German public administrations increasingly question their dependence on US tech firms amid fears that US law can expose sensitive data. The 2018 CLOUD Act allows US authorities to compel US-based companies to hand over data, including information stored on servers abroad by US firms or their subsidiaries. Critics say that creates a risky dependency for federal and state institutions that hold citizens’ data.
The government-backed Center for Digital Sovereignty in Public Administration (ZenDiS) has been set up to reduce that reliance and to offer secure, European-focused alternatives. ZenDiS has prioritized integrating existing German and European software into a single office suite for the public sector called OpenDesk. Rather than writing every component in-house, a roughly 40-person team selected and connected established products to create a coordinated package that emphasizes security and collaborative workflows.
ZenDiS officials say the risk is not only theoretical. Spokespeople warn that data kept in US-controlled databases can be reached under US legal authority and that US pressure could also take the form of companies blocking software or security updates, which could quickly disrupt governmental operations from local offices to central ministries. Those concerns underpin the organization’s push for “digital sovereignty” — the idea that the state must be able to protect and control critical data entrusted to it by citizens.
A real-world illustration often cited is the case of Nicolas Guillou, a French judge at the International Criminal Court in The Hague. After the ICC issued an arrest warrant related to events in Gaza, Guillou and others were put on a US sanctions list. Guillou reported that accounts with US-based providers such as Amazon and PayPal were closed and that bookings were blocked by Booking.com after its US parent cut ties with sanctioned individuals. Advocates say that episode shows how US measures can have immediate, practical effects on people and organizations around the world.
Founded in 2022 with a €16 million federal seed investment, ZenDiS reports having sold about 160,000 OpenDesk licenses. Last year the organization recorded more than €18 million in revenue, with roughly half coming from license sales. As a government-owned entity, it is limited to earning no more than 20% of its income from the private sector; nonetheless, ZenDiS is preparing a partner distribution programme to make its offerings available to private companies, particularly in finance.
While most clients so far are state and federal agencies, ZenDiS says established domestic and international firms have shown interest, including talks with a Spanish telecom operator. That underlines that Germany’s push for digital sovereignty could have cross-border appeal.
The move comes amid surprise and concern from some campaigners when energy giant RWE agreed a deal allowing Amazon to buy electricity from RWE, host RWE data in Amazon’s cloud and use Amazon AI services. ZenDiS management declined to judge private-sector choices directly but warned that reliance on US cloud providers carries political risk, including the possibility of “political blackmail.” They argue companies should factor digital-sovereignty risks into their corporate risk assessments.
Germany’s effort reflects a broader debate about how governments balance efficiency and global services from big tech with the need to keep sensitive public-sector data under national or European control. The story was originally published in German on March 18.