RBGTK DevOps
Back to blog
EUsovereigntydataprivacy

EU Data Sovereignty and Why it's > [!IMPORTANT]

Robby Goetinck·

France recently announced plans to reduce its reliance on Windows across parts of its government infrastructure. And it’s not alone. Germany has been revisiting open-source strategies, India is pushing Linux adoption in public institutions, and Singapore continues investing in sovereign digital infrastructure.

What used to be a niche preference among Linux enthusiasts is now becoming a strategic priority: data sovereignty is no longer optional.

This is not a coincidence, nor is it an ideology being preached by tech advocates like myself. It's a shift in how governments think about (data) control.

For decades, public infrastructure has quietly become dependent on a small number of primarily US-based technology providers. Microsoft, Google, Amazon — their products are deeply embedded in daily government operations. Email, document management, identity systems, cloud infrastructure — all tightly coupled to external vendors.

That coupling worked. It was efficient. It was convenient.

But it also created a structural dependency.

And as geopolitical relationships become less predictable, that dependency starts to look less like efficiency — and more like risk.

This isn’t about assuming conflict. It’s about acknowledging that even in stable relationships, critical infrastructure should not rely entirely on external control. Sovereignty, in this context, is not isolation — it’s resilience.

Control vs Convenience

What’s happening now is not a “Linux vs Windows” debate.

It’s a shift from convenience to control.

When a government relies heavily on a proprietary ecosystem, it implicitly accepts constraints:

  • Licensing models it does not control
  • Data governance subject to foreign jurisdictions (e.g. the US CLOUD Act)
  • Operational dependencies on vendors that can change terms, pricing, or access
  • Limited visibility into the underlying systems

Moving toward open systems (which are often based on Linux) changes that balance:

  • Full control over infrastructure and data
  • Ability to audit and modify systems
  • Reduced exposure to external policy decisions
  • Independence from single-vendor ecosystems

This doesn’t come for free. It shifts responsibility inward and it will take time and effort (by governments no less) to make this transition a reality.

What This Means in Practice

For government employees

This is where the impact will be most noticable because switching from familiar tools to a new system always introduces friction:

  • New desktop environments
  • Different office tools (LibreOffice, OnlyOffice, Collabora)
  • Changed workflows (no longer centered around Outlook or SharePoint)
  • Retraining requirements

This is the hardest part of any migration. Not the technology — the habits of the user base.

If handled poorly, it leads to frustration and productivity loss. If handled well, it becomes a one-time adjustment with a serious pay-off in sovereignty.

For sysadmins and infrastructure teams

This is where the trade-off becomes more interesting.

Most backend systems — web servers, databases, networking — already run on Linux and open-source software like apache/nginx, mysql/mariadb, ... For infrastructure teams, this shift often aligns the frontend with what’s already standard in the backend.

Benefits include:

  • Reduced vendor lock-in
  • Greater flexibility in automation (Ansible, Terraform, etc.)
  • Easier integration across systems
  • Full ownership of identity and access management (e.g. moving away from Azure AD toward solutions like Keycloak <3)

But there’s a flip side:

You own the stack and there’s no vendor to escalate to for every issue. Expertise needs to exist internally and operational maturity becomes a requirement, not an option.

For citizens

Ideally, nothing changes.

Public services today are largely web-based. Whether the underlying system runs on Windows or Linux should be invisible to the end user.

If anything, the benefits are indirect:

  • Stronger data protection guarantees
  • Reduced exposure to foreign legal frameworks
  • More resilient public infrastructure

If citizens notice the transition, it usually means something went wrong.

Replacing the Stack (Carefully)

This transition is not about removing one tool and dropping in another.

It’s about rethinking the stack:

  • Microsoft 365 → Nextcloud ecosystem
  • Outlook → ProtonMail or EU-hosted mail solutions
  • SharePoint → self-hosted collaboration platforms
  • Azure AD → open identity providers

None of these are one-to-one replacements.

Microsoft’s ecosystem is deeply integrated and highly polished. Alternatives often trade a lot of that convenience for control and transparency. But that's the point.

The Bigger Picture

The internet already runs on open systems. Linux powers the majority of servers, cloud infrastructure, and critical services worldwide.

What’s changing is not the technology but where the boundary of control is drawn, and governments are realizing that:

  • Infrastructure they don’t control is infrastructure they depend on
  • Dependency introduces risk, even in stable conditions
  • Sovereignty is not about isolation, but about optionality

Digital sovereignty is not a rejection of global technology.

It’s the decision to ensure that when it matters most, critical systems remain under your own control.