Digital sovereignty is important for Germany and one of the central goals in the federal government's coalition agreement.
The people in Germany are also behind it.
A current Civey survey commissioned by Cisco has shown that 65 percent of Germans find it important that Germany has maximum freedom of action when it comes to digitization.
However, even after years of discussion, digital sovereignty is still a concept that is growing, changing and having to answer new questions.
Geostrategic aspects are currently dominating the debate, so that technological and economic aspects are taking a back seat.
This is problematic.
Because digital sovereignty always requires a balance between these three dimensions.
Only in this way can it guarantee the freedom to switch flexibly and independently between providers, solutions and structures in practice.
And at the same time, we can only maintain the competitiveness of our economy by using the best (sovereign) offers.
More IT understanding instead of self-sufficiency
The desire to develop solutions in Germany itself is currently often cited as the path to this digital sovereignty – i.e. “technological self-sufficiency”.
From my point of view a clear misconception.
Why?
In a globalized world, self-sufficiency is not a sensible economic concept, but division of labor is.
Nobody would think of manufacturing all parts of a car or all components for power plants under their own control.
You would have to isolate yourself from the rest of the world and you would certainly not come up with the most innovative and sustainable solutions.
In any case, a much better approach is to strengthen digital skills among all citizens, in companies and, above all, in public administration.
Only those who understand digital technologies can confidently use and apply them.
The Germans see it that way too.
Almost a third say in the Cisco and Civey study that digital sovereignty is best achieved by training IT professionals.
Only 6 percent see the frequently discussed open source software as a solution.
I share this assessment of the respondents.
Open source alone does not bring digital sovereignty, even if this is often claimed.
Incidentally, open source certainly does not bring increased cyber security.
A recurring narrative is the argument that a solution developed on the basis of open source software would be more secure per se and therefore more sovereign than established video conference systems and - bonus!
– automatically compliant with data protection.
Here apples are compared with oranges, namely software and a GDPR-compliant service.
Open source software offers advantages, but it is not inherently more secure because anyone can access it.
When it comes to data protection, the entire package is also crucial.
It's not about how and where the code was written, but how the software (i.e. the service) is used and operated.
Open source says nothing about security and sovereignty.
In fact, one of the biggest security gaps in the entire IT industry was recently discovered in open source software.
According to media reports, the LogJ4 vulnerability in Java affected almost half of German-speaking companies and was also exploited for ransomware.