In recent years, digital sovereignty has shifted from a niche concern to a core strategic priority — especially in Germany, where trust, data protection, and independence have long been valued.

Digital Sovereignty as a Strategic Imperative

The latest State of Cybersecurity report from HarfangLab — based on a Q2 2025 survey of more than 800 IT and cybersecurity leaders across Germany, France, Belgium, and the Netherlands — underscores this shift:

- 78% of European executives say their company's leadership is more concerned about digital sovereignty today than a year ago
- 81% in Germany and 83% in France show particularly strong awareness
- 70% believe European companies are too dependent on foreign technologies
- Seven in ten organizations are considering switching to European cybersecurity providers

This shows a growing awareness of the legal and geopolitical dimensions of digital infrastructure — and rising expectations for providers and operators.

What Happens in a Crisis or Conflict?

It's no longer enough to focus only on technical performance or the feature sets of cloud providers. Decision-makers are increasingly asking:

- Where is our data physically located?
- What laws apply?
- Who could theoretically or practically access it?
- What happens in a crisis or conflict?

For many companies, these are no longer abstract questions. They're central to risk management and long-term digital strategy.

These questions resonate strongly in Germany, where the tradition of data protection runs deep. Strict data protection laws were in place well before the GDPR. This makes Germany well-positioned to lead the current debate on digital sovereignty in Europe.

Regulations like the GDPR and the NIS2 Directive provide a clear and binding framework — pushing decision-making toward greater responsibility, transparency, and long-term resilience.

The Impact of Extraterritorial Laws

Another critical issue is the impact of extraterritorial laws like the U.S. CLOUD Act. This law allows U.S. authorities to access data from U.S.-based companies — even if that data is stored on servers outside the U.S., including in Germany.

For many companies, that's a contradiction: How can you control your own security architecture if foreign governments can legally access your sensitive data?

This reality shows that technical security isn't enough — what's needed is control over the contractual, technical, and legal frameworks.

In this context, it's no surprise that many organizations are revisiting on-premises models or hybrid architectures. But the desire for control mustn't stall innovation. There are alternatives to full in-house management.

Keepit's Sovereign Cloud Architecture

At Keepit, we've developed a cloud backup architecture purpose-built for the needs of European companies:

- Independent infrastructure across several global regions — including the EU, in Germany and Denmark
- Strict separation between zones: Data stored in Germany stays in Germany
- Technical impossibility of access from other regions — even within our own systems
- Independence from hyperscalers like AWS, Microsoft Azure, and Google Cloud
- Full transparency about where data is stored and who controls access

By owning and operating our infrastructure, we guarantee not only where data is stored but also who controls access — with complete transparency. Our users know where their data is, what jurisdiction it falls under — and who isn't allowed to see it.

No Need to Compromise

For Keepit, digital sovereignty isn't a theoretical ideal. It's a cornerstone of modern cybersecurity. The latest HarfangLab report makes it clear: Companies in Germany and across Europe are no longer willing to compromise when it comes to control over their data.

The path to a sovereign and secure digital future may not be simple — but with the right partners and carefully chosen infrastructure, that future can be shaped.

At Keepit, we're here to support that journey — with transparent, compliant, and self-operated solutions. Because digital sovereignty isn't just about data protection — it's the foundation of resilience and the ability to act in an increasingly complex digital world.

TL;DR

- 78% of European executives are more concerned about digital sovereignty than a year ago, with Germany at 81%
- The U.S. CLOUD Act allows foreign government access to data stored on servers outside their jurisdiction
- Technical security alone is insufficient — legal and contractual frameworks matter equally
- Keepit operates independent EU infrastructure with strict regional data separation
- Data stored in Germany stays in Germany with no hyperscaler dependencies or indirect access paths

Source: Keepit Blog