“Digital sovereignty has become a marketing concept”

The interview was conducted before the Federal Council adopted the report on “Switzerland’s Digital Sovereignty” on November 26, 2025. 

Digitalization changes many things, but one thing remains the same: Everyday life goes on. And digitalization means using digital technology in everyday life. It is still true that you need to have a handle on what you are doing, whether it’s business continuity, the availability of systems, or the confidentiality of data. Businesses and individual offices remain responsible for risk management in the digital space. But networking has increased in the digital world. People can see dependencies. They are asking questions: Is the world still on an even keel? Can Switzerland retain its sovereignty in the digital world? These are good questions. And the latter is a legal one. The answer is perhaps more straightforward than you might think: We don’t use “sovereignty” to describe what motivates us in everyday life. Fifty years ago, nobody would have thought of asking about sovereignty when buying a car.

Are there any examples showing how sovereignty is affected in everyday life? Yes, there are. But these are the exception, not the rule. In the current Swiss system, the state only comes into play when the problems are too great for the individual or when Switzerland as a whole is affected – at institutional level, if you like. This would be the case, for example, if the control software of several pumped-storage power plants were hacked and you could only assume it was a systematic attack. Another would be if fake news made free elections impossible.

Geopolitically, Trump is probably more of a symptom than the cause. Europe did a lot of good things in the post-Second World War order, but it also accumulated “digital debt”. Europe feels left behind. And we need to encourage anyone who wants to do something positive here. The only question is who needs to step in to overcome this malaise? Businesses and government agencies, as before, or the state as an institution? I often hear people say that the state must provide the money for this. Anyone who sees the state as having such a duty must also answer the question of who should pay.

Sovereignty – a term created for international law – is being reinterpreted in the political debate and used politically as a wake-up call to further a large number of special interests. It seems to be working. But if the discussion were only about who should receive money from whom and why, wouldn’t it be more effective to address this openly? If digitalization is to work, businesses and government agencies need to “get their house in order”. That is a challenge. Much of what is being discussed today in terms of digital sovereignty, such as the reduction of dependencies, is what any industrial company must tackle.

I am also noticing how “digitally sovereign” has become a marketing term with an almost interchangeable meaning. It can mean anything from “made in Switzerland” to “hyperscalers have top products” to “100 % open source software”. That doesn’t exactly help the debate. You quickly get bogged down.

Reducing it to the location of the server does not really help us. Let’s assume that an Australian commits a crime in his home country. He saves incriminating information in a file and stores it on a server in Switzerland. Does that mean the case has to be judged according to Swiss law? Cyber attacks, too, show us that the location of the server is not the decisive factor. Whether a treaty is subject to Swiss law is not relevant to sovereignty either.

On the one hand, the digital sovereignty of a state is about its ability to defend itself against digital attacks. This might, for example, be when a third country influences the mood on social media before a vote. On the other hand, it’s also about a country actively shaping its own digitalization strategies, such as e-ID, data protection, ecosystems, and data spaces. It is essential to clarify at international level who has jurisdiction for what. Under international law, sovereignty also serves above all to define jurisdiction.

Yes, it is possible to be sovereign in a digital world. But the fact is that digital reality functions independently of national borders. Legislation, on the other hand, is still based on territorial principles. That’s where we need new approaches. Work is already being done on this, for example as part of the “E-Evidence” legislative package. It can be done.

You also mentioned data protection legislation. It is an expression of self-selected design. After all, improving living conditions is a core task of a sovereign state. It’s about a country actively shaping its own digitalization. One example of this is the electronic ID: We went through a political process to reach a decision on this, and we now have the tools we need for a digital trust ecosystem. Networks that require trust, such as data cooperation, data rooms, etc., can emerge within this ecosystem. This work contributes directly to sovereignty.

In a networked world like ours, you cannot live without being integrated into networks. That means you are always dependent. There is no such thing as life without dependencies. If dependencies are of a minor nature, this hardly ever makes someone incapable of acting. And that’s the point: What impairs Switzerland’s ability to act? From the perspective of everyday digital design, what impairs the government agency or company’s ability to act?

Total dependence from outside can make you incapable of acting. You need to take a realistic view of what you can achieve. If an individual agency uses the services of a particular IT provider, whether this is a Swiss company with market dominance or a foreign hyperscaler, it can become dependent and perhaps even lose its ability to act. Does this make Switzerland as a whole incapable of acting? No, of course not. But if a critical majority of such agencies are dependent on the same service provider, things can go awry. The failure of the service provider can then affect a large part of Switzerland. That would be a “sovereignty case”. Certain state measures might then also be justified. BACS and BABS are currently investigating possible critical developments for vital infrastructure. That is a positive and necessary step.

As you can see, you get concrete results when you start managing and mitigating dependencies. If, on the other hand, we talk about the hazier concept of independence, things quickly become blurred. That doesn’t help anyone.

Switzerland has undertaken to comply with Art. IV (1) of the GPA (General Procurement Agreement). This states, very bindingly, that “each Party, including its procuring entities, shall accord immediately and unconditionally to the goods and services of any other Party and to the suppliers of any other Party offering the goods or services of any Party, treatment no less favourable than the treatment the Party, including its procuring entities, accords to (a) domestic goods, services and suppliers.” Point (c) of Art. 11 BoeB is usually interpreted in the light of these rules, but its wording would allow greater leeway: “[The contracting authority] shall ensure equal treatment of bidders in all phases of the procedure.” 

Prevailing doctrine is that procurement agencies cannot give preference to Swiss suppliers except in very narrow circumstances. However, it is good procurement practice to ensure that architectures are flexible and designed in accordance with EMBAG (Swiss Federal Law on the Use of Electronic Means for the Fulfillment of Governmental Tasks) requirements – especially Art. 12 and 13 EMBAG – in order to reduce dependencies. Parliament has already tried to impose Swissness requirements on procurement agencies that buy services. [source] However, some of these would not be legally enforceable. 

Switzerland wants to be able to do what it wants. If it is not in a position to do so, and its options are limited, it lacks the ability to act. This should be avoided wherever possible. Here too, though, you need to be realistic. A small state cannot always choose to do whatever it wants. You also have to think in terms of scenarios. Not that long before the Russian invasion, Ukraine decided against having a dedicated data center for its state data. Instead, it migrated the data to the environment of foreign hyperscalers. This was a wise decision in retrospect, and has given Ukraine more freedom of action.   

Efficient data usage and innovation would be good. The efficient use of data strengthens Switzerland by making projects better, faster, and more efficient. That applies to the administration as much as to private individuals. Data rooms also strengthen the use of data. As far as possible, this should be done without damaging the land. Let me take you back to the electronic ID. It gives Switzerland the possibility of an ecosystem that can be created now.  

I also rate EMBAG very positively. Article 12 (Standards) and Article 13 (Interfaces) contain very important measures for promoting interoperability. Such architectures have a positive effect on IT infrastructures at federal level. 

When I think of open source software (OSS), Art. 9 EMBAG comes to mind. The regulations are innovative and geared toward the goal of “public money, public code.” In the discussion about sovereignty, however, we’re talking about something else: the use and procurement of software. Art. 9 EMBAG is not so relevant there. 

Let’s take a look at the use of OSS. What does that have to do with sovereignty? The critical factor is the goal of operational security. That is, the reliable availability of functions, operation, and interoperability, as well as IT security. To put it simply, operational security is more important than the OSS license model. If you could have both, you would probably choose the open license model, as it offers additional options. That’s a positive. But does the open license model per se always lead directly and causally to operational security? No. More is needed, and this “more” has greater importance. Does an open license always lead to less lock-in? In an ideal world, yes. But still… 

As far as the use of products and services with high market penetration is concerned, I would differentiate. In the short term, increasing operational and IT security is a positive thing, even if it means using a solution from a provider with high market penetration. Would it be positive for Switzerland to be able to access efficient local products and services instead, and to improve in the long term? Definitely. 

The definition of terms used in the German government’s Digital Summit 2018 can easily be taken to include funding projects of an economic policy nature. What should not happen is throwing “economic policy money at individual players”, as Lilith Wittmann puts it. If money is only redistributed from here to there, that would be counterproductive for Switzerland. The emphasis is on the “only”: If this does not create any particular benefit for society, or even makes an existing benefit impossible, I would not support it. However, I do support infrastructures that offer inherent public benefits for Switzerland, such as the electronic ID. We need “digital public infrastructures” like these. 

As an aside, the terms defined in the Digital Summit 2018 [source], like those of the EU Cloud Sovereignty Framework that appeared in October 2025 [source], water down the established principle of sovereignty under international law and have blurred the boundaries. I don’t think that’s very helpful. This can give the impression of arbitrary boundaries, ultimately slowing down digitalization. That’s the last thing we need.