Digital sovereignty in the era of AI

A Strong Signal for Open Technologies

Amid the ongoing debate about digital sovereignty, the 2025 Digital Sovereignty Index (DSI) by Nextcloud sends a clear signal: Germany ranks second behind Finland and is thus among the countries where a particularly large number of individuals and organizations rely on self-hosted, independent tools.

This result is more than just a statistical snapshot. It shows that the desire for independence from global tech giants is noticeably growing—especially among small and medium-sized organizations.

At the same time, the index makes clear where action is still needed: proprietary software solutions continue to dominate in large companies and significant parts of public administration.

The Digital Sovereignty Index thus provides a concrete entry point into a complex topic and invites a reevaluation of digital sovereignty in the AI era.

Digital Sovereignty: Why Control Over Data Matters

Before delving deeper into the index results, it is worth taking a closer look at the central concept: Digital Sovereignty.

It describes the ability of organizations, states, or individuals to maintain control over their digital systems, infrastructure, and technologies—and, above all, their own data. Digital sovereignty prevents vendor lock-in and establishes a reliable legal framework, particularly with regard to international laws such as the US CLOUD Act.

This topic is more relevant than ever: almost all critical processes—from citizen communication to the management of global supply chains—now rely on digital systems. Many of these, however, are provided by a few large technology corporations.

Lack of control over these systems can lead to dependencies that compromise the security, data protection, and autonomy of individual organizations and entire states.

The Digital Sovereignty Index: What Does It Measure?

While the topic of digital sovereignty is no longer niche, the conversation often remains theoretical. Concepts like data sovereignty provide important legal and regulatory frameworks, but they offer little insight into how independently countries actually manage their digital infrastructure.

The Digital Sovereignty Index (DSI) brings this abstract concept into concrete terms. It measures how widely self-hosted applications are used for communication, collaboration, and project management – based on the number of identifiable server instances per 100,000 inhabitants. Around 50 leading self-hosted tools are factored into the evaluation.

This makes the DSI a tangible indicator of a country's self-hosting culture and provides a quantifiable perspective on digital independence.

Despite Germany's encouraging ranking, the index also reveals a significant sovereignty gap. While many individuals and small to medium-sized enterprises (SMEs) already opt for sovereign alternatives, large organizations and significant parts of public administration remain heavily reliant on proprietary systems from international providers—thus dependent on key players outside of Europe.

Open Source: The Foundation of True Digital Sovereignty

The results of the Digital Sovereignty Index make one thing clear: self-hosting is a key pillar of digital sovereignty. But anyone aiming to pursue this path seriously and sustainably cannot overlook one critical factor: open source.

Even proprietary software installed on-premise remains a black box if the source code is not accessible. This comes with fundamental limitations:

No auditability: Without access to the code, potential security risks, data leaks, or hidden functionalities remain undetectable.

Legal uncertainty: Software from providers outside Europe – for example, the U.S. – is subject to foreign laws such as the CLOUD Act. These can apply even if the data is physically stored in Germany.

Open source (OSS) makes a clear difference—both technically and structurally:

• Transparency and auditability: Open source code forms the basis for trust, security, and meeting regulatory requirements, such as in KRITIS environments or state IT systems.

• Technological independence: OSS prevents vendor lock-in. Organizations retain control over operation, updates, and development, without being tied to a single provider.

• Resilience through community: Open standards and strong communities make systems more robust, flexible, and adaptable—even internationally.

Open source is thus no question of idealism, but a strategic choice for autonomy, security, and future viability.

AI: The Next Sovereignty Challenge

The increasing spread of artificial intelligence casts the question of digital sovereignty and data control in a new light. Especially in areas like customer service, communication, or internal processes, large amounts of structured data are generated daily. Organizations that process such data through proprietary platforms relinquish a degree of control.

Many AI systems are not fully auditable or can only be audited to a limited extent. Neither the training data used nor the precise functioning of the models are openly documented. As a result, organizations can hardly verify whether and how their data contributes to the further development of these models.

This creates a new form of digital dependency: not only on software or infrastructure but on the algorithms and decisions working behind the scenes.

Responsible AI as a Measure of Sovereignty

With increasing complexity and performance of AI systems, the demands for transparency and traceability also grow. An open approach is the most reliable way to meet regulatory requirements and maintain long-term control.

The Regulatory Dimension
The EU AI Act establishes for the first time a binding framework in Europe for the responsible use of AI. High-risk AI systems are subject to strict transparency and auditing obligations. This includes informing users clearly about the use of AI and enabling them to understand how decisions are made. Proprietary models often meet these requirements only partially, whereas open-source models—with open source code and transparent data flows—offer a better foundation for compliance and trust.

Sovereign Data Basis – Also for AI
A self-hosting culture prevents sensitive data from flowing uncontrollably to external systems. However, local storage alone is not enough; if the AI model is operated via APIs or cloud connections, data may be inadvertently exposed despite apparent sovereignty. Such risks can only be minimized by using open-source AI models.

Transparent AI Decision Processes
In practical applications—such as automated ticket routing—transparent decision processes are indispensable. Organizations must be able to understand why a case was assigned to a specific category or agent group. Open systems allow adjustments as needed and thus strengthen trust among employees and customers.

Zammad and the Open AI Approach

At Zammad, we take the requirements for responsible and transparent AI seriously – they actively shape our product development. That’s why user choice is central to all of our AI features. You decide which AI model runs in your environment: whether it’s an external service or a self-hosted, local model.

Because digital sovereignty in AI also means staying in control. Zammad provides the open-source tools and infrastructure you need to maintain full authority over your sensitive support data and AI processes.

Summary

Nextcloud’s Digital Sovereignty Index makes it clear: self-hosting and open source are no longer niche concepts, but established practices in many leading countries. This marks an important step toward greater independence and self-determination in the digital space.

Digital sovereignty is not a static goal, but a continuous process. The next logical step is to consistently apply these principles to emerging technologies – first and foremost, artificial intelligence. Organizations that already have control over their infrastructure today are laying the foundation to handle AI in a way that is sovereign, secure, and responsible in the future.