooltip on AISIorganizational100%1 2 3
The Bletchley Declaration was signed on 1–2 November 2023 at Bletchley Park, UKai-safety-under-pressureSection: Two worldsdate100%1 2 3
The Bletchley Declaration was signed by 29 countries, including both the US and Chinaai-safety-under-pressureSection: Two worldsstatistic100%1 2 3
The Bletchley Declaration acknowledged that advanced AI poses 'significant risks, including serious, even catastrophic, harm'ai-safety-under-pressureSection: Two worldsquote100%1 2 3
California SB 53 was signed by Governor Newsom in September 2025ai-safety-under-pressureSection: Two worldsdate100%1 2 3
SB 53 requires providers of frontier models to publish safety frameworks and report critical incidents within 15 daysai-safety-under-pressureSection: Two worldslegal100%1 2 3
SB 53 applies to models trained with more than 10^26 computing operationsai-safety-under-pressureTooltip on frontier modelstechnical100%1 2 3
SB 53 applies to models produced by companies with over $500M in annual revenueai-safety-under-pressureTooltip on frontier modelsfinancial100%1 2 3
Governor Newsom vetoed a stricter bill (SB 1047) in 2024ai-safety-under-pressureTooltip on Governor Newsomlegal100%1 2 3
Gavin Newsom has been Governor of California since 2019 (Democrat)ai-safety-under-pressureTooltip on Governor Newsomorganizational100%1 2 3
China's Interim Measures for Generative AI have been in effect since August 2023ai-safety-under-pressureSection: Two worldslegal100%1 2 3
China's Interim Measures require safety assessments, algorithm registration, and labelling of AI-generated contentai-safety-under-pressureSection: Two worldslegal100%1 2 3
Executive Order 14110 was issued on 30 October 2023 and was 36 pages longai-safety-under-pressureSection: Two worldsdate100%1 2 3
Executive Order 14110 contained mandatory AI safety reporting, testing, and transparency requirementsai-safety-under-pressureSection: Two worldslegal100%1 2 3
Executive Order 14110 was revoked on 20 January 2025, the new administration's first day in officeai-safety-under-pressureSection: Two worldsdate100%1 2 3
Executive Order 14179 is two pages long, contains zero safety requirementsai-safety-under-pressureSection: Two worldslegal100%1 2 3
Executive Order 14179 was issued on 20 January 2025ai-safety-under-pressureTooltip on EO 14179date100%1 2 3
Executive Order 14179's declared objective is to 'sustain and enhance America's global AI dominance'ai-safety-under-pressureSection: Two worldsquote100%1 2 3
In November 2023, the US signed the Bletchley Declaration; fourteen months later it revoked every binding safety measure at the federal levelai-safety-under-pressureSection: Two worldscomparison100%1 2 3
The CLOUD Act is a US law from 2018 that allows US authorities to access data stored by US companies regardless of the physical location of the serversai-safety-under-pressureTooltip on CLOUD Actlegal100%1 2 3
Chris Painter is Head of external relations at Metr (formerly Model Evaluation & Threat Research)ai-safety-under-pressureTooltip on Chris Painterattribution100%1 2 3
Metr is a non-profit organisation that evaluates AI models for catastrophic risksai-safety-under-pressureSection: What this means for businesses and usersorganizational100%1 2 3
Chris Painter warns of a 'frog-boiling effect' — without binary thresholds, risks accumulate graduallyai-safety-under-pressureSection: What this means for businesses and usersquote100%1 2 3
Nik Kairinos is CEO of Raids AIai-safety-under-pressureSection: What this means for youattribution100%1 2 3
Nik Kairinos is described as a British AI entrepreneur and technology commentatorai-safety-under-pressureTooltip on Nik Kairinosattribution100%1 2 3
Nik Kairinos is founder and CEO of Raids AI, a UK company specialising in AI-powered security analyticsai-safety-under-pressureTooltip on Nik Kairinosattribution100%1 2 3
Raids AI is a UK company specialising in AI-powered security and risk analyticsai-safety-under-pressureTooltip on Raids AIorganizational100%1 2 3
Safe Harbor was struck down in 2015ai-safety-under-pressureTooltip on EU-US Data Privacy Frameworklegal100%1 2 3
Privacy Shield was struck down in 2020ai-safety-under-pressureTooltip on EU-US Data Privacy Frameworklegal100%1 2 3
The EU-US Data Privacy Framework is the third attempt at a legal basis for EU–US data transfersai-safety-under-pressureTooltip on EU-US Data Privacy Frameworklegal100%1 2 3
The EU-US Data Privacy Framework is based on Executive Order 14086 (Biden, Oct. 2022)ai-safety-under-pressureTooltip on EU-US Data Privacy Frameworklegal100%1 2 3
Oversight board PCLOB has been without quorum since January 2025ai-safety-under-pressureTooltip on EU-US Data Privacy Frameworkorganizational100%1 2 3
A French judge at the International Criminal Court had his credit cards declined because he appeared on a US sanctions listdigital-risk-auditOpening sectionorganizational100%1 2 3 4
Visa is a US payment network headquartered in San Francisco, established in 1958digital-risk-auditTooltip on Visaorganizational100%1 2
Mastercard is a US payment network headquartered in Purchase, NY, established in 1966digital-risk-auditTooltip on Mastercardorganizational100%1 2 3
Visa and Mastercard together process the majority of European card paymentsdigital-risk-auditTooltip on Visastatistic100%1 2 3
Mastercard is the second-largest card network in the world after Visadigital-risk-auditTooltip on Mastercardcomparison100%1 2 3 4
The sanctions on the ICC were imposed via Executive Order in February 2025digital-risk-auditOpening sectiondate100%1 2 3
Apple relocated Chinese users' iCloud data to state-owned servers under pressure from the Chinese governmentdigital-risk-auditTooltip on iCloudorganizational100%1 2
In 2022, Russian banking apps were removed from the Apple App Store at the direction of the US governmentdigital-risk-auditTooltip on App Storeorganizational100%1 2 3
The CLOUD Act was signed into law under Trump in March 2018 (omnibus bill)digital-risk-auditSection: What has changedlegal100%1 2
The CLOUD Act enables US authorities to access data held by US companies worldwide, regardless of physical data locationdigital-risk-auditSection: What has changedlegal100%1 2 3
Huawei is a Chinese technology conglomerate from Shenzhen, established in 1987digital-risk-auditTooltip on Huaweiorganizational100%1 2 3
Huawei was placed on the US Entity List in 2019 with an export ban on US technologydigital-risk-auditTooltip on Huaweidate100%1 2 3
Huawei was the world's leading provider of 5G network equipment before sanctionsdigital-risk-auditTooltip on Huaweicomparison100%1 2 3
Huawei's smartphone revenue dropped by over 40% following US sanctionsdigital-risk-auditTooltip on Huaweifinancial100%1 2 3 4
Kaspersky is a Russian cybersecurity vendor from Moscow, established in 1997digital-risk-auditTooltip on Kasperskyorganizational100%1 2
Kaspersky sales were banned in the United States since 2024 on security groundsdigital-risk-auditTooltip on Kasperskylegal100%1 2 3
Germany's Federal Office for Information Security (BSI) warned against Kaspersky's use as early as 2022digital-risk-auditTooltip on Kasperskydate100%1 2 3
The dismissal of oversight bodies charged with supervising the EU-US Data Privacy Frameworkdigital-risk-auditSection: What has changedorganizational100%1 2 3
The EU-US Data Privacy Framework is the third attempt at a legal basis for transatlantic data transfers, after Safe Harbor (struck down 2015) and Privacy Shield (struck down 2020)digital-risk-auditTooltip on Data Privacy Frameworklegal100%1 2 3
According to a Gartner survey, 61% of Western European CIOs plan to reduce their dependence on US cloud providersdigital-risk-auditSection: What has changedstatistic100%1 2 3
Entra ID (formerly Azure AD) manages user accounts and access rights in most organisationsdigital-risk-auditSection: The chain no one seestechnical100%1 2 3
AWS, Azure and GCP together hold approximately 65–70% of the global cloud infrastructure marketdigital-risk-auditTooltip on hyperscalersstatistic100%1 2 3
In March 2022, Microsoft cut Russian companies off overnight — licences, cloud services, updates gone from one day to the nextdigital-risk-auditSection: What is no longer theoreticaldate100%1 2 3
Broadcom acquired VMware in November 2023 for $69 billiondigital-risk-auditTooltip on Broadcomfinancial100%1 2 3
Broadcom multiplied licensing costs for European cloud providers tenfold after acquiring VMwaredigital-risk-auditSection: What is no longer theoreticalfinancial100%1 2 3 4
Google has shut down more than 290 productsdigital-risk-auditSection: What is no longer theoreticalstatistic100%1 2
Matrix protocol is in use by the Bundeswehr, NATO, and French public administrationdigital-risk-auditTooltip on Matrixorganizational100%1 2 3 4
SEPA covers 41 countries and has been mandatory for transfers and direct debits since 2014digital-risk-auditTooltip on SEPAstatistic100%1 2 3 4 5
France has migrated 500,000 agents across 15 ministries to Visio, a sovereign alternative to Zoomdigital-risk-auditSection: The contingency planstatistic100%1 2
Austria's military runs on open-source servicesdigital-risk-auditSection: The contingency planorganizational100%1 2
The EU Commission communicates via Matrixdigital-risk-auditSection: The contingency planorganizational100%1 2 3
The European Parliament voted 471 to 68 in January 2026 for an 'open source first' resolutiondigital-risk-auditSection: The contingency planstatistic100%1 2 3 4
The term 'open source' was coined in 1998 by Christine Petersondigital-risk-auditTooltip on open-sourcedate100%1 2 3
90%+ of global cloud infrastructure is built on open sourcedigital-risk-auditTooltip on open-sourcestatistic100%1 2 3
A Microsoft 365 migration typically takes 6 to 18 monthsdigital-risk-auditSection: Why nowtechnical100%1 2
A cloud migration typically takes 12 to 24 monthsdigital-risk-auditSection: Why nowtechnical100%1 2 3
An identity provider switch typically takes 3 to 12 monthsdigital-risk-auditSection: Why nowtechnical100%1 2 3
A desktop operating system migration typically takes 12 to 36 monthsdigital-risk-auditSection: Why nowtechnical100%1 2 3
LibreOffice has been available since 2011, forked from OpenOfficedigital-risk-auditTooltip on LibreOfficedate100%1 2 3 4
Broadcom is a US semiconductor conglomerate headquartered in San Jose, Californiadigital-risk-auditTooltip on Broadcomorganizational100%1 2 3
In January 2022, a German district administration with roughly 800 employees and two full-time IT staff migrated email from Microsoft 365 to self-hosted Open-Xchangelimits-of-digital-independenceOpening sectionorganizational100%1 2 3
Six months after the migration, a TLS certificate expired unnoticed and outbound email silently failed for three dayslimits-of-digital-independenceOpening sectiontechnical100%1 2 3
Schleswig-Holstein invested €9 million and a dedicated team for their migrationlimits-of-digital-independenceOpening sectionfinancial100%1 2 3
The French Gendarmerie built an internal IT organisation over two decadeslimits-of-digital-independenceOpening sectionorganizational100%1 2 3
Hosting cost for a 200-person organisation self-hosting five core services on Hetzner: approximately €800/monthlimits-of-digital-independenceSection: The Sovereignty Premiumfinancial100%1 2 3
The equivalent hosting on AWS would be €3,000–4,000/monthlimits-of-digital-independenceSection: The Sovereignty Premiumfinancial100%1 2 3
Self-hosting operational overhead at 6 hours per service per month = 30 hours = roughly 20% of a full-time senior engineer's capacitylimits-of-digital-independenceSection: The Sovereignty Premiumstatistic100%1 2 3
At €80/hour fully loaded, operational cost is €2,400/month in labourlimits-of-digital-independenceSection: The Sovereignty Premiumfinancial100%1 2 3
Net calculation: €800/month hosting + €2,400/month labour = €3,200/monthlimits-of-digital-independenceSection: The Sovereignty Premiumfinancial100%1 2 3
Jitsi works well for meetings of up to 30–50 participantslimits-of-digital-independenceSection: Video conferencing at scaletechnical100%1 2 3
For 90% of business use cases, a Mistral or LLaMA deployment on European infrastructure is sufficientlimits-of-digital-independenceSection: AI frontier modelseditorial100%1 2 3 4
AWS offers over 200 managed serviceslimits-of-digital-independenceSection: Managed service ecosystemsstatistic100%1 2
AWS (2006), GCP (2008), Azure (2010) together hold approximately 65% of the global cloud marketlimits-of-digital-independenceTooltip on hyperscalerstatistic100%1 2 3
Meta's LLaMA was released in 2023 and popularised open-weight modelslimits-of-digital-independenceTooltip on open-weightdate100%1 2 3
OSI ruled that LLaMA's licence does not qualify as open sourcelimits-of-digital-independenceTooltip on open-weightorganizational100%1 2 3
The French Gendarmerie has operated 103,000 Linux workstations for two decades with 40% lower TCO than the Windows equivalentlimits-of-digital-independenceSection: A Decision Frameworkstatistic100%1
No successful migration on the site achieved 100% sovereigntylimits-of-digital-independenceSection: Five Rules for Rational Sovereignty / Rule 4organizational100%1 2 3
The Gendarmerie kept 3% on Windowslimits-of-digital-independenceSection: Five Rules for Rational Sovereignty / Rule 4statistic100%1 2
Austria's BMWET kept Microsoft Teams for external meetings where partners expected it.limits-of-digital-independenceSection: Five Rules for Rational Sovereignty / Rule 4organizational100%1 2 3
The French Gendarmerie took twenty years for its Linux migration.limits-of-digital-independenceSection: Five Failure Modes of Sovereigntytechnical100%1 2 3
Schleswig-Holstein plans for five to seven years for their migrationlimits-of-digital-independenceSection: Five Failure Modes of Sovereigntytechnical100%1 2 3
A €50 FIDO2 key eliminates the most common attack vectorlimits-of-digital-independenceSection: Start immediatelyfinancial100%1 2 3
LibreOffice is deployed on 30,000+ PCs in Schleswig-Holsteinlimits-of-digital-independenceTooltip on LibreOfficestatistic100%1 2 3
LibreOffice's native format is ODF (ISO standard)limits-of-digital-independenceTooltip on LibreOfficetechnical100%1 2 3
LibreOffice was forked from OpenOffice in 2010limits-of-digital-independenceTooltip on LibreOfficedate100%1 2 3
eIDAS 2.0 revised 2024: Digital Identity Wallet required by 2026, affects 450 million EU citizenslimits-of-digital-independenceTooltip on eIDAS (in why-digital-independence cross-ref context)legal100%1 2 3
OnlyOffice is made by Ascensio System SIA, a company from Latvialimits-of-digital-independenceTooltip on OnlyOfficeorganizational100%1 2 3
Collabora Online is browser-based document editing built on LibreOfficelimits-of-digital-independenceTooltip on Collaboratechnical100%1 2 3
Open-Xchange is an open-source email, calendar, and collaboration platform headquartered in Germanylimits-of-digital-independenceTooltip on Open-Xchangeorganizational100%1 2 3
digital-independence.org is a non-commercial project with no affiliate links, no sponsored content, no advertising, no tracking beyond anonymous page-view countswhy-digital-independenceSection: What this site isorganizational100%1 2 3
openDesk is a German government 'sovereign workplace' initiative (ZenDiS)why-digital-independenceTooltip on openDeskorganizational100%1 2
openDesk integrates Nextcloud, Open-Xchange, Collabora, Jitsi, Elementwhy-digital-independenceTooltip on openDesktechnical100%1
openDesk released version 1.0 in 2024why-digital-independenceTooltip on openDeskdate100%1
LaSuite is the sovereign digital workplace of French public administration (DINUM)why-digital-independenceTooltip on LaSuiteorganizational100%1 2 3
MijnBureau is the sovereign digital workplace of the Dutch governmentwhy-digital-independenceTooltip on MijnBureauorganizational100%1 2 3
MijnBureau combines components from openDesk and LaSuitewhy-digital-independenceTooltip on MijnBureautechnical100%1 2 3
The EU Data Act (EU 2023/2854) regulates data access and sharing and is applicable from 12 September 2025why-digital-independenceTooltip on Data Actlegal100%1 2 3
eIDAS original regulation dates from 2014, eIDAS 2.0 revised 2024, Digital Identity Wallet required by 2026, affects 450 million EU citizenswhy-digital-independenceTooltip on eIDASlegal100%1 2 3
The EU AI Act (EU 2024/1689) is the world's first comprehensive AI regulation with four risk levels: unacceptable, high, limited, minimalwhy-digital-independenceTooltip on AI Actlegal100%1 2 3
The EU AI Act has phased implementation from February 2025 to August 2027why-digital-independenceTooltip on AI Actlegal100%1 2 3
You can run a sovereign AI stack for €150/monthwhy-digital-independenceSection: What we coverfinancial100%1 2 3
The term 'open source' was coined in 1998 by Christine Petersonwhy-digital-independenceTooltip on open sourcedate100%1 2
Open source powers 90%+ of cloud infrastructure worldwidewhy-digital-independenceTooltip on open sourcestatistic100%1 2 3
Deploy Mistral 7B on a Hetzner GPU server at €150/month for a team of 20–50 — stated as an actionable recommendationwhy-digital-independenceSection: Principlesfinancial100%1 2 3
In January 2026, organisations using Microsoft 365 discovered that Copilot Chat was summarising emails marked as confidentialcopilot-dlp-bypassOpening sectiondate100%1 2 3
The bug was reported by customers on 21 Januarycopilot-dlp-bypassOpening sectiondate100%1 2 3
Microsoft acknowledged the bug in early February in a notice tracked as CW1226324copilot-dlp-bypassOpening sectiondate100%1 2 3 4
The code defect caused Copilot Chat to pick up items from the Sent Items and Drafts folders regardless of their sensitivity labelscopilot-dlp-bypassSection: What happenedtechnical100%1 2
The AI summarised confidential emails on request, serving the content through the Copilot Chat 'Work' tabcopilot-dlp-bypassSection: What happenedtechnical100%1 2
Microsoft's own documentation states that sensitivity labels do not apply consistently across all Copilot surfacescopilot-dlp-bypassSection: What happenedtechnical100%1 2 3
The CLOUD Act was signed in March 2018 under Trump (omnibus bill) with bipartisan support in Congresscopilot-dlp-bypassTooltip on CLOUD Actlegal100%1 2 3 4
The UK signed the first bilateral agreement under the CLOUD Act in 2019copilot-dlp-bypassTooltip on CLOUD Actlegal100%1 2
The incident ran for weeks before it was acknowledged — weeks during which confidential content was being processed by an AI model without authorisationcopilot-dlp-bypassSection: The sovereignty angletechnical100%1 2 3
Microsoft has since deployed a configuration update to fix the bugcopilot-dlp-bypassSection: The sovereignty angletechnical100%1 2 3
Self-hosted summarisation AI can use open-weight models like Mistral 7B or LLaMA 3.1 8Bcopilot-dlp-bypassSection: What organisations can do — This monthtechnical100%1 2 3 4
Tools like vLLM and Ollama make deployment straightforward on a single GPU servercopilot-dlp-bypassSection: What organisations can do — This monthtechnical100%1 2 3
France's sovereign productivity suite is the Suite Numérique, formerly known as LaSuitegrist-joins-lasuiteOpening sectionorganizational100%1 2 3
Grist is an open-source tool that combines the accessibility of a spreadsheet with the structure of a relational database and a no-code app buildergrist-joins-lasuiteOpening sectiontechnical100%1 2 3
The integration was reported by the EU's Open Source Observatory in January 2026grist-joins-lasuiteOpening sectiondate100%1 2 3
Grist has been running within the Suite Numérique and through the national agency ANCT for three years alreadygrist-joins-lasuiteOpening sectiondate100%1 2 3
By January 2026, Grist reached 20,000 monthly active users in French public administrationgrist-joins-lasuiteSection: The numbersstatistic100%1 2 3
Grist's user count in January 2026 is ten times more than in January 2025grist-joins-lasuiteSection: The numbersstatistic100%1 2 3
Grist is used by 15 ministries in Francegrist-joins-lasuiteSection: The numbersstatistic100%1 2 3
Grist is used by all 100 prefectures in Francegrist-joins-lasuiteSection: The numbersstatistic100%1 2 3
Grist is used by major cities including Lyon and Strasbourggrist-joins-lasuiteSection: The numbersorganizational100%1 2 3
The French government is currently the largest contributor to the Grist project alongside the original developergrist-joins-lasuiteSection: The numbersorganizational100%1 2 3
DINUM and ANCT provide training through webinars, workshops, a Peertube channel, and dedicated forumsgrist-joins-lasuiteSection: The numbersorganizational100%1 2 3 4
The French state contributes to Grist's core code, invests in training infrastructure, and publishes all materials under open licencesgrist-joins-lasuiteSection: Why this mattersorganizational100%1 2 3
LaSuite is the sovereign digital workplace of French public administration (DINUM)grist-joins-lasuiteTooltip on LaSuiteorganizational100%1 2 3
The term 'open source' was coined in 1998 by Christine Petersongrist-joins-lasuiteTooltip on open-sourcedate100%1 2 3 4
Open source powers 90%+ of cloud infrastructure worldwidegrist-joins-lasuiteTooltip on open-sourcestatistic100%1 2 3
The Peertube channel for Grist training is at tube.numerique.gouv.fr/c/grist/videosgrist-joins-lasuiteSection: The numberstechnical100%1 2 3
Germany's flagship sovereign technology platform is called the Deutschland-Stacksovereignty-washingOpening paragraphorganizational100%1 2 3
The Deutschland-Stack is a national platform for federal, state, and municipal IT, built on open standardssovereignty-washingOpening paragraphtechnical100%1 2 3
The Deutschland-Stack aims to reduce dependency on US hyperscalerssovereignty-washingOpening paragraphorganizational100%1 2 3
The Open Source Business Alliance (OSBA) published a position paper on the Deutschland-Stack consultation in February 2026sovereignty-washingOpening paragraphdate100%1 2 3
The revised Deutschland-Stack specification states that 'solutions from European sovereign providers' may be used alongside open-source offeringssovereignty-washingOpening paragraphlegal100%1 2 3
The OSBA calls the practice of labelling proprietary European software as sovereign 'sovereignty washing'sovereignty-washingSection: The problem with 'European sovereign'attribution100%1 2 3
The term 'open source' was coined in 1998 by Christine Petersonsovereignty-washingTooltip on open-sourcedate100%1 2
The OSI (Open Source Initiative) maintains the official definition of open sourcesovereignty-washingTooltip on open-sourceorganizational100%1 2 3
Open source powers 90%+ of cloud infrastructure worldwidesovereignty-washingTooltip on open-sourcestatistic100%1 2 3
The OSBA demands open-source licensing must be mandatory across all Deutschland-Stack components without exceptionssovereignty-washingSection: What the OSBA demandsorganizational100%1 2 3
OSBA demands no 'sovereign provider' escape clause — European headquarters alone do not guarantee sovereigntysovereignty-washingSection: What the OSBA demandsorganizational100%1 2 3
The first Deutschland-Stack draft included a maturity model (framework for measuring how sovereign a solution actually is)sovereignty-washingSection: What the OSBA demandstechnical100%1 2 3
The revised Deutschland-Stack draft dropped the maturity model in favour of faster implementationsovereignty-washingSection: What the OSBA demandsorganizational100%1 2 3
The current German government committed to 'Open Source first' in public procurement in its coalition agreementsovereignty-washingSection: What the OSBA demandslegal100%1 2 3
Germany is the EU's largest economysovereignty-washingSection: Why this matters beyond Germanycomparison100%1 2 3
Germany is a co-founder of GAIA-Xsovereignty-washingSection: Why this matters beyond Germanyorganizational100%1 2 3
GAIA-X was founded in 2019 by Germany and Francesovereignty-washingTooltip on GAIA-Xdate100%1 2 3
GAIA-X has around 250 members, including US hyperscalers (which is controversial)sovereignty-washingTooltip on GAIA-Xstatistic100%1 2 3
GAIA-X has been criticized for complexity and slow progresssovereignty-washingTooltip on GAIA-Xorganizational100%1 2 3
The EU Parliament voted 471-to-68 for 'Open Source first' in public procurementsovereignty-washingSection: Why this matters beyond Germanystatistic100%1 2 3
RSS stands for Really Simple Syndicationrss-setupSection: What is RSS?technical100%1 2 3
RSS is an open standard that lets websites publish new content in a machine-readable formatrss-setupSection: What is RSS?technical100%1 2 3
RSS has been around since 1999rss-setupSection: What is RSS?date100%1 2 3
The blog provides an English feed at /posts/index.xml, a German feed at /de/posts/index.xml, and a French feed at /fr/posts/index.xmlrss-setupSection: Subscribe to our blogtechnical100%1 2 3
RSS Guard is available for Windows, macOS, and Linuxrss-setupSection: RSS readers by operating system — Windows, macOS, Linuxtechnical100%1 2 3
RSS Guard has podcast support and can sync with FreshRSS, Nextcloud News, and other servicesrss-setupSection: RSS readers by operating system — Windows, macOS, Linuxtechnical100%1 2 3
RSS Guard is open source under the GPL-3.0 licenserss-setupSection: RSS readers by operating system — Windows, macOS, Linuxlegal100%1 2 3
Fluent Reader is available for Windows, macOS, and Linuxrss-setupSection: RSS readers by operating system — Windows, macOS, Linuxtechnical100%1 2 3
Fluent Reader works locally without an accountrss-setupSection: RSS readers by operating system — Windows, macOS, Linuxtechnical100%1 2 3
Fluent Reader is open source under the BSD-3 licenserss-setupSection: RSS readers by operating system — Windows, macOS, Linuxlegal100%1 2 3
Thunderbird is Mozilla's email client with a built-in RSS readerrss-setupSection: RSS readers by operating system — Windows, macOS, Linuxtechnical100%1 2 3
Thunderbird is available for Windows, macOS, and Linuxrss-setupSection: RSS readers by operating system — Windows, macOS, Linuxtechnical100%1 2 3
Thunderbird is open source under the MPL-2.0 licenserss-setupSection: RSS readers by operating system — Windows, macOS, Linuxlegal100%1 2 3
Newsboat is a terminal-based RSS reader for Linuxrss-setupSection: RSS readers by operating system — Linux (additional)technical100%1 2 3
Newsboat is open source under the MIT licenserss-setupSection: RSS readers by operating system — Linux (additional)legal100%1 2 3
Akregator is a native KDE reader, pre-installed on many Linux distributionsrss-setupSection: RSS readers by operating system — Linux (additional)technical100%1 2 3
Akregator is open source under the GPL licenserss-setupSection: RSS readers by operating system — Linux (additional)legal100%1 2 3
NetNewsWire is available for macOS and iOSrss-setupSection: RSS readers by operating system — macOS / iOStechnical100%1 2 3
NetNewsWire syncs via iCloud, Feedbin, Feedly, and other servicesrss-setupSection: RSS readers by operating system — macOS / iOStechnical100%1 2 3
NetNewsWire is open source under the MIT licenserss-setupSection: RSS readers by operating system — macOS / iOSlegal100%1 2 3
Feeder is an Android RSS reader that runs entirely locally with no account neededrss-setupSection: RSS readers by operating system — Androidtechnical100%1 2 3
Feeder is available on F-Droid and Google Playrss-setupSection: RSS readers by operating system — Androidtechnical100%1 2 3
Feeder is open source under the GPL-3.0 licenserss-setupSection: RSS readers by operating system — Androidlegal100%1 2 3
Read You is an Android RSS reader with Material You designrss-setupSection: RSS readers by operating system — Androidtechnical100%1 2 3
Read You is open source under the GPL-3.0 licenserss-setupSection: RSS readers by operating system — Androidlegal100%1 2 3
Feedbro is a browser extension RSS reader for Firefox and Chrome with all data stored locallyrss-setupSection: RSS readers by operating system — Browser extensionstechnical100%1 2 3
Smart RSS Reader is a three-pane browser extension RSS reader for Firefox and Chromerss-setupSection: RSS readers by operating system — Browser extensionstechnical100%1 2 3
Smart RSS Reader is open source under the MIT licenserss-setupSection: RSS readers by operating system — Browser extensionslegal100%1 2 3
The CLOUD Act was signed on 23 March 2018 as part of the Consolidated Appropriations ActglossaryCLOUD Actdate100%1
The CLOUD Act amends the Stored Communications Act (SCA) of 1986glossaryCLOUD Actlegal100%1 2 3
The UK–US bilateral data access agreement was the first bilateral agreement under the CLOUD Act, entering into force in October 2022glossaryCLOUD Actdate100%1 2 3
The EU has not concluded a bilateral data access agreement under the CLOUD ActglossaryCLOUD Actlegal100%1 2 3
The Data Act (EU 2023/2854) applies from 12 September 2025glossaryVendor lock-indate100%1 2 3
The Open Source Definition maintained by the Open Source Initiative (OSI) includes 10 criteriaglossaryOpen Sourcetechnical100%1 2 3
Meta's LLaMA license restricts commercial use for applications with more than 700 million monthly active usersglossaryOpen-weight modelslegal100%1 2 3
OSI published the Open Source AI Definition in October 2024glossaryOpen-weight modelsdate100%1 2 3
The term 'groupware' was coined in 1978 by Peter and Trudy Johnson-LenzglossaryGroupwareattribution100%1 2 3
Lotus Notes was released in 1989glossaryGroupwaredate100%1 2 3
Zimbra has changed ownership four times: Yahoo, VMware, Telligent Systems, SynacorglossaryGroupwareorganizational100%1 2 3
Since Zimbra 9, no official open-source binaries have been providedglossaryGroupwaretechnical100%1 2 3
Synacor acquired Zimbra for $24.5M in August 2015glossaryGroupwarefinancial100%1 2 3
Zimbra 8.8.15 was the last community release with open-source binariesglossaryGroupwaretechnical100%1 2 3
SAML 2.0 was released in 2005 and is XML-basedglossarySingle Sign-On (SSO)date100%1 2 3
OpenID Connect was released in 2014, built on OAuth 2.0, and is JSON-basedglossarySingle Sign-On (SSO)date100%1 2 3
Keycloak is a CNCF incubating projectglossaryIdentity Provider (IdP)organizational100%1 2 3
Microsoft Entra ID was formerly known as Azure ADglossaryIdentity Provider (IdP)organizational100%1 2 3
Keycloak supports SAML 2.0, OpenID Connect, OAuth 2.0, and LDAP/Active Directory integrationglossaryIdentity Provider (IdP)technical100%1 2 3
eIDAS regulation (EU 910/2014) entered into force on 17 September 2014glossaryeIDASdate100%1 2 3
eIDAS 2.0 (EU 2024/1183) was adopted on 11 April 2024glossaryeIDASdate100%1 2 3
Every EU member state must offer the European Digital Identity Wallet (EUDIW) to its citizens by 2026glossaryeIDASlegal100%1 2 3
Very large online platforms (as defined by the Digital Services Act) must accept the EUDIW for user authenticationglossaryeIDASlegal100%1 2 3
The EUDI Wallet architecture is based on the Architecture and Reference Framework (ARF) developed by the European CommissionglossaryeIDAStechnical100%1 2 3
FIDO2 is developed by the FIDO Alliance and the W3CglossaryFIDO2 / WebAuthnorganizational100%1 2 3
FIDO2 consists of WebAuthn (W3C standard) and CTAP2 (browser-authenticator protocol)glossaryFIDO2 / WebAuthntechnical100%1 2 3
All major browsers and operating systems support FIDO2 since 2019glossaryFIDO2 / WebAuthndate100%1 2 3
Passkeys were introduced 2022–2023 by Apple, Google, and MicrosoftglossaryFIDO2 / WebAuthndate100%1 2 3
GDPR (EU 2016/679) was adopted on 27 April 2016 and became enforceable on 25 May 2018glossaryGDPRdate100%1 2 3
Meta was fined €1.2 billion in 2023 for US data transfers under GDPRglossaryGDPRfinancial100%1 2 3
Amazon was fined €746 million in 2021 under GDPRglossaryGDPRfinancial100%1 2 3
WhatsApp was fined €225 million in 2021 under GDPRglossaryGDPRfinancial100%1 2 3
GDPR has inspired Brazil's LGPD, California's CCPA/CPRA, and India's DPDP ActglossaryGDPRlegal100%1 2 3
The OpenAPI Initiative is part of the Linux FoundationglossaryAPIorganizational100%1 2 3
The Sovereign Cloud Stack project was initiated in 2021glossarySovereign Cloud Stack (SCS)date100%1 2 3
SCS received funding from the German Federal Ministry for Economic Affairs and Climate Action (BMWK) through the Gaia-X funding programme until the end of 2024glossarySovereign Cloud Stack (SCS)organizational100%1 2 3
SCS is built on OpenStack for IaaS, Kubernetes for container orchestration, and Keycloak for identity managementglossarySovereign Cloud Stack (SCS)technical100%1 2 3
Cloud providers using SCS include plusserver, REGIO.cloud, and WaveconglossarySovereign Cloud Stack (SCS)organizational100%1 2 3
After the end of federal funding, SCS transitioned to community governance under the Open Source Business Alliance (OSBA)glossarySovereign Cloud Stack (SCS)organizational100%1 2 3
Gaia-X was launched in 2019 by France and GermanyglossaryGaia-Xdate100%1 2 3
The Gaia-X Association AISBL is based in BrusselsglossaryGaia-Xorganizational100%1 2 3
AWS, Microsoft, and Google became Gaia-X membersglossaryGaia-Xorganizational100%1 2 3
AWS (Amazon Web Services) launched in 2006glossaryHyperscalerdate100%1 2 3
Azure (Microsoft) launched in 2010glossaryHyperscalerdate100%1 2 3
GCP (Google Cloud Platform) launched in 2008glossaryHyperscalerdate100%1 2 3
AWS, Azure, and GCP together hold approximately 65–70% of the global cloud infrastructure marketglossaryHyperscalerstatistic100%1 2 3
Hetzner is a German hosting provider with data centres in Germany and FinlandglossaryHyperscalerorganizational100%1 2 3
IONOS is a German hosting and cloud provider (formerly 1&1)glossaryHyperscalerorganizational100%1 2 3
Scaleway is a French cloud provider, part of the Iliad group, with data centres in Paris and AmsterdamglossaryHyperscalerorganizational100%1 2 3
Signal Protocol is used by Signal, WhatsApp, and Google MessagesglossaryEnd-to-end encryption (E2EE)technical100%1 2 3
MLS (Messaging Layer Security) is IETF RFC 9420, published 2023glossaryEnd-to-end encryption (E2EE)technical100%1 2 3
LibreOffice was forked from OpenOffice.org in 2010 after Oracle's acquisition of Sun MicrosystemsglossaryForkdate100%1 2 3
Nextcloud was forked from ownCloud in 2016 over disagreements about open-source commitmentglossaryForkdate100%1 2 3
MariaDB was forked from MySQL in 2009 during Oracle's pending acquisition of Sun MicrosystemsglossaryForkdate100%1 2 3
Valkey was forked from Redis in 2024 after Redis Labs changed the license to non-open-sourceglossaryForkdate100%1 2 3
CNCF is part of the Linux FoundationglossaryCNCForganizational100%1 2 3
CNCF was founded in 2015 alongside the donation of Kubernetes by GoogleglossaryCNCFdate100%1 2 3
The Linux Foundation was founded in 2000glossaryCNCFdate100%1 2 3
CNCF graduated projects include Kubernetes, Prometheus, Envoy, Helm, and ArgoglossaryCNCForganizational100%1 2 3
The CNCF Landscape catalogues over 1,000 projects and productsglossaryCNCFstatistic100%1 2 3
The EU AI Act (EU 2024/1689) was proposed by the European Commission in April 2021glossaryEU AI Actdate100%1 2 3
The EU AI Act was adopted on 13 June 2024 and entered into force on 1 August 2024glossaryEU AI Actdate100%1 2 3
EU AI Act prohibited practices apply from February 2025glossaryEU AI Actdate100%1 2 3
EU AI Act obligations for general-purpose AI apply from August 2025glossaryEU AI Actdate100%1 2 3
EU AI Act full regulation applies from August 2027glossaryEU AI Actdate100%1 2 3
GPAI models with systemic risk are currently defined as models trained with more than 10^25 FLOPsglossaryEU AI Acttechnical100%1 2 3
The Snowden revelations began in 2013glossaryDigital sovereigntydate100%1 2 3
The EU-US Safe Harbor agreement was invalidated by the CJEU in Schrems I in 2015glossaryDigital sovereigntydate100%1 2
Privacy Shield was invalidated in Schrems II in 2020glossaryDigital sovereigntydate100%1 2 3
The Transformer architecture was introduced in the paper 'Attention Is All You Need' by Google in 2017glossaryLLM (Large Language Model)attribution100%1 2
Mistral AI was founded in 2023glossaryLLM (Large Language Model)date100%1 2 3
DeepSeek was established in 2023glossaryLLM (Large Language Model)date100%1 2 3
DeepSeek-R1 uses MIT licence since January 2025glossaryLLM (Large Language Model)legal100%1 2 3
The EU-US Data Privacy Framework adequacy decision was adopted by the European Commission on 10 July 2023glossaryEU-US Data Privacy Frameworkdate100%1 2
The EU-US Data Privacy Framework is administered by the International Trade Administration (ITA) within the US Department of CommerceglossaryEU-US Data Privacy Frameworkorganizational100%1 2 3
Safe Harbor existed from 2000 to 2015, invalidated in Schrems IglossaryEU-US Data Privacy Frameworkdate100%1 2 3
Privacy Shield existed from 2016 to 2020, invalidated in Schrems IIglossaryEU-US Data Privacy Frameworkdate100%1 2 3
Executive Order 14086 was signed by President Biden in October 2022glossaryEU-US Data Privacy Frameworkdate100%1 2
The Trump administration terminated the Democratic members of the PCLOB, leaving it without a quorumglossaryEU-US Data Privacy Frameworkorganizational100%1 2 3
Trump fired PCLOB Democrats on 27 January 2025glossaryEU-US Data Privacy Frameworkdate100%1 2 3
EO 14086 was not revoked when the Trump administration rescinded many other Biden-era executive orders in January 2025glossaryEU-US Data Privacy Frameworklegal100%1 2 3
European DPAs have advised businesses to prepare alternative transfer mechanisms following the PCLOB firingsglossaryEU-US Data Privacy Frameworklegal100%1 2 3
The term 'foundation model' was coined by the Stanford Institute for Human-Centered Artificial Intelligence (HAI) in a 2021 paperglossaryFoundation modelattribution100%1 2 3
Estimates for GPT-4-class model training range from $50–100 million in compute costs aloneglossaryFoundation modelfinancial100%1 2 3
openDesk is funded through ZenDiS (Zentrum für Digitale Souveränität), a subsidiary of the German Federal Ministry of the InteriorglossaryopenDeskorganizational100%1 2 3
openDesk 1.0 was released in 2024glossaryopenDeskdate100%1 2 3
Open-Xchange is a German open-source software company founded in 2005, headquartered in NurembergglossaryOpen-Xchange (OX)organizational100%1 2 3
OX App Suite is used by ISPs and hosting companies including 1&1, Rackspace, and ComcastglossaryOpen-Xchange (OX)organizational100%1 2 3
Schleswig-Holstein completed its migration to Open-Xchange for all 30,000 government workstations in October 2025glossaryOpen-Xchange (OX)date100%1 2 3
Mattermost v11 in October 2025 replaced the MIT-licensed Team Edition with a proprietary 'Mattermost Entry' tierglossarySelf-hostingdate100%1 2 3
Proton Mail has 100M+ usersglossaryDeliverabilitystatistic100%1 2 3
Microsoft's .docx is nominally standardised as OOXML but in practice contains undocumented extensionsglossaryOpen standardstechnical100%1 2 3
OpenDocument Format (ODF) is standardised as ISO/IEC 26300glossaryLibreOfficetechnical100%1 2 3
LibreOffice is developed by The Document Foundation (TDF)glossaryLibreOfficeorganizational100%1 2 3
Schleswig-Holstein is migrating 30,000 PCs to LibreOfficeglossaryLibreOfficestatistic100%1 2 3
The Italian military is transitioning 150,000 workstations to LibreOffice and ODFglossaryLibreOfficestatistic100%1 2 3
LibreOffice includes Writer, Calc, Impress, Draw, Base, and MathglossaryLibreOfficetechnical100%1 2 3
OnlyOffice is developed by Ascensio System SIA (Latvia)glossaryOnlyOfficeorganizational100%1 2 3
OnlyOffice DocumentServer core editor is open source under AGPL v3glossaryOnlyOfficelegal100%1 2 3
The Matrix protocol is developed by the Matrix.org Foundation, a UK non-profitglossaryMatrix (protocol)organizational100%1 2 3
Element was formerly known as Riot.im, developed by Element (formerly New Vector Ltd)glossaryMatrix (protocol)organizational100%1 2 3
The French government uses Matrix as the basis for Tchap (messaging for all government employees)glossaryMatrix (protocol)organizational100%1 2 3
Tchap is used by 300,000+ French government employeesglossaryMatrix (protocol)statistic100%1 2 3
The German Bundeswehr uses Matrix for BwMessengerglossaryMatrix (protocol)organizational100%1 2 3
The German healthcare system (gematik) adopted Matrix for the TI-MessengerglossaryMatrix (protocol)organizational100%1 2 3
n8n uses the Sustainable Use License, which is not open source by the OSI definitionglossaryWorkflow automationlegal100%1 2 3
Node-RED was originally created by IBM and is now a Linux Foundation project under Apache 2.0 licenceglossaryWorkflow automationorganizational100%1 2 3
Camunda 8 switched to a proprietary licenceglossaryWorkflow automationlegal100%1 2 3
Drew DeVault criticized n8n's misleading open-source marketing in 2019glossaryWorkflow automationdate100%1 2 3
The fair-code model was co-created by n8n CEOglossaryWorkflow automationattribution100%1 2 3
GDPR Article 20 grants EU citizens a right to data portabilityglossaryData portabilitylegal100%1 2 3
The Data Act (EU 2023/2854) is applicable from September 2025glossaryData portabilitydate100%1 2 3
The Munich Security Conference has been held annually in Munich since 1963glossaryMunich Security Conference (MSC)date100%1 2 3
The MSC has been chaired by Christoph Heusgen since 2022glossaryMunich Security Conference (MSC)date100%1 2 3
The MSC is described as the world's largest annual conference on international security policyglossaryMunich Security Conference (MSC)comparison100%1 2 3
Chancellor Friedrich Merz used his opening speech at the MSC in February 2026 to classify Europe's technological dependency as a strategic failureglossaryMunich Security Conference (MSC)date100%1 2 3
ESTIA (European Sovereign Tech Industry Alliance) was founded in November 2025 at the Berlin summit on European digital sovereigntyglossaryESTIAdate100%1 2 3
ESTIA founding members include Airbus, Dassault Systèmes, Deutsche Telekom, Orange, OVHcloud, and Sopra SteriaglossaryESTIAorganizational100%1 2 3
ESTIA official launch is planned for 2026glossaryESTIAdate100%1 2 3
LaSuite is developed by DINUMglossaryLaSuiteorganizational100%1 2 3
The MijnBureau sovereign workplace combines components from openDesk and LaSuiteglossaryMijnBureauorganizational100%1 2 3 4
The 'Public Money, Public Code' campaign is by the FSFEglossaryPublic Money, Public Codeorganizational100%1 2 3
The PMPC initiative is supported by over 200 organisations and administrationsglossaryPublic Money, Public Codestatistic100%1 2 3
The European Parliament adopted the 'Open Source first' principle in January 2026 in its report on technological sovereigntyglossaryPublic Money, Public Codedate100%1 2 3
The EP resolution passed by 471 votes to 68glossaryPublic Money, Public Codestatistic100%1 2 3
The term 'Eurostack' was used in the European Parliament's report on technological sovereignty (January 2026)glossaryEurostackattribution100%1 2 3
Digital Commons-EDIC was initiated by Germany, France, the Netherlands, and Italy at the Berlin summit on digital sovereignty in November 2025glossaryDigital Commons-EDICdate100%1 2 3
EDICs are an instrument of the EU's Digital Decade Policy Programme (Decision 2022/2481)glossaryDigital Commons-EDIClegal100%1 2 3
EDICs require at least three member states to jointly investglossaryDigital Commons-EDIClegal100%1 2 3
FSFE has championed free software rights in Europe since 2001glossaryFSFEdate100%1 2 3
FSFE is independent from the American FSFglossaryFSFEorganizational100%1 2 3
DINUM reports to the French Prime MinisterglossaryDINUMorganizational100%1 2 3
The Data Act (EU 2023/2854) was adopted on 13 December 2023 and applies from 12 September 2025glossaryData Actdate100%1 2 3
Edward Snowden was a former NSA contractorglossarySnowden revelationsorganizational100%1 2 3
The Snowden revelations began in June 2013glossarySnowden revelationsdate100%1 2 3
PRISM provided direct access to data held by Google, Apple, Microsoft, Facebook, and other US companiesglossarySnowden revelationstechnical100%1 2 3
The NSA tapped Chancellor Angela Merkel's mobile phoneglossarySnowden revelationsorganizational100%1 2 3
The Schrems I case in 2015 brought down the Safe Harbor agreementglossarySnowden revelationsdate100%1 2 3
The value chain concept was introduced in 1985 by Michael E. PorterglossaryValue chainattribution100%1 2
Chancellor Merz defined digital sovereignty at the Berlin summit in 2025 as 'the ability to shape technology across the entire value chain in line with European interests and needs'glossaryValue chainquote100%1 2 3
European tech founders emigrate disproportionately to the US according to a European Investment Fund (EIF) studyglossaryBrain drainstatistic100%1 2 3
Median software developer pay in the US is roughly 50% above Western EuropeglossaryBrain drainstatistic100%1 2 3
A European Court of Auditors study found that regulatory fragmentation puts European companies at a disadvantageglossaryRegulatory burdenorganizational100%1 2 3
The Berlin summit on digital sovereignty called for a 12-month postponement of the AI Act's high-risk provisionsglossaryRegulatory burdenlegal100%1 2 3
EUCS is developed by ENISA under the EU Cybersecurity Act (EU 2019/881)glossaryEUCSorganizational100%1 2 3
The EU Cybersecurity Act is regulation EU 2019/881glossaryEUCSlegal100%1 2 3
EUCS defines three assurance levels: Basic, Substantial, and HighglossaryEUCStechnical100%1 2 3
SecNumCloud is administered by ANSSI (Agence nationale de la sécurité des systèmes d'information)glossarySecNumCloudorganizational100%1 2 3
SecNumCloud requires the cloud provider to be an EU-controlled legal entity not subject to non-EU lawsglossarySecNumCloudlegal100%1 2 3
FranceConnect is operated by DINUMglossaryFranceConnectorganizational100%1 2 3
DigiD is operated by Logius (part of the Ministry of the Interior)glossaryDigiDorganizational100%1 2 3
DigiD is used by over 14 million Dutch citizens to authenticate to more than 900 government servicesglossaryDigiDstatistic100%1 2 3
The DigiD app was introduced in 2019glossaryDigiDdate100%1 2 3
Active Directory was first released with Windows 2000glossaryActive Directory (AD)date100%1 2 3
FreeIPA is based on 389 Directory Server + Kerberos + SSSD and is by Red HatglossaryActive Directory (AD)technical100%1 2 3
LDAP was originally defined in RFC 4511 (2006, based on X.500 from 1993)glossaryLDAPtechnical100%1 2 3
OpenStack was originally launched in 2010 by NASA and RackspaceglossaryOpenStackdate100%1 2 3
OpenStack is now governed by the OpenInfra FoundationglossaryOpenStackorganizational100%1 2 3
OpenStack is deployed by OVHcloud, IONOS, and Open Telekom Cloud (Deutsche Telekom)glossaryOpenStackorganizational100%1 2 3
Kubernetes was originally developed by Google based on its internal system BorgglossaryKubernetes (K8s)attribution100%1 2 3
Kubernetes was donated to the CNCF in 2014 and graduated in 2018glossaryKubernetes (K8s)date100%1 2 3
The Bletchley Declaration was signed on 1–2 November 2023 at Bletchley Park, UK, by 29 countriesglossaryBletchley Declarationdate100%1 2 3
The Bletchley Declaration signatories included the US, China, EU member states, the UK, Japan, India, and BrazilglossaryBletchley Declarationorganizational100%1 2 3
The Bletchley Declaration was the first time the US and China jointly signed a document on AI risksglossaryBletchley Declarationdate100%1 2 3
The Bletchley Declaration states that advanced AI poses 'significant risks, including serious, even catastrophic, harm'glossaryBletchley Declarationquote100%1 2 3
Follow-up AI Safety Summits took place in Seoul (May 2024) and Paris (February 2025)glossaryBletchley Declarationdate100%1 2 3
The US revoked its binding AI safety measures at the federal level in January 2025glossaryBletchley Declarationdate100%1 2 3
The UK AI Safety Institute was established in November 2023 as a direct outcome of the Bletchley SummitglossaryAI Safety Institute (AISI)date100%1 2 3
AISI is the world's first state institution dedicated exclusively to evaluating and mitigating risks from advanced AI modelsglossaryAI Safety Institute (AISI)organizational100%1 2 3
AISI employs over 100 technical staff and has an annual budget of £66 millionglossaryAI Safety Institute (AISI)financial100%1 2 3
AISI has pre-deployment access agreements with Anthropic, OpenAI, Google DeepMind, and MetaglossaryAI Safety Institute (AISI)organizational100%1 2 3
The US AI Safety Institute was established under NIST in November 2023glossaryAI Safety Institute (AISI)date100%1 2 3
Executive Order 14110 was revoked in January 2025glossaryAI Safety Institute (AISI)date100%1 2 3
Biden's EO 14110 on AI safety was issued in October 2023 and was 36 pages longglossaryExecutive Orderdate100%1 2 3
EO 14179 replaced EO 14110 on the successor's first day in office, was 2 pages long, and contained zero safety requirementsglossaryExecutive Ordercomparison100%1 2 3

No claims match your filters.

Search

Press Ctrl+K to open search anytime