Digital sovereignty does not arise at a single point, but along the entire digital chain.
by Oliver Sieber
Control over digital systems is becoming increasingly important. Oliver Sieber, Sales Manager Public Switzerland at Bechtle, explains why digital sovereignty is emerging along the entire digital chain—from end devices and open source to hardware security and confidential AI.
Written by
The term “digital sovereignty” is on everyone's lips. Where do you see its central importance?
At its core, digital sovereignty describes the ability to operate digital systems independently. This includes technical aspects such as data locality, encryption, and transparency, as well as legal frameworks and economic predictability. It is crucial that organizations understand where their data is processed, who has access to it, and what legal frameworks it is subject to. At the same time, long-term control over costs, architecture, and dependencies is playing an increasingly important role.
Much of the discussion focuses on the cloud. However, one could also refer to a “digital chain.” What does this encompass?
Digital sovereignty does not begin in the data center. It arises at various levels: at the end device, in the operating system, in the identity and network architecture, on the platform, and finally in the cloud. If one of these levels cannot be controlled—whether for technical, organizational, or legal reasons—it is difficult to operate the other levels with sovereignty. That is why it is important to take a holistic view of IT architectures and not just optimize individual components in isolation.
What role does open source play in this approach?
Open source allows insight into the code and creates transparency about functionalities and security mechanisms. For many organizations, this is an important factor because dependencies are reduced and technical decisions remain traceable. Technologies such as containerization and automation also allow applications to be operated consistently and reproducibly—regardless of location or underlying infrastructure model. This supports both technical independence and flexibility.
In public administrations and regulated industries, the economic component is also increasingly being discussed. How does it affect sovereignty?
Economic sovereignty begins with the question of how dependent you are on individual licensing, operating, or pricing structures. Many organizations are currently experiencing international providers regularly adjusting their models, and these adjustments are difficult to influence contractually. Clear governance, transparent cost models, and open technical platforms can help reduce these risks. This is particularly relevant for administrations, because planning security is a key factor.
A concrete look at Switzerland.
More and more data centers are being built in Switzerland. What does this mean for the country's digital sovereignty?
Switzerland offers a stable legal and regulatory framework. This is a significant advantage when it comes to sensitive data. Data processed in Swiss data centers is subject to Swiss law, and this clarity is a decisive criterion for many organizations. An important aspect concerns not only the location of the data center, but also the people who operate it. For true digital sovereignty, it is crucial that the data center is operated by employees who are based in Switzerland and have the appropriate authorizations. This is the only way to ensure that operator access, operating processes, and support channels are fully subject to the local legal framework. At the same time, we must remain realistic: location alone does not guarantee sovereignty. Additional technical and organizational measures are needed, such as clear governance, encryption, and transparent platforms.
People often talk about security at the hardware level. Why is this aspect becoming more important?
The need for protection is constantly increasing – especially in areas such as administration, energy supply, and healthcare. Modern hardware is therefore increasingly following the principle of “security by design.” Current processor architectures, for example, make it possible to protect data in separate, isolated execution areas even during processing. These so-called enclaves ensure that sensitive information remains protected even if the operating system is compromised. Such hardware-based security mechanisms are gaining in importance because classic, purely software-based protection models are no longer sufficient to deal with today's threat scenarios, and because forms of attack are becoming more complex and classic protection models alone are no longer adequate.
How does the digital workplace contribute to sovereignty?
The workplace is the first point of contact between users and data. If this level cannot be adequately controlled, for example due to proprietary dependencies or limited security mechanisms, it becomes difficult to maintain sovereignty in the rest of the architecture. Open operating systems and transparent security mechanisms can help reduce these dependencies while extending the service life of devices. For many public organizations, this is also relevant from a sustainability and cost perspective.
Artificial intelligence is currently one of the dominant topics. What does “confidential AI” mean in this context?
Confidential AI describes the ability to run AI models and training and inference processes on infrastructure that is fully controllable, both technically and legally. This requires that data remain in clearly defined environments and that the underlying architecture is transparent. For many organizations, this is a prerequisite for using AI productively without losing control over data or models. Various initiatives are currently emerging in Switzerland, such as Apertus, which support this idea.
Contact.
Do you have questions or would you like a personalized consultation?
Contact us now for a non-binding discussion.
This article was written in collaboration with Netzwoche.