German government agencies at state and federal level often use software from US-based providers, raising concerns that US authorities could access German data under the Clarifying Lawful Overseas Use of Data (CLOUD) Act, signed in 2018. The law allows US authorities to compel access to data held by US companies, including data stored abroad on servers owned by US firms or their subsidiaries.
Data protection advocates say this creates a dangerous dependency. The German Center for Digital Sovereignty in Public Administration (ZenDiS) is working to reduce reliance on US tech — notably Microsoft — and to build digital alternatives aimed at security and “digital sovereignty.”
ZenDiS spokesperson Lutz Niemeyer warns that “all data stored in US databases is potentially at risk,” and that the state has “a duty to ensure that crucial data entrusted to it by its citizens is kept secure.” He also warns that the US could exert pressure by ordering tech companies to stop issuing software or security updates, which would quickly hamper government functioning from local authorities up to the chancellery.
The case of Nicolas Guillou, a French judge at the International Criminal Court in The Hague, illustrates the reach of US measures. After the ICC issued an arrest warrant linked to alleged crimes in Gaza, he and others were placed on a US sanctions list. Guillou reported that accounts with US companies such as Amazon and PayPal were closed, and that he was unable to make hotel bookings via Booking.com because its US parent severed ties with sanctioned individuals.
ZenDiS’s response is openDesk, a publicly sourced office suite tailored for the public sector that prioritizes security and collaboration. ZenDiS did not write all the software itself; a 40-person team identified existing German and European products and integrated them into a unified package. “We connect the various individual solutions and integrate them,” said ZenDiS managing director Pamela Krosta-Hartl.
Founded in 2022 with €16 million in federal seed funding, ZenDiS has sold about 160,000 openDesk licenses. Last year the organisation reported revenue of over €18 million, roughly half from license sales. As a government-owned entity, ZenDiS can only earn up to 20% of its income from the private sector, but it is preparing a programme for distribution partners to make its solutions available to private companies, especially in finance.
While much of ZenDiS’s clientele is state and federal agencies, Krosta-Hartl says there has been interest from well-known companies and international firms, including a recent meeting with a Spanish telecom operator. This suggests the reach of Germany’s digital-sovereignty efforts extends beyond national borders.
Some campaigners were surprised when the country’s largest electricity producer, RWE, struck a deal allowing Amazon to buy electricity from RWE, store RWE data in the Amazon cloud, and use Amazon AI services. Krosta-Hartl declined to judge private partnerships but highlighted the political risks tied to US cloud services, including potential for “political blackmail.” She added that contemporary developments show the danger is “very real,” and that digital sovereignty must be factored into corporate risk assessments.
This article was originally published in German on March 18.