Digital sovereignty in sight: Police strengthen their IT strategy!

Digital sovereignty in sight: Police strengthen their IT strategy!

At this year's European Police Congress in Berlin, which took place on May 21, 2025, the focus was on the topic of police digital sovereignty. As part of a panel, experts discussed the dependence on US companies and the need to develop European alternatives. Among the experts who discussed were Dr. Stefan Mager, Christian Kuẞ, Tobias Ossenforth and Dirk Kunze, who dealt with the challenges and solutions in the area of ​​digital security, such as Authorities mirror reported.

A survey of participants found that 60% of respondents associated digital sovereignty with control over data infrastructure, software and legal capacity. Over 25% of participants rated their own IT infrastructure as “hardly confident”. These results show the widespread dependence on proprietary solutions and non-European platform providers.

Strategic needs and challenges

Christian Kuẞ emphasized the strategic need for digital independence at the European and regulatory level. Police must ensure access to their own data, systems and technologies to protect themselves against geopolitical risks. Important technologies in this context are cloud, artificial intelligence (AI) and microelectronics. Initiatives like GAIA-X are intended to promote the development of a resilient infrastructure and reduce dependence on US technology companies.

A central concern is to emphasize the advantages of sovereign IT solutions: less vendor lock-in, more resilience against cyber attacks as well as greater transparency and lower follow-up costs. Tobias Ossenforth in particular pointed to public procurement as a lever for reducing dependence on US suppliers. To this end, he named five procurement law adjustment screws that enable a differentiated approach:

• Markterkundung
• funktionale Leistungsbeschreibungen
• wettbewerbliche Dialoge
• angepasste Zuschlagskriterien
• besondere Vertragsklauseln

Ossenforth also suggested integrating sovereignty objectives into the procurement process, such as through a central clause toolkit, a sovereignty dashboard and pilot projects using open source and dual-supplier approaches.

Geopolitical risks and legal framework conditions

The geopolitical risks associated with digital sovereignty cannot be ignored. The US Cloud Act allows access to data from US companies, even if it is stored in Europe. A well-known example is the blocking of the email account of the chief prosecutor of the International Criminal Court by Microsoft on political orders.

Event participants assess digital sovereignty as a strategic goal and as “existential” for their authorities. The success factors for implementation include political support, sufficient budget, technical alternatives, practical criteria and interoperable architectures.

In order to promote the development of sovereign cloud-based solutions in Europe, a binding catalog of requirements for cloud providers is being sought. This is intended to define technical, organizational and legal characteristics and thus provide orientation for both public and private cloud users. In addition, current developments are increasingly pushing the private sector towards sovereign solutions, such as PwC reported.

The Federal Office for Information Security (BSI) could play a central role in relation to cloud sovereignty. Existing European cybersecurity regulations, including NIS 2 and the Digital Markets Act, highlight the regulatory framework, which could, however, be further developed to incorporate cloud-specific regulations.