{"id":18094,"date":"2026-04-20T08:32:37","date_gmt":"2026-04-20T06:32:37","guid":{"rendered":"https:\/\/teamwire.eu\/en\/?p=18094"},"modified":"2026-04-20T08:32:37","modified_gmt":"2026-04-20T06:32:37","slug":"digital-sovereignty","status":"publish","type":"post","link":"https:\/\/teamwire.eu\/en\/blog\/digital-sovereignty\/","title":{"rendered":"Digital sovereignty: Why it is essential for public authorities and critical infrastructure operators in Europe"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"18094\" class=\"elementor elementor-18094\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-aac40e9 e-flex e-con-boxed e-con e-parent\" data-id=\"aac40e9\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-cfceb0e elementor-widget elementor-widget-text-editor\" data-id=\"cfceb0e\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">In July 2024, a <strong>faulty software update<\/strong> from the US security firm <strong>CrowdStrike<\/strong> brought millions of Windows systems worldwide to a standstill. Flights were cancelled, hospitals had to postpone operations and alter their procedures, and government agencies were only able to operate at limited capacity for hours.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">The <strong>inability to act<\/strong> was not caused by a targeted cyberattack, but by a <strong>total reliance on a foreign software provider<\/strong>. This incident has suddenly brought a key question into sharp focus:\u00a0<\/span><\/p><p><strong>Who actually controls our digital systems?<\/strong><\/p><p><span style=\"font-weight: 400;\">This is precisely where <strong>digital sovereignty<\/strong> comes into play. For public authorities, law enforcement agencies, and organizations with security responsibilities like police or firefighters, and operators of critical infrastructure, it has become an <strong>operational necessity<\/strong>. Digital sovereignty is not a luxury, but a matter of the <strong>ability to act in an emergency<\/strong>, of <strong>compliance<\/strong>, of <strong>protecting sensitive data<\/strong>, and ultimately of <strong>national sovereignty<\/strong>.\u00a0<\/span><\/p><h2><span style=\"font-weight: 400;\">What does digital sovereignty mean? A definition.<\/span><\/h2><p><span style=\"font-weight: 400;\">Digital sovereignty refers to the <strong>ability of organizations and states to control their digital systems, data, and communication processes independently<\/strong> \u2013 without reliance on foreign providers, technologies, or legal systems.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">It is not just about technology, but about a <strong>combination<\/strong> of:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Technological sovereignty:<\/strong> control over software, hardware, and infrastructure<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Data sovereignty:<\/strong> control over the storage and processing of data<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Legal sovereignty:<\/strong> compliance with European laws and standards<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Operational autonomy:<\/strong> the ability to act in crisis situations<\/span><\/li><\/ul><p><span style=\"font-weight: 400;\">For organizations in regulated sectors in particular, digital sovereignty is no longer an optional competitive advantage, but a <strong>strategic necessity<\/strong>.<\/span><\/p><p><span style=\"font-weight: 400;\">US providers may be legally obliged to <strong>grant US authorities access to data<\/strong> \u2013 even if it is stored on European servers. Key terms include the <strong>US CLOUD Act<\/strong>, FISA, and the USA PATRIOT Act, to name just a few relevant US laws. Digital sovereignty means <strong>addressing this risk<\/strong> at a structural level and <strong>minimizing it<\/strong>.<\/span><\/p><p><span style=\"font-weight: 400;\">For further in-depth insights, please see our <\/span><strong><a href=\"https:\/\/teamwire.eu\/en\/guides-en-contact-form-data-sovereignty-instead-of-digital-dependency\/\">guide to EU data sovereignty<\/a><\/strong><span style=\"font-weight: 400;\">, which you can download free of charge.<\/span><\/p><h2><span style=\"font-weight: 400;\">Digital sovereignty, data sovereignty, and EU data sovereignty: the differences<\/span><\/h2><p><span style=\"font-weight: 400;\">The <strong>three terms<\/strong> are often used interchangeably, but differ in their scope:<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-42dfede elementor-widget elementor-widget-li-spacer\" data-id=\"42dfede\" data-element_type=\"widget\" data-widget_type=\"li-spacer.default\">\n\t\t\t\t\t<div class=\"li-elementor-widget li-elementor-widget--li-spacer\">\n    <div class=\"li-spacer-inner\"><\/div>\n<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-c205d74 e-flex e-con-boxed e-con e-parent\" data-id=\"c205d74\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-cdd244e elementor-widget elementor-widget-li-widgets--simple-table\" data-id=\"cdd244e\" data-element_type=\"widget\" data-widget_type=\"li-widgets--simple-table.default\">\n\t\t\t\t\t<div class=\"tw-simpletable-wrapper li-elementor-widget--li-widgets--simple-table\">\n            <table xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\" cellspacing=\"0\" cellpadding=\"0\" dir=\"ltr\" border=\"1\" data-sheets-root=\"1\" data-sheets-baot=\"1\"><colgroup><col width=\"295\"><col width=\"339\"><\/colgroup><tbody><tr><td>Term<\/td><td>Meaning<\/td><\/tr><tr><td>Data sovereignty<\/td><td>Refers to comprehensive control over the storage, use, and processing of data.<\/td><\/tr><tr><td>Digital sovereignty<\/td><td>It also encompasses technological independence, cloud sovereignty, and operational autonomy \u2013 in other words, control over the entire digital value chain.<\/td><\/tr><tr><td>EU data sovereignty<\/td><td>Ensures that data sovereignty is implemented strategically and in accordance with European laws and values \u2013 in particular the GDPR, NIS 2, and BSI standards.<\/td><\/tr><\/tbody><\/table>    <\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-b8b86a5 e-flex e-con-boxed e-con e-parent\" data-id=\"b8b86a5\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-71b5217 elementor-widget elementor-widget-text-editor\" data-id=\"71b5217\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">For regulated organizations, this distinction has <strong>practical implications<\/strong>: a solution may offer data sovereignty, but still create digital dependencies if the provider itself is subject to a foreign legal system.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">An example:<\/span><\/p><p><span style=\"font-weight: 400;\">Companies can use <strong>Microsoft 365<\/strong> and <strong>host the software within the EU<\/strong>. This means that the servers are located in Europe and the data is stored and processed here. Nevertheless, data can be requested by US authorities at any time, as Microsoft\u2019s parent company is a US firm and therefore <strong>subject to US law<\/strong>. Digital sovereignty is therefore <strong>not guaranteed<\/strong>.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-1bff202 e-flex e-con-boxed e-con e-parent\" data-id=\"1bff202\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-46d2ee1 elementor-widget elementor-widget-text-editor\" data-id=\"46d2ee1\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<h2><span style=\"font-weight: 400;\">Why is digital sovereignty particularly relevant for public safety, public authorities, and critical infrastructure?<\/span><\/h2><p><span style=\"font-weight: 400;\">Law enforcement agencies, public authorities, and operators of critical infrastructure face a <strong>different risk profile<\/strong> than ordinary businesses. A data breach during a police operation, the compromise of patient data, or a communication failure at an energy supplier during a crisis can have <strong>immediate consequences for public safety<\/strong>.<\/span><\/p><h3><span style=\"font-weight: 400;\">Regulatory pressure is mounting<\/span><\/h3><p><span style=\"font-weight: 400;\">The <a href=\"https:\/\/teamwire.eu\/en\/blog\/nis-2-directive-the-role-of-secure-communication-systems-and-affected-companies\/\" target=\"_blank\" rel=\"noopener\"><strong>NIS-2 Directive<\/strong><\/a>, the IT Security Act 2.0, and sector-specific requirements like <\/span><strong><a href=\"https:\/\/teamwire.eu\/en\/blog\/dora-digital-operational-resilience-act-what-banks-insurers-and-it-service-providers-need-to-know\/\" target=\"_blank\" rel=\"noopener\">DORA<\/a><\/strong><span style=\"font-weight: 400;\"> significantly tighten the requirements for digital sovereignty. Organizations that operate critical infrastructure must be able to demonstrate that their <strong>IT systems and communication channels are resilient, controllable, and protected<\/strong> against unauthorized access.<\/span><\/p><h3><span style=\"font-weight: 400;\">Shadow IT and consumer apps as a security risk<\/span><\/h3><p><span style=\"font-weight: 400;\">In practice, employees often resort to <strong>unauthorized communication tools<\/strong>, such as WhatsApp, personal email accounts, or other consumer messaging apps. This <a href=\"https:\/\/teamwire.eu\/en\/blog\/shadow-it\/\" target=\"_blank\" rel=\"noopener\"><strong>shadow IT<\/strong><\/a> systematically undermines any strategy for digital sovereignty: data ends up on foreign servers, metadata is analyzed, and the organization loses all control over its communication data.<\/span><\/p><h3><span style=\"font-weight: 400;\">Vendor lock-in: The underestimated dependency<\/span><\/h3><p><span style=\"font-weight: 400;\">In addition to direct data access by third countries, <\/span><strong><a href=\"https:\/\/en.wikipedia.org\/wiki\/Vendor_lock-in\" target=\"_blank\" rel=\"noopener\">vendor lock-in<\/a><\/strong><span style=\"font-weight: 400;\"> poses a further <strong>structural risk<\/strong>. Relying entirely on a single provider for critical communication processes results in a <strong>loss of bargaining power<\/strong>, <strong>increases costs<\/strong> in the long term, and \u2013 as the CrowdStrike incident has shown \u2013 creates a single point of failure. Digital sovereignty, therefore, also means: <strong>manageable dependencies<\/strong>, <strong>clear exit strategies<\/strong>, and the preferred use of <strong>open standards<\/strong>.<\/span><\/p><h3><span style=\"font-weight: 400;\">Reliability in crises and major incidents<\/span><\/h3><p><span style=\"font-weight: 400;\">Digital sovereignty also means <strong>remaining <\/strong><\/span><strong><a href=\"https:\/\/teamwire.eu\/en\/solutions\/use-cases\/out-of-band-communication\/\" target=\"_blank\" rel=\"noopener\">capable of acting<\/a><\/strong><span style=\"font-weight: 400;\"> in an emergency. Cloud services from third countries with server locations in Europe or without an on-premises option offer no guarantee of availability in crisis situations. Public authorities and operators of critical infrastructure require solutions that continue to function even with limited internet connectivity or during targeted cyberattacks. The aim is to <strong>establish a communication structure that is decoupled from the rest of the IT infrastructure and is sovereign<\/strong>.<\/span><\/p><h2><span style=\"font-weight: 400;\">Digital sovereignty: specific requirements for communications infrastructure<\/span><\/h2><p><span style=\"font-weight: 400;\">The BSI (Bundesamt f\u00fcr Sicherheit in der Informationstechnik or Federal Office for Information Security) classifies sectors such as energy, water, healthcare, transport, and law enforcement agencies as <strong>critical infrastructure<\/strong>. Their communication solutions are subject to <strong>specific requirements<\/strong> that directly contribute to digital sovereignty:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Complete, modern encryption:<\/strong> The content of communications must be readable only by the sender and the recipient. Solutions that decrypt metadata or content on the provider\u2019s central servers do not meet this requirement.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Zero-trust architecture:<\/strong> There is no implicit trust in network participants. Every request is verified \u2013 regardless of whether it originates from the internal network or not.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Audit-proof archiving:<\/strong> Communication must be stored to ensure traceability and protection against tampering.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>On-premises option:<\/strong> For the most sensitive use cases, the entire infrastructure must run on your own servers.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Certifications:<\/strong> ISO 27001 and BSI C5 (Cloud Computing Compliance Criteria Catalog) are the relevant certifications for secure cloud infrastructures in Germany.<\/span><\/li><\/ul><p><i><span style=\"font-weight: 400;\">You may also be interested in our guide <\/span><\/i><a href=\"https:\/\/teamwire.eu\/en\/guides\/emergency-communication\/\" target=\"_blank\" rel=\"noopener\"><i><span style=\"font-weight: 400;\">\u201cCommunication in a state of emergency\u201d<\/span><\/i><\/a><i><span style=\"font-weight: 400;\">.<\/span><\/i><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-048b83e elementor-widget elementor-widget-li-spacer\" data-id=\"048b83e\" data-element_type=\"widget\" data-widget_type=\"li-spacer.default\">\n\t\t\t\t\t<div class=\"li-elementor-widget li-elementor-widget--li-spacer\">\n    <div class=\"li-spacer-inner\"><\/div>\n<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-c201dab e-flex e-con-boxed e-con e-parent\" data-id=\"c201dab\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-cc5f729 elementor-widget elementor-widget-shortcode\" data-id=\"cc5f729\" data-element_type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\"><div class=\"hs-cta-embed hs-cta-simple-placeholder hs-cta-embed-369289076948\"\n  style=\"max-width:100%; max-height:100%; width:672px;height:327.2830175175781px\" data-hubspot-wrapper-cta-id=\"369289076948\">\n  <a href=\"https:\/\/cta-eu1.hubspot.com\/web-interactives\/public\/v1\/track\/redirect?encryptedPayload=AVxigLJKftBXizC2DgTyDN8oyfrs6VdXFtthZ8J%2BqYwEL3Vom%2F%2B%2FzKM75ZLUD3nlTF3FdzHIZAirvUUkzwan1dcH9ljyxHgJLj3CfYoiOobz%2Be3QwQUjCIBoW719flJWgbdghnaK9fSRmdjzogvb3JP2wDUup85DKE5%2F6ehibr2xx38lV%2FrsxzS3yzb3ngDaUnYSa3gBZJvtwx3IHQ%3D%3D&amp;webInteractiveContentId=369289076948&amp;portalId=143616833\" target=\"_blank\" rel=\"noopener\" crossorigin=\"anonymous\">\n    <img decoding=\"async\" alt=\"Download\" loading=\"lazy\" src=\"https:\/\/hubspot-no-cache-eu1-prod.s3.amazonaws.com\/cta\/default\/143616833\/interactive-369289076948.png\" style=\"height: 100%; width: 100%; object-fit: fill\"\n      onerror=\"this.style.display='none'\" \/>\n  <\/a>\n<\/div><\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-ea6aa19 e-flex e-con-boxed e-con e-parent\" data-id=\"ea6aa19\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-9534d46 elementor-widget elementor-widget-text-editor\" data-id=\"9534d46\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<h2><span style=\"font-weight: 400;\">Digital sovereignty in practice: public authorities, law enforcement, and critical infrastructure<\/span><\/h2><p><span style=\"font-weight: 400;\">The requirements for digital sovereignty vary considerably across sectors. <strong>Three types<\/strong> of organization are of particular focus here:<\/span><\/p><h3><span style=\"font-weight: 400;\">Government bodies and public administration<\/span><\/h3><p><span style=\"font-weight: 400;\">Digital sovereignty is the <strong>foundation for public trust<\/strong> in government institutions. Typical use cases include <strong>secure coordination processes<\/strong> between public authorities, the <strong>protection of sensitive personal data<\/strong>, and <strong>crisis communication<\/strong> in disaster management.<\/span><\/p><h3><span style=\"font-weight: 400;\">Public authorities and organizations responsible for security<\/span><\/h3><p><span style=\"font-weight: 400;\">Secure communication is vital for the police, fire departments, and emergency services. <strong>Every second counts<\/strong> during an emergency: real-time coordination of operations, the secure transmission of operational data, alerting procedures, and on-site communication during major incidents must function <strong>reliably even under extreme conditions<\/strong>, and must <strong>not leave any data traces<\/strong> on foreign servers.<\/span><\/p><h3><span style=\"font-weight: 400;\">Critical infrastructure companies and organizations<\/span><\/h3><p><span style=\"font-weight: 400;\">Energy suppliers, healthcare facilities, telecommunications providers, and water utilities rely on resilient communication systems. For them, digital sovereignty means, in practical terms: <strong>business continuity management<\/strong>, the <strong>protection of sensitive operational and patient data<\/strong>, and the <strong>ability to maintain coordination in the event of a cyberattack<\/strong> \u2013 without relying on third-party providers who may have been compromised.<\/span><\/p><h2><span style=\"font-weight: 400;\">Secure government communications in practice: the example of the police<\/span><\/h2><p><span style=\"font-weight: 400;\">Hardly any other scenario illustrates the requirements of digital sovereignty as clearly as <strong>police operational communications<\/strong>. During operations, officers need:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Immediate, reliable contact<\/strong> with all units<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Secure transfer<\/strong> of photo and video footage from the field<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Real-time location data<\/strong> for coordinating units<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Alert functions<\/strong> for critical situations<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Guaranteed <strong>data sovereignty<\/strong> \u2013 no communication data stored on US servers<\/span><\/li><\/ul><p><span style=\"font-weight: 400;\">Today, <strong>over half of all German police forces use Teamwire<\/strong> as a secure communication platform. This has <strong>significantly improved operational communication<\/strong> \u2013 from faster success in manhunts to seamless coordination during major events such as the <a href=\"https:\/\/teamwire.eu\/en\/blog\/supporting-germanys-police-during-uefa-2024-our-secure-messenger-in-action\/\" target=\"_blank\" rel=\"noopener\">2024 European Football Championship<\/a> in Germany.<\/span><\/p><p><span style=\"font-weight: 400;\">The example shows:\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">Digital sovereignty is not an end in itself. It is the <strong>foundation for efficient, secure, and legally compliant communication<\/strong> in critical situations.<\/span><\/p><p><span style=\"font-weight: 400;\">You can gain a more detailed insight into how the police use Teamwire in our <\/span><strong><a href=\"https:\/\/teamwire.eu\/en\/resources\/success-stories\/the-bavarian-police\/\" target=\"_blank\" rel=\"noopener\">success story<\/a><\/strong><span style=\"font-weight: 400;\">, which was produced in collaboration with the <strong>Bavarian Police<\/strong>.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-0b0fa34 e-flex e-con-boxed e-con e-parent\" data-id=\"0b0fa34\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-1daafec elementor-widget elementor-widget-text-editor\" data-id=\"1daafec\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<h2><span style=\"font-weight: 400;\">GDPR-compliant communication as a minimum standard<\/span><\/h2><p><span style=\"font-weight: 400;\">GDPR compliance is a <strong>fundamental requirement<\/strong> for any communication solution in the public sector \u2013 but it is <strong>no guarantee of true digital sovereignty<\/strong>. A solution may be formally GDPR-compliant yet still problematic if:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The provider, which is owned by a <strong>US parent company<\/strong>, is subject to (Cloud Act risk).<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><a href=\"https:\/\/teamwire.eu\/en\/blog\/secure-corporate-communication\/\" target=\"_blank\" rel=\"noopener\"><strong>Metadata<\/strong><\/a> (who communicates with whom and when?) is stored and analyzed on the provider\u2019s servers.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">There is no <a href=\"https:\/\/teamwire.eu\/en\/product\/security\/encryption-and-zero-trust\/\" target=\"_blank\" rel=\"noopener\"><strong>comprehensive, modern encryption<\/strong><\/a> in place, only transport encryption.<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Although the data is technically stored in Europe, it can be <strong>accessed from third countries<\/strong>.<\/span><\/li><\/ul><p><span style=\"font-weight: 400;\">Public authorities and operators of critical infrastructure should therefore <strong>look beyond GDPR compliance<\/strong> and choose solutions that offer <strong>technical data sovereignty<\/strong> \u2013 not just legal compliance.<\/span><\/p><h2><span style=\"font-weight: 400;\">Implementing digital sovereignty: A framework for decision-makers<\/span><\/h2><p><span style=\"font-weight: 400;\">Implementing digital sovereignty is not a one-off project, but an <strong>ongoing process<\/strong>. The following <strong>four steps<\/strong> have proven effective in practice:<\/span><\/p><h3><span style=\"font-weight: 400;\">1. Taking stock: Which tools does your organization actually use?<\/span><\/h3><p><span style=\"font-weight: 400;\">There is often a significant gap between officially approved communication tools and those actually in use. The first step is to <strong>carry out an inventory of the applications in use<\/strong> \u2013 including shadow IT.<\/span><\/p><h3><span style=\"font-weight: 400;\">2. Risk assessment by data category<\/span><\/h3><p><span style=\"font-weight: 400;\">Not all data requires the same level of protection. Organizations should <strong>distinguish between different types of data<\/strong>: Which communications contain sensitive operational data? Where is a standard cloud solution sufficient? This categorization enables <strong>targeted investment<\/strong> decisions.<\/span><\/p><h3><span style=\"font-weight: 400;\">3. Choice of technology: European suppliers with proven certifications<\/span><\/h3><p><span style=\"font-weight: 400;\">When selecting communication solutions, decision-makers should consider the following criteria:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Servers located<\/strong> exclusively in Germany or the EU<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>No dependence<\/strong> on US parent companies<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>ISO 27001 and BSI C5 certification<\/strong> of the cloud infrastructure<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Genuine, modern encryption<\/strong> (including metadata, etc.)<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Zero-trust<\/strong> security architecture<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>On-premises option<\/strong> for sensitive applications<\/span><\/li><\/ul><h3><span style=\"font-weight: 400;\">4. Ensure acceptance through user-friendliness<\/span><\/h3><p><span style=\"font-weight: 400;\">Even the best security solution is of little use if employees bypass it because it is too complex. Digital sovereignty can only be achieved if secure tools are <strong>intuitive to use and are faster than \u2013 or at least as fast as \u2013 their insecure alternatives<\/strong>. Training and clear communication guidelines are just as important as the technical solution itself.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d7b2a35 elementor-widget elementor-widget-li-spacer\" data-id=\"d7b2a35\" data-element_type=\"widget\" data-widget_type=\"li-spacer.default\">\n\t\t\t\t\t<div class=\"li-elementor-widget li-elementor-widget--li-spacer\">\n    <div class=\"li-spacer-inner\"><\/div>\n<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-2b628f5 e-flex e-con-boxed e-con e-parent\" data-id=\"2b628f5\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-06a3ff6 elementor-widget elementor-widget-li-cta\" data-id=\"06a3ff6\" data-element_type=\"widget\" data-widget_type=\"li-cta.default\">\n\t\t\t\t\t<div class=\"li-elementor-widget li-elementor-widget--li-cta border-radius-4 justify-between d-flex px-large py-large mx-auto gap-medium bg-blue-light\">\n    <div class=\"li-cta-content\">\n        <p class=\"body-lg font-weight--regular li-cta-color\">\n            \u201cThe ease of use is definitely one of the things we like best about Teamwire. It\u2019s like WhatsApp.\u201d \u2013 Ben Viethen, Head of Digitalization City of Kleve\n        <\/p>\n    <\/div>\n    <div class=\"li-cta-button d-flex content-center self-center flex-none\">\n        <a href=\"https:\/\/teamwire.eu\/en\/resources\/success-stories\/city-of-kleve\/\" target=\"_self\" title=\"Read the success story here\" class=\"tw-button classic-primary-blue white font-weight--medium default classic tw-button--primary tw-button--trailing tw-button--small \">\n            Read the success story here        <\/a>\n    <\/div>\n<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-088e57e e-flex e-con-boxed e-con e-parent\" data-id=\"088e57e\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-8f0db1e elementor-widget elementor-widget-text-editor\" data-id=\"8f0db1e\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<h2><span style=\"font-weight: 400;\">The future of digital sovereignty in Europe<\/span><\/h2><p><span style=\"font-weight: 400;\">Geopolitical developments in recent years have significantly heightened awareness of <strong>digital dependencies<\/strong>. European institutions and national authorities are <strong>stepping up their investment in sovereign technologies<\/strong>. Initiatives such as GAIA-X, the European cloud infrastructure, and the BSI\u2019s concept of digital sovereignty are setting strategic guidelines.<\/span><\/p><p><span style=\"font-weight: 400;\">For operators of critical infrastructure and (security) authorities, this means:\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\"><strong>Regulatory pressure<\/strong> to achieve digital sovereignty will increase. Organizations that <strong>act now and establish sovereign communications infrastructures<\/strong> will be better positioned \u2013 both to meet future compliance requirements and to cope with emergencies.<\/span><\/p><p><span style=\"font-weight: 400;\">At the same time, <strong>technology continues to evolve<\/strong>: AI-powered threat detection, advanced real-time communication features (such as augmented reality for operational coordination) and deeper integration capabilities with existing IT infrastructure are making sophisticated solutions increasingly powerful.<\/span><\/p><h2><span style=\"font-weight: 400;\">Digital sovereignty is the key to Europe\u2019s ability to act<\/span><\/h2><p><span style=\"font-weight: 400;\">Digital sovereignty is far more than just a technical concept. It is a <strong>strategic prerequisite for security, resilience, and independence<\/strong>. The CrowdStrike outage in 2024, the US Cloud Act, and growing geopolitical tensions demonstrate that:\u00a0<\/span><\/p><p><strong>Digital dependencies are real risks.<\/strong><\/p><p><span style=\"font-weight: 400;\">The following applies to public authorities, law enforcement agencies, and operators of critical infrastructure:\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">Those who invest now in robust IT infrastructures and secure communication solutions are not only <strong>strengthening their own resilience<\/strong> but are also making a tangible <strong>contribution to Europe\u2019s digital independence<\/strong>.<\/span><\/p><p><span style=\"font-weight: 400;\">The good news is:\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">Digital sovereignty and efficiency are <strong>not mutually exclusive<\/strong>. Modern, certified platforms such as Teamwire demonstrate that the highest security standards, full data sovereignty and intuitive user-friendliness can be achieved simultaneously \u2013 and have been in use for years by over half of Germany\u2019s police forces, numerous critical infrastructure companies and local authorities.<\/span><\/p><p><span style=\"font-weight: 400;\">Why not expand your knowledge with our guide <\/span><strong><a href=\"https:\/\/teamwire.eu\/en\/guides-en-contact-form-data-sovereignty-instead-of-digital-dependency\/\" target=\"_blank\" rel=\"noopener\"><i>Data Sovereignty Instead of Digital Dependence<\/i><\/a><\/strong><span style=\"font-weight: 400;\">, which we have published in collaboration with our partner <\/span><a href=\"https:\/\/www.ionos.co.uk\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">IONOS<\/span><\/a><span style=\"font-weight: 400;\">.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">Global uncertainty, cyber threats, and US legislation show that:\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">Local data centers or encryption alone are not enough. Data sovereignty requires an <strong>understanding of the risks and a willingness to adapt<\/strong> \u2013 this is the only way for public authorities, critical infrastructure operators, law enforcement agencies, and the healthcare sector to protect their data in the long term.<\/span><\/p><p><span style=\"font-weight: 400;\">In this comprehensive document, which you can <\/span><strong><a href=\"https:\/\/teamwire.eu\/en\/guides-en-contact-form-data-sovereignty-instead-of-digital-dependency\/\" target=\"_blank\" rel=\"noopener\">download for free<\/a><\/strong><span style=\"font-weight: 400;\">, we explore:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">What are the differences between <strong>data sovereignty<\/strong>, <strong>data residency<\/strong>, <strong>data protection<\/strong>, and <strong>data security<\/strong>?<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">What <strong>risks<\/strong> are associated with US providers such as Microsoft 365, WhatsApp, and Slack?<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">What<strong> impact<\/strong> does this have on compliance, audits and certifications (e.g. ISO 27001, BSI C5)?<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">What <strong>specific recommendations<\/strong> are there for switching to European solutions?<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">How are <strong>European providers<\/strong> already offering high-performance alternatives today?<\/span><\/li><\/ul><p><span style=\"font-weight: 400;\">You can also <a href=\"https:\/\/teamwire.eu\/en\/free-trial\/\" target=\"_blank\" rel=\"noopener\"><strong>try Teamwire for free<\/strong><\/a> at any time or <a href=\"https:\/\/teamwire.eu\/en\/contact-sales\/\" target=\"_blank\" rel=\"noopener\"><strong>book a personalized demo.<\/strong><\/a><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-0ebf094 e-flex e-con-boxed e-con e-parent\" data-id=\"0ebf094\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-0dad15d elementor-widget elementor-widget-li-spacer\" data-id=\"0dad15d\" data-element_type=\"widget\" data-widget_type=\"li-spacer.default\">\n\t\t\t\t\t<div class=\"li-elementor-widget li-elementor-widget--li-spacer\">\n    <div class=\"li-spacer-inner\"><\/div>\n<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2f31697 elementor-widget elementor-widget-shortcode\" data-id=\"2f31697\" data-element_type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\"><div class=\"hs-cta-embed hs-cta-simple-placeholder hs-cta-embed-108770283492\"\n  style=\"max-width:100%; max-height:100%; width:672px;height:188.34375px\" data-hubspot-wrapper-cta-id=\"108770283492\">\n  <a href=\"https:\/\/cta-eu1.hubspot.com\/web-interactives\/public\/v1\/track\/redirect?encryptedPayload=AVxigLLTVYLaVAKx8UB6h8%2F1r8A6aSXat4%2Fmy81Bu%2BizwXurBIlDpP1WAMZ%2FJvR%2BRFtpKKEowwbtvEXkb50vNgs9IPwKFN5xXWTSoYPhhiidIFWBcgEO1nC%2FOzDPb0gkQdg%2Fn3FEjjyiKbq66%2F%2FUJCIRkuhiA95DbH7FOo8cV8VASmLQl8E%3D&amp;webInteractiveContentId=108770283492&amp;portalId=143616833\" target=\"_blank\" rel=\"noopener\" crossorigin=\"anonymous\">\n    <img decoding=\"async\" alt=\"Let our experts advise you and find the ideal hosting solution for your organization.\" loading=\"lazy\" src=\"https:\/\/hubspot-no-cache-eu1-prod.s3.amazonaws.com\/cta\/default\/143616833\/interactive-108770283492.png\" style=\"height: 100%; width: 100%; object-fit: fill\"\n      onerror=\"this.style.display='none'\" \/>\n  <\/a>\n<\/div><\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-3d093f47 e-flex e-con-boxed e-con e-parent\" data-id=\"3d093f47\" data-element_type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-15139ff6 elementor-widget__width-inherit elementor-widget elementor-widget-li-headline\" data-id=\"15139ff6\" data-element_type=\"widget\" data-widget_type=\"li-headline.default\">\n\t\t\t\t\t<div class=\"li-elementor-widget li-elementor-widget--li-headline text-center text-md-center text-xs-center \">\n        <h2 class=\"headline h4 text--semi-bold mx-auto mx-md-auto mx-xs-auto \">\n        Frequently asked questions (FAQs)    <\/h2>\n    <\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-118d579f elementor-widget__width-initial teamwire accordion elementor-widget elementor-widget-accordion\" data-id=\"118d579f\" data-element_type=\"widget\" data-widget_type=\"accordion.default\">\n\t\t\t\t\t\t\t<div class=\"elementor-accordion\">\n\t\t\t\t\t\t\t<div class=\"elementor-accordion-item\">\n\t\t\t\t\t<h3 id=\"elementor-tab-title-2941\" class=\"elementor-tab-title\" data-tab=\"1\" role=\"button\" aria-controls=\"elementor-tab-content-2941\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon elementor-accordion-icon-right\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-closed\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"25\" viewBox=\"0 0 24 25\" fill=\"none\"><path d=\"M18 10.252L12 16.252L6 10.252L7.40039 8.85156L12 13.4512L16.5996 8.85156L18 10.252Z\" fill=\"#0C111D\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-opened\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"25\" viewBox=\"0 0 24 25\" fill=\"none\"><path d=\"M18 14.25L16.5996 15.6494L12 11.0498L7.40039 15.6494L6 14.25L12 8.25L18 14.25Z\" fill=\"#0C111D\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-accordion-title\" tabindex=\"0\">What is digital sovereignty?<\/a>\n\t\t\t\t\t<\/h3>\n\t\t\t\t\t<div id=\"elementor-tab-content-2941\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"1\" role=\"region\" aria-labelledby=\"elementor-tab-title-2941\"><p><span style=\"font-weight: 400;\">Digital sovereignty refers to the ability of organizations and states to independently control digital systems, data, and communication processes \u2013 without reliance on foreign providers, technologies, or legal systems. For public authorities, this includes, in particular, control over communication data, independence from US hyperscalers, and the ability to remain operational in the event of a crisis.<\/span><\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-accordion-item\">\n\t\t\t\t\t<h3 id=\"elementor-tab-title-2942\" class=\"elementor-tab-title\" data-tab=\"2\" role=\"button\" aria-controls=\"elementor-tab-content-2942\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon elementor-accordion-icon-right\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-closed\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"25\" viewBox=\"0 0 24 25\" fill=\"none\"><path d=\"M18 10.252L12 16.252L6 10.252L7.40039 8.85156L12 13.4512L16.5996 8.85156L18 10.252Z\" fill=\"#0C111D\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-opened\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"25\" viewBox=\"0 0 24 25\" fill=\"none\"><path d=\"M18 14.25L16.5996 15.6494L12 11.0498L7.40039 15.6494L6 14.25L12 8.25L18 14.25Z\" fill=\"#0C111D\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-accordion-title\" tabindex=\"0\">Why is digital sovereignty mandatory for operators of critical infrastructure?<\/a>\n\t\t\t\t\t<\/h3>\n\t\t\t\t\t<div id=\"elementor-tab-content-2942\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"2\" role=\"region\" aria-labelledby=\"elementor-tab-title-2942\"><p><span style=\"font-weight: 400;\">Under the IT Security Act 2.0 and the NIS 2 Directive, operators of critical infrastructure are subject to strict requirements regarding the resilience and security of their IT infrastructure. Digital sovereignty is not an option here, but a prerequisite: communication systems must be controllable, fail-safe, and protected against external access \u2013 including by foreign authorities.<\/span><\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-accordion-item\">\n\t\t\t\t\t<h3 id=\"elementor-tab-title-2943\" class=\"elementor-tab-title\" data-tab=\"3\" role=\"button\" aria-controls=\"elementor-tab-content-2943\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon elementor-accordion-icon-right\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-closed\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"25\" viewBox=\"0 0 24 25\" fill=\"none\"><path d=\"M18 10.252L12 16.252L6 10.252L7.40039 8.85156L12 13.4512L16.5996 8.85156L18 10.252Z\" fill=\"#0C111D\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-opened\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"25\" viewBox=\"0 0 24 25\" fill=\"none\"><path d=\"M18 14.25L16.5996 15.6494L12 11.0498L7.40039 15.6494L6 14.25L12 8.25L18 14.25Z\" fill=\"#0C111D\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-accordion-title\" tabindex=\"0\">What is the US CLOUD Act, and why is it relevant to European authorities and companies?<\/a>\n\t\t\t\t\t<\/h3>\n\t\t\t\t\t<div id=\"elementor-tab-content-2943\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"3\" role=\"region\" aria-labelledby=\"elementor-tab-title-2943\"><p><span style=\"font-weight: 400;\">The US CLOUD Act (Clarifying Lawful Overseas Use of Data Act) requires US companies to grant US authorities access to stored data upon request, regardless of whether that data is hosted on European servers. For authorities and operators of critical infrastructure, this means that any communication solution provided by a US provider or a US subsidiary is potentially subject to access by foreign authorities \u2013 even if it is formally GDPR-compliant.<\/span><\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-accordion-item\">\n\t\t\t\t\t<h3 id=\"elementor-tab-title-2944\" class=\"elementor-tab-title\" data-tab=\"4\" role=\"button\" aria-controls=\"elementor-tab-content-2944\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon elementor-accordion-icon-right\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-closed\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"25\" viewBox=\"0 0 24 25\" fill=\"none\"><path d=\"M18 10.252L12 16.252L6 10.252L7.40039 8.85156L12 13.4512L16.5996 8.85156L18 10.252Z\" fill=\"#0C111D\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-opened\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"25\" viewBox=\"0 0 24 25\" fill=\"none\"><path d=\"M18 14.25L16.5996 15.6494L12 11.0498L7.40039 15.6494L6 14.25L12 8.25L18 14.25Z\" fill=\"#0C111D\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-accordion-title\" tabindex=\"0\">What is the difference between data sovereignty and digital sovereignty?<\/a>\n\t\t\t\t\t<\/h3>\n\t\t\t\t\t<div id=\"elementor-tab-content-2944\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"4\" role=\"region\" aria-labelledby=\"elementor-tab-title-2944\"><p><span style=\"font-weight: 400;\">Data sovereignty is one aspect of digital sovereignty. It refers to having complete control over where data is stored, who can access it, and how long it is retained. Digital sovereignty goes further and also encompasses technological independence, cloud sovereignty, and the ability to operate digital infrastructures independently.<\/span><\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-accordion-item\">\n\t\t\t\t\t<h3 id=\"elementor-tab-title-2945\" class=\"elementor-tab-title\" data-tab=\"5\" role=\"button\" aria-controls=\"elementor-tab-content-2945\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon elementor-accordion-icon-right\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-closed\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"25\" viewBox=\"0 0 24 25\" fill=\"none\"><path d=\"M18 10.252L12 16.252L6 10.252L7.40039 8.85156L12 13.4512L16.5996 8.85156L18 10.252Z\" fill=\"#0C111D\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-opened\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"25\" viewBox=\"0 0 24 25\" fill=\"none\"><path d=\"M18 14.25L16.5996 15.6494L12 11.0498L7.40039 15.6494L6 14.25L12 8.25L18 14.25Z\" fill=\"#0C111D\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-accordion-title\" tabindex=\"0\">Is WhatsApp GDPR-compliant for public authorities?<\/a>\n\t\t\t\t\t<\/h3>\n\t\t\t\t\t<div id=\"elementor-tab-content-2945\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"5\" role=\"region\" aria-labelledby=\"elementor-tab-title-2945\"><p><span style=\"font-weight: 400;\">No. WhatsApp is a consumer app developed by Meta, a US-based company. In addition to the fundamental GDPR risk posed by the transfer of metadata to US servers, Meta is subject to the US CLOUD Act, which allows US authorities to access stored data. WhatsApp is therefore unsuitable for official communications.<\/span><\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-accordion-item\">\n\t\t\t\t\t<h3 id=\"elementor-tab-title-2946\" class=\"elementor-tab-title\" data-tab=\"6\" role=\"button\" aria-controls=\"elementor-tab-content-2946\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon elementor-accordion-icon-right\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-closed\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"25\" viewBox=\"0 0 24 25\" fill=\"none\"><path d=\"M18 10.252L12 16.252L6 10.252L7.40039 8.85156L12 13.4512L16.5996 8.85156L18 10.252Z\" fill=\"#0C111D\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-opened\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"25\" viewBox=\"0 0 24 25\" fill=\"none\"><path d=\"M18 14.25L16.5996 15.6494L12 11.0498L7.40039 15.6494L6 14.25L12 8.25L18 14.25Z\" fill=\"#0C111D\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-accordion-title\" tabindex=\"0\">What does Zero Trust mean for secure communication?<\/a>\n\t\t\t\t\t<\/h3>\n\t\t\t\t\t<div id=\"elementor-tab-content-2946\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"6\" role=\"region\" aria-labelledby=\"elementor-tab-title-2946\"><p><span style=\"font-weight: 400;\">Zero Trust is a security concept that does not automatically trust any network user \u2013 whether internal or external. Every communication request is verified, access rights are granted on a minimal basis, and are continuously reviewed. For your communications, this means that even a compromised device within the network cannot gain unauthorized access to sensitive communication data.<\/span><\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-accordion-item\">\n\t\t\t\t\t<h3 id=\"elementor-tab-title-2947\" class=\"elementor-tab-title\" data-tab=\"7\" role=\"button\" aria-controls=\"elementor-tab-content-2947\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon elementor-accordion-icon-right\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-closed\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"25\" viewBox=\"0 0 24 25\" fill=\"none\"><path d=\"M18 10.252L12 16.252L6 10.252L7.40039 8.85156L12 13.4512L16.5996 8.85156L18 10.252Z\" fill=\"#0C111D\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-opened\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"25\" viewBox=\"0 0 24 25\" fill=\"none\"><path d=\"M18 14.25L16.5996 15.6494L12 11.0498L7.40039 15.6494L6 14.25L12 8.25L18 14.25Z\" fill=\"#0C111D\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-accordion-title\" tabindex=\"0\">What certifications should a secure communications solution for public authorities have?<\/a>\n\t\t\t\t\t<\/h3>\n\t\t\t\t\t<div id=\"elementor-tab-content-2947\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"7\" role=\"region\" aria-labelledby=\"elementor-tab-title-2947\"><p><span style=\"font-weight: 400;\">The minimum standards are ISO 27001 (the international standard for information security management systems) and BSI C5 (the Cloud Computing Compliance Criteria Catalogue published by the Federal Office for Information Security). BSI C5 is particularly relevant for use by German public authorities, as it is tailored to the requirements of sovereign cloud use in Germany. In addition, the NIS 2 Directive should be complied with.<\/span><\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-accordion-item\">\n\t\t\t\t\t<h3 id=\"elementor-tab-title-2948\" class=\"elementor-tab-title\" data-tab=\"8\" role=\"button\" aria-controls=\"elementor-tab-content-2948\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon elementor-accordion-icon-right\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-closed\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"25\" viewBox=\"0 0 24 25\" fill=\"none\"><path d=\"M18 10.252L12 16.252L6 10.252L7.40039 8.85156L12 13.4512L16.5996 8.85156L18 10.252Z\" fill=\"#0C111D\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-opened\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"25\" viewBox=\"0 0 24 25\" fill=\"none\"><path d=\"M18 14.25L16.5996 15.6494L12 11.0498L7.40039 15.6494L6 14.25L12 8.25L18 14.25Z\" fill=\"#0C111D\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-accordion-title\" tabindex=\"0\">What is the difference between on-premises and private cloud solutions in terms of digital sovereignty?<\/a>\n\t\t\t\t\t<\/h3>\n\t\t\t\t\t<div id=\"elementor-tab-content-2948\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"8\" role=\"region\" aria-labelledby=\"elementor-tab-title-2948\"><p><span style=\"font-weight: 400;\">With an on-premises solution, the entire software infrastructure runs on the organisation\u2019s own servers \u2013 offering maximum control but also maximum operational overhead. A private cloud (dedicated, self-hosted) combines the advantages of a cloud infrastructure with the data sovereignty of an on-premises solution: data remains on dedicated servers in Germany, without the organisation having to bear the full operational overhead.<\/span><\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<script type=\"application\/ld+json\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@type\":\"FAQPage\",\"mainEntity\":[{\"@type\":\"Question\",\"name\":\"What is digital sovereignty?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"<p><span style=\\\"font-weight: 400;\\\">Digital sovereignty refers to the ability of organizations and states to independently control digital systems, data, and communication processes \\u2013 without reliance on foreign providers, technologies, or legal systems. For public authorities, this includes, in particular, control over communication data, independence from US hyperscalers, and the ability to remain operational in the event of a crisis.<\\\/span><\\\/p>\"}},{\"@type\":\"Question\",\"name\":\"Why is digital sovereignty mandatory for operators of critical infrastructure?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"<p><span style=\\\"font-weight: 400;\\\">Under the IT Security Act 2.0 and the NIS 2 Directive, operators of critical infrastructure are subject to strict requirements regarding the resilience and security of their IT infrastructure. Digital sovereignty is not an option here, but a prerequisite: communication systems must be controllable, fail-safe, and protected against external access \\u2013 including by foreign authorities.<\\\/span><\\\/p>\"}},{\"@type\":\"Question\",\"name\":\"What is the US CLOUD Act, and why is it relevant to European authorities and companies?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"<p><span style=\\\"font-weight: 400;\\\">The US CLOUD Act (Clarifying Lawful Overseas Use of Data Act) requires US companies to grant US authorities access to stored data upon request, regardless of whether that data is hosted on European servers. For authorities and operators of critical infrastructure, this means that any communication solution provided by a US provider or a US subsidiary is potentially subject to access by foreign authorities \\u2013 even if it is formally GDPR-compliant.<\\\/span><\\\/p>\"}},{\"@type\":\"Question\",\"name\":\"What is the difference between data sovereignty and digital sovereignty?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"<p><span style=\\\"font-weight: 400;\\\">Data sovereignty is one aspect of digital sovereignty. It refers to having complete control over where data is stored, who can access it, and how long it is retained. Digital sovereignty goes further and also encompasses technological independence, cloud sovereignty, and the ability to operate digital infrastructures independently.<\\\/span><\\\/p>\"}},{\"@type\":\"Question\",\"name\":\"Is WhatsApp GDPR-compliant for public authorities?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"<p><span style=\\\"font-weight: 400;\\\">No. WhatsApp is a consumer app developed by Meta, a US-based company. In addition to the fundamental GDPR risk posed by the transfer of metadata to US servers, Meta is subject to the US CLOUD Act, which allows US authorities to access stored data. WhatsApp is therefore unsuitable for official communications.<\\\/span><\\\/p>\"}},{\"@type\":\"Question\",\"name\":\"What does Zero Trust mean for secure communication?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"<p><span style=\\\"font-weight: 400;\\\">Zero Trust is a security concept that does not automatically trust any network user \\u2013 whether internal or external. Every communication request is verified, access rights are granted on a minimal basis, and are continuously reviewed. For your communications, this means that even a compromised device within the network cannot gain unauthorized access to sensitive communication data.<\\\/span><\\\/p>\"}},{\"@type\":\"Question\",\"name\":\"What certifications should a secure communications solution for public authorities have?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"<p><span style=\\\"font-weight: 400;\\\">The minimum standards are ISO 27001 (the international standard for information security management systems) and BSI C5 (the Cloud Computing Compliance Criteria Catalogue published by the Federal Office for Information Security). BSI C5 is particularly relevant for use by German public authorities, as it is tailored to the requirements of sovereign cloud use in Germany. In addition, the NIS 2 Directive should be complied with.<\\\/span><\\\/p>\"}},{\"@type\":\"Question\",\"name\":\"What is the difference between on-premises and private cloud solutions in terms of digital sovereignty?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"<p><span style=\\\"font-weight: 400;\\\">With an on-premises solution, the entire software infrastructure runs on the organisation\\u2019s own servers \\u2013 offering maximum control but also maximum operational overhead. A private cloud (dedicated, self-hosted) combines the advantages of a cloud infrastructure with the data sovereignty of an on-premises solution: data remains on dedicated servers in Germany, without the organisation having to bear the full operational overhead.<\\\/span><\\\/p>\"}}]}<\/script>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-22946187 e-con-full e-flex e-con e-child\" data-id=\"22946187\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5cf7e54b elementor-widget elementor-widget-li-spacer\" data-id=\"5cf7e54b\" data-element_type=\"widget\" data-widget_type=\"li-spacer.default\">\n\t\t\t\t\t<div class=\"li-elementor-widget li-elementor-widget--li-spacer\">\n    <div class=\"li-spacer-inner\"><\/div>\n<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Who controls your digital communications \u2013 you, or your tool or software provider? For public authorities, emergency services, and operators of critical infrastructure, digital sovereignty is not a matter of IT strategy, but of the ability to act in an emergency. This article explains what the term means, the specific risks posed by digital dependencies, and the measures that matter most right now.<\/p>\n","protected":false},"author":19,"featured_media":18095,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[67,68,69,71,66],"tags":[],"class_list":["post-18094","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business-continuity","category-crisis-communication","category-cybersecurity","category-legal","category-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/teamwire.eu\/en\/wp-json\/wp\/v2\/posts\/18094","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teamwire.eu\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teamwire.eu\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teamwire.eu\/en\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/teamwire.eu\/en\/wp-json\/wp\/v2\/comments?post=18094"}],"version-history":[{"count":8,"href":"https:\/\/teamwire.eu\/en\/wp-json\/wp\/v2\/posts\/18094\/revisions"}],"predecessor-version":[{"id":18181,"href":"https:\/\/teamwire.eu\/en\/wp-json\/wp\/v2\/posts\/18094\/revisions\/18181"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teamwire.eu\/en\/wp-json\/wp\/v2\/media\/18095"}],"wp:attachment":[{"href":"https:\/\/teamwire.eu\/en\/wp-json\/wp\/v2\/media?parent=18094"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teamwire.eu\/en\/wp-json\/wp\/v2\/categories?post=18094"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teamwire.eu\/en\/wp-json\/wp\/v2\/tags?post=18094"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}