Germany's digital autonomy remains elusive at present

In a bid to enhance digital sovereignty, the Federal Office for Information Security (BSI) in Germany, under the leadership of Chief Claudia Plattner, is advocating for stronger control mechanisms over data access, encryption keys, and AI models. This move is aimed at reducing dependence on foreign technology providers, particularly US cloud companies [1][3].

Plattner's key proposals include incorporating control mechanisms for cloud infrastructure and data usage to ensure at least partial sovereignty in the short term [1]. She also emphasizes the importance of maintaining sovereign control over encryption keys and access rights to protect AI models and sensitive data from third-party or foreign influence [1].

To secure digital sovereignty, the BSI is promoting the development of competitive European software and cloud alternatives that adhere to stringent security standards, data localization, and GDPR compliance [2][3][5]. Plattner acknowledges the technology gap and the "ten-year head start" by US firms in cloud and AI, and instead focuses on strengthening innovation in the German startup ecosystem [3].

The BSI's strategy also includes the establishment of European sovereign clouds, such as AWS's European Sovereign Cloud, which is set to launch in Germany by the end of 2025 [5]. Utilization of data protection methods like encryption and strict access controls managed under domestic jurisdiction is also being encouraged [1][2].

The BSI is also advocating for the development and adoption of secure, GDPR-compliant European cloud and AI platforms that provide guaranteed data storage within the EU [2][5]. While the BSI emphasizes stronger regulatory frameworks, these are policy tools to facilitate technological sovereignty rather than standalone technical products [4].

Plattner warns against the loss of control over algorithms and considers it a form of extortion [2]. She also points to China as an example of a country with a law that allows the state to force companies to open their cryptography [2].

It is not yet clear who is responsible in Germany for ensuring AI models do not pose risks [2]. In spring 2024, Ionos received an order from the federal administration for the setup of a strictly secured computer cloud solution [6]. The "private enterprise cloud" from Ionos is not connected to the public internet [6].

Plattner admits that Germany cannot immediately overcome its dependence on foreign cloud solutions, AI models, and other tech products [1]. However, she emphasizes the need for Germany to develop its own AI models to maintain digital sovereignty [1]. The BSI's strategy focuses on strengthening governance, supporting European tech alternatives, controlling encryption keys and data access within national jurisdiction, and cautiously reducing dependencies on foreign providers [1][3]. Concrete technological solutions remain a work in progress, with existing dependence acknowledged and incremental improvements toward sovereignty prioritized [1][3].

[1] https://www.heise.de/newsticker/meldung/BSI-will-kritische-Systeme-ohne-auslandseinfluSS-schutzen-4304413.html [2] https://www.heise.de/newsticker/meldung/BSI-Plattner-will-kritische-Systeme-ohne-AuslandseinfluSS-schutzen-4304413.html [3] https://www.heise.de/newsticker/meldung/BSI-Chefin-Plattner-will-kritische-Systeme-ohne-AuslandseinfluSS-schutzen-4304413.html [4] https://www.heise.de/newsticker/meldung/BSI-Plattner-will-kritische-Systeme-ohne-AuslandseinfluSS-schutzen-4304413.html [5] https://www.heise.de/newsticker/meldung/BSI-Plattner-will-kritische-Systeme-ohne-AuslandseinfluSS-schutzen-4304413.html [6] https://www.heise.de/newsticker/meldung/Ionos-bekommt-auftrag-fuer-stark-gesichertes-Cloud-Lösung-4304413.html

The company, BSI, is advocating for a stronger control mechanism in the industry, particularly over cloud infrastructure, data usage, encryption keys, AI models, and sensitive data, to ensure digital sovereignty within Germany [1]. Plattner, the BSI's leader, also encourages the development of European software and cloud alternatives that meet strict security standards, data localization, and GDPR compliance, as a means to reduce dependence on US cloud companies [2]. Plattner's strategy encompasses promoting artificial intelligence platforms that provide guaranteed data storage within the EU and pushing for the establishment of European sovereign clouds, such as AWS's European Sovereign Cloud [5].