Digital sovereignty is becoming a key competence for Europe

The geopolitical situation is characterised by increasing uncertainty - with a direct impact on critical infrastructures and IT systems. For financial institutions, this means that technological dependencies, particularly on non-European cloud providers, can pose significant risks to stability and business continuity in the event of a crisis. Digital sovereignty has long been more than just a strategic goal - it forms the necessary basis for Europe's security, resilience and competitiveness.

IT sovereignty and cloud sovereignty in particular are more essential than ever

Digital sovereignty means much more than just choosing a specific IT provider: it is the ability of companies to organise, control and further develop critical digital resources in a self-determined, secure and independent manner. It is about gaining control over data, processes and technologies - instead of having to rely on external providers or foreign jurisdictions in key areas.

Sovereignty versus profitability – Finding the right balance

Expanding digital sovereignty must not mean sacrificing efficiency and innovative strength. Instead, the aim should be to create a balance between autonomy, costs and agility. Companies are faced with the task of reducing risks and dependencies in a targeted manner without jeopardising the speed of their digital transformation or the cost-effectiveness of their IT landscape.

This first requires a systematic analysis of existing dependencies on cloud and technology service providers:

Which business-critical processes are directly tied to a single provider?
Where is proprietary technology used that makes switching or integration difficult?

On this basis, migration and diversification strategies can be developed that enable the gradual development of a sovereign infrastructure - for example by using multiple providers or hybrid architectures. At the same time, companies should build up their own core competences in strategically important areas such as AI systems, data storage, cybersecurity or digital identity management in order to remain independent and capable of acting in the long term. This can be achieved, for example, by training their own employees and organisationally bringing together people with similar functional profiles (e.g. via "communities").

The trade-off between resilient, innovative operations and a sovereign solution primarily concerns cloud computing. Customers should revise their cloud strategy in a risk-oriented manner and specifically strengthen their sovereignty.

Christine Müller

Partner, Financial Services

KPMG AG Wirtschaftsprüfungsgesellschaft

Ready to talk? Contact us.

auto_stories

Strategies and trends in cloud computing for financial service providers.

Download now

The first consequences of dependency are becoming visible

The increasing geopolitical uncertainty is already having a concrete impact on companies and public institutions in Europe. This is particularly evident in the handling of sensitive data, which is coming under increasing pressure between international legal systems and political interests. Many European organisations use cloud services from global providers based in the USA and are therefore also subject to their legal requirements. The US CLOUD Act (Clarifying Lawful Overseas Use of Data Act), for example, allows US authorities to access data from US companies - even if it is stored in Europe. National subsidiaries such as Microsoft France can therefore not guarantee that data will remain protected from access by foreign authorities in an emergency. For European companies, this means that full control over their data is not guaranteed.

This dependency harbours not only legal but also political and economic risks. In crisis situations, data flows could be restricted, services blocked or access denied - with serious consequences for business continuity. Some countries are already taking action: Denmark and other European countries are specifically reducing the use of US cloud and software solutions in order to strengthen their digital self-determination and minimise regulatory risks.

The development clearly shows that Europe's digital infrastructure is a relevant strategic factor for security, independence and competitiveness.

We support you in setting up your IT infrastructure in a sovereign, secure and compliant manner:

Risk analysis and identification of dependencies

We help our clients to identify and assess sovereignty-driven ICT risks (information and communication technology risks) and transparently identify dependencies on non-EU providers.

Cloud migration and EXIT scenarios

We support you in setting up sovereign cloud platforms and create practicable EXIT documents and tests based on the EXIT strategy and carry them out together with customers.

Cloud migration and EXIT scenarios

We support you in setting up sovereign cloud platforms and create practicable EXIT documents and tests based on the EXIT strategy and carry them out together with customers.

Operational resilience / Exit strategy

By implementing concrete action measures and defining realistic EXIT strategies, we support our clients in ensuring their long-term resilience and operational ability to act.

Sovereign security

IT security is one of the most relevant capabilities. We support the overarching development of a secure security framework and anchor the necessary capabilities in all relevant processes and platforms.