Part I of II – Exploring the Digital Sovereignty narrative

Motivation and authority on the matter

For 3 decades I have been into Enterprise IT, designing, implementing and maintaining solutions at various layers of the “Digital Stack”. I did so always with a full life cycle perspective in mind and have lived and learned through related problems many times.

I learned that empathy for customers, stakeholders and peers is key to make them more successful. And understanding their individual requirements needs attention, so that onecan better anticipate and take early measures to reduce issues before they arise.

To consume Open Source software has always been my first choice as a developer or architect. Even before I took my job at Red Hat, I realised that Open Source is more than code, more than software. It is a way of looking at opportunities, partnerships, collaboration, competition and, indeed, life. I am not dogmatic but learned that this business strategy is worth to master.

As I am involved in EU / German initiatives that focus on Digital Sovereignty for more than a year now. As the political mission is ambitious and complex, I hope that my short writing adds value to related discussions

The Digital Sovereignty narrative

Digital Sovereignty (also referred to as Technology Independence, Strategic autonomy) is a growing narrative, that is shared currently in my context and it used by governmental, academic, non-profit and business organisations as a differentiator in positioning.

Significant EU public money (Covid Recovery plus existing infrastructure budgets and state aid /IPCEI) are being tapped into to realise this narrative.

Despite seemingly compelling, the narrative of creating Digital Sovereignty based on European Values needs to be shaped and improved so as to avoid missing out on ‘using a crisis’ for real long term and sustainable positive change in the region. Indeed, it risks turning into a protectionist club which not only flies in the face of Europe’s open credentials whilst also encouraging copy-cat initiatives in other parts of the world.

All parties involved in honing the definition of Digital Sovereignty need to properly deduce aspects via analysis, deduction and understanding of various needs and perspectives before inadvertently jumping into a contagion of events which could quickly get out of control. Otherwise, without such profound assessment, we’ll fool ourselves and we’ll miss opportunities to optimise. We might waste resources, time2market to fix things early and might fail on the mission fast. History will judge us all poorly for letting this happen at a critical time in Europe’s growth and role in the world.

The narrative, so far, overly focusses on technical design, technology in the hope that a miracle will solve the issues. Hence, we also need to recognise that technology alone cannot be the sole lever to succeed. And that means that we need to take responsibility as professionals and officials to improve common understanding.

In short, I welcome the crescendo of references to open source as a key driver to realise this digital autonomy yet a re concerned by ongoing failure to fully understand and embrace ‘real’ open source code, licensing, governance, culture and fundamental need to share/collaborate to tackle challenges threatening humanity.

No nonsense about the Digital Sovereignty narrative

The term Digital Sovereignty will probably immediately trigger a picture in your mind. That is somewhat expected due to personal emotions related to social media and IT experience. Your awareness on how digitalisation and security needs are linked on critical infrastructure comes to mind. Data privacy and hate speech social platforms might concern you and how it might affect, say, anything and everything from elections to covid vaccination information.

Data privacy is one of the “not only a buzz word driven” discussions, but instead the ask for more digital sovereignty.

Hence, Digital Sovereignty is a powerful narrative in the EU. At the same time it is used currently imprecise and emotionally overloaded. However, it addresses a complex set of topics that are interlinked.

We need to discuss the root causes and gain broad awareness and interest on problems, risks and measures.

One such personal touchpoint on how this narrative risks getting bent out of shape can be seen within the context of nascent Gaia-X (http://gaia-x.eu) foundation. The European Commission has provided some support to its two founding national governments but also sees the need to keep at arms length and let market dynamics play out.

Although still early days, there are three important documents that give an idea on the political perspective in Europe. Both can be dated to roughly the beginning of the German Presidency of the European Council from July to December 2020:

A briefing document on Digital Sovereignty towards the European Parliament – Source: European Commission [1]
A positioning paper from the European commission Source: German Presidency of the EU [2]
And one that is a little older – A paper laying out the EUROPEAN COMMISSION DIGITAL STRATEGY – Source: European Commission [3]

Those aforementioned papers provide useful insights into the political perspective, containing a context and motivation and related measures.

For the further discourse, the general motivation and context have to be reflected. Therefore, we start to asses Digital Sovereignty from a few perspectiv

Digital Sovereignty is a topic to care to care about – not only in Europe

Digital sovereignty is a political narrative that tries to answer – simply said – threats to the European society, business, citizens and our political self concept and self image.

In the last couple years, there has been a high dynamic and many trigger points that intensified the concerns:

Growth and market power of the so called hyper scalers
the advance on technology in the US but also China
Trump’s “America First” politics,
Fragility of international supply chains (Covid effects, Suez canal blockage)
Trade wars: International supply chains have turned into power diplomacy.

Digital Sovereignty related tactics are trying to address issues at various levels:

IT security
technical competition
Strengthening the digital economy in Europe,
Regulations,
Network & data centre infrastructure,
Digital diplomacy,
Technical competency and related intellectual property and patents.

Another, albeit smaller part of Digital Sovereignty, is rooted in European culture which has a strong focus on civil rights, strict data privacy and thus more critical on new technologies than other regions. As such, the EU is positioning itself as the only place in the world to have “sandboxes’ in which to safely and morally utilise next generation technologies. The occasional protectionist zeal expressed by some politicians and indigineous companies risks blurring that important role which the EU could embrace. It might be the concerns and strategies interesting to observe and asses, as the are potentially advanced.

Whether conclusions and strategies are advanced needs a broad discussion and critical observation. But taking action is usually triggering an evolution – and that has to be welcomed.

Not only money makes it stick

Many concerns and strategies are discussed, raised and answered by policy makers, politicians and governments and officials.
To understand the perspectives of those groups on Sovereignty in general and Digital Sovereignty in particular – and what other perspectives there might be is one – and I consider a key entry point into the discussion that seems to be so important.

And I suggest strongly work on an individual point of view. Because there are funds in the hundreds of billion euros to be spend in the next five years and policy making is very active on many related areas.

Sovereignty from an international law / political point of view

Herewith wikipedia’s definition of sovereignty from a purely political understanding:

“Sovereignty is the supreme authority within a territory. Sovereignty entails hierarchy within the state, as well as external autonomy for states. In any state, sovereignty is assigned to the person, body, or institution that has the ultimate authority over other people in order to establish a law or change an existing law. In political theory, sovereignty is a substantive term designating supreme legitimate authority over some polity. In international law, sovereignty is the exercise of power by a state. De jure sovereignty refers to the legal right to do so; de facto sovereignty refers to the factual ability to do so. This can become an issue of special concern upon the failure of the usual expectation that de jure and de facto sovereignty exist at the place and time of concern, and reside within the same organization.”

[4] Source: Wikipedia

One of the things that strikes me immediately is the territorial aspect and the focus on polity (a identifiable political entity – like a government entity, parliament and the like) and the power to define legal policies and to empower them.

Question is: Is that above perspective addressing the need of civilians and organisations within that territory? Is that definition supporting global spread value chains and businesses that are internationally engaged?

I’d rather say: There are many more perspectives needed to consider Digital Sovereignty in today’s world.

Digital Sovereignty from an individual / civil rights perspective

Proceeding on my thoughts on potential perspectives related to sovereignty, I continued to ask wikipedia to find the next reference point, changing to a potential citizens perspective:

Self-ownership, also known as sovereignty of the individual or individual sovereignty, is the concept of property in one’s own person, expressed as the moral or natural right of a person to have bodily integrity and be the exclusive controller of one’s own body and life. Self-ownership is a central idea in several political philosophies that emphasize individualism, such as libertarianism, liberalism, and anarchism.

[5] Source: Wikipedia

Simplifying – and from a very individual view point, this perspective can be seens as contrasting the above understanding. If you extend the idea of integrity and self ownership towards right on property, data privacy etc., you see that this might contradict wishes from governmental organisations that want to define legal measures in general.

In our developed society we also focus to even improve inclusion, also on technology, infrastructure, accessibility of information, education, equal chances and so on.

Focus on Digital sovereignty, GDPR, data privacy, security and reliability of services used in the internet and the social pressure forcing the use of major social networks are examples that come to mind immediately.

Most of those issues can also be applied to legal persons – legal entities – which means businesses and organisations.

Digital Sovereignty from a business perspective

I assume that for COOs and IT strategists, additionally to the concerns and topics that apply for citizens, a relevant set of other areas of interests are to be considered:

But if you consider the perspective of an owner, investor or the responsible COO that needs to keep business running whilst there are context changes at market dynamics, regulations and innovation evolves in many dimensions as well as your business model and value chains.

Here, additional constraints have a high priority. And to be sovereign in such a context is

related to staying on top of things. This means that you have the capacity, measures and sources to properly observe the relevant trends and dynamics. You need to be able to identify good options to answer those dynamics, the skills, professionalism and capabilities in your staff – plus the resources in money, bandwidth and approach to implement them.

For that you need also to understand your own organisation and have a governance & leadership model to stay on top of things – and yes – being able to adopt your leadership, governance and organisational model accordingly itself. I am referring to ideas laid out in my previous two posts: “From Enterprise Architecture as a Strategy to Business Infrastructure as a Platform”.

As a recap, you need:

ability to observe,
to detect options,
have capabilities to plan and implement options detected and
Ressources und bandwidth

to both, stay in business and adapt at the same time – and be able to reflect how you are doing and how you did in the past.

Digital Sovereignty adds the complexity of having the right approach for your organization to support your business model, staff, processes etc. with underlying IT infrastructure, services and processes – whilst you comply to regulatory and legal requirements.

Needs in a growing digital ecosystem

On a digital level, one layer is handling the various players in your value stream and ecosystem, being able to identify and verify whom you are talking to and being able to identify yourself.

It is a basic need to have control of your business processes, data, interactions and transactions, within and outside of your own organisation.

This is not only due because of the legal consequences and obligations related to those business transactions you operate in your (distributed) IT infrastructure.

Digital Identity, Trust & Sovereignty

As a teaser, I am highlighting one aspect to be dealt with: Self sovereign identity is just a sub topic to be solved – but I hope the to call out only one of those many aspects will make you aware of the complexity of the small details to be considered – if Digital Sovereignty is what we want to achieve:

Self-sovereign identity (SSI) is an approach to digital identity that gives individuals control of their digital identities.
SSI addresses the difficulty of establishing trust in an interaction. In order to be trusted, one party in an interaction will present credentials to the other parties, and those relying parties can verify that the credentials came from an issuer that they trust. In this way, the verifier’s trust in the issuer is transferred to the credential holder. This basic structure of SSI with three participants is sometimes called “the trust triangle”.
It is generally recognized that for an identity system to be self-sovereign, users control the verifiable credentials that they hold and their consent is required to use those credentials. This reduces the unintended sharing of users’ personal data. This is contrasted with the centralized identity paradigm where identity is provided by some outside entity.
In an SSI system, holders generate and control unique identifiers called Decentralized Identifiers. Most SSI systems are decentralized, where the credentials are verified using Public-key cryptography anchored on a distributed ledger. The credentials may contain data from an issuer’s database, a social media account, a history of transactions on an e-commerce site, or attestation from friends or colleagues.

[6] Source: Wikipedia

Other aspects in focus

If you want to gain an overview of the areas considered within the European Community, I suggest to start with the more strategic perspective in source [2] and then go potentially into details in source [1]

Strategies to achieve results

With a strong focus on infrastructure, edge as a focus area to gain Digital Sovereignty (IPCEI-CIS is talking about the Distributed Federated Edge Cloud Continuum), Open Source has already today greatly answered many aspects – and is proceeding towards Federated Cloud Management, security, interoperability on top of various IaaS layers with Kubernetes and so on.

And I see Open Source as the only strategy to follow on those joint, broad and common area of Digitalisation.

Open Source has made everyone able to consume or contribute, learn or operate high technology and creates value to society and businesses around the globe – every day, every second!

Hence, the next post I’ll publish will help “Exploring Open Source as a Strategic Framework and how it is genuinely addressing Digital Sovereignty”.

Stay tuned and may the source be with you