In an interview with CIO editor Jürgen Hill, Christine Knackfuss-Nikolic, the new Chief Sovereignty Officer of T-Systems, talks about the different forms of digital sovereignty, the associated challenges for companies and the goals of European initiatives such as Gaia-X and 8ra.
What we notice in customer interaction is that the term sovereignty is currently not defined. There is a completely different understanding or misunderstanding. We define three different forms of sovereignty, because sovereignty exists in gradations, in "Shades of Grey". The basic level is data sovereignty, i.e. the storage and processing of data are subject to the legal protection of the country in which the company has its headquarters. This is to ensure that no regulations are violated that companies must adhere to in this country. I'm thinking of the General Data Protection Regulation, for example. Data sovereignty means the ability to exercise complete control over one's own data.
The second stage is operational sovereignty. The question is whether I as a company have transparency and control over critical infrastructure and operational processes and whether I can maintain them. That is, can I guide the people who run the system, and can I control who has access to the data center? The goal is to protect the physical infrastructure from manipulation, control access rights and prevent the system from being hacked or business processes interrupted.
The third stage is technological sovereignty. This refers to whether you can obtain hardware and software at fair market conditions if required or to produce it yourself.
There are various reasons for this. The classic approach is to avoid vendor lock-in to prevent anyone from imposing prices on you. This is often evident in the interaction between companies and hyperscalers when they raise prices. To avoid this, companies should not necessarily tie themselves to a single provider but pursue a multi-vendor strategy. This fosters competition.
Our experience shows that you don't need the same level of sovereignty for every workload. Sovereignty goes hand in hand with a higher price because more expensive resources are used, higher safety standards and more certifications are necessary. All of this drives up costs. In addition, you usually lose functionality and scalability. This trade-off decision is the core decision for CIOs. You need to achieve the maximum functionality and customer experience for the specific workload at the lowest possible price with the required level of sovereignty and security.
A user should think from the point of view of the use case. Because no one imagines a cloud just to have a cloud.
Christine Knackfuss-Nikolic, Chief Sovereignty Officer of T-Systems
In my opinion, this is recommendable. A user should think from the point of view of the use case. Because no one imagines a cloud just to have a cloud. That would be like buying a horse but not thinking about which equestrian sport I want to do with the horse beforehand. Here, too, I must think about what I want to do with the horse beforehand, dressage, jumping, western riding, and choose the right horse according to these requirements. The whole sovereignty hype is often approached from the wrong end without taking the actual into account.
Yes, that's exactly what you are doing. A basic use case often only takes place at the data sovereignty level, where operational and technological sovereignty are not necessary. One such example could be a hyperscaler cloud, but it adheres to data rights such as GDPR.
The first challenge is the acceptance and use of corresponding sovereign services. This is where the state can help as an anchor customer. If there is already a discussion about whether confidential data can be placed in a hyperscaler cloud, how is a medium-sized company with fewer skills and time supposed to conclude that it has to do it if the government does not? The state must act as a role model to stimulate the use of such services.
The second challenge is that a 100 percent sovereign market is economically difficult for infrastructure providers. After all, it is small but requires large investments. This can change if demand increases. Due to the current geopolitical situation, demand is currently becoming stronger, and a window of opportunity is being created. The third issue, especially for Germany and Europe, is the reduction of bureaucracy and silos. If approval processes take forever or require huge effort and the forces are not bundled, we will not achieve the necessary speed.
But my feeling is that the conditions have never been as good as they are now. When I think, for example, of the Ministry of Digital Affairs and the will to reduce bureaucracy. Now we just must implement it. The willingness is there, and it is also up to everyone – consumers, business and the state – to advance Europe and Germany in terms of digital sovereignty.
Gaia-X and 8ra are different in two essential dimensions. 8ra is a cloud and edge computing infrastructure with the aim of creating a sovereign and interoperable European environment for data processing and storage, based on open standards. Gaia-X, on the other hand, is a European initiative to create a data infrastructure. It enables companies to exchange data confidently and securely. This way, they complement each other. The 8ra project provides the secure nodes, while Gaia-X provides the connections between them.
8ra is building a cloud-edge continuum, a network of tens of thousands of nodes. A node can be a large cloud or a chip on the end device. These are connected across national borders. That's where the term cloud roaming, which we coined, comes into play. As with mobile communications, where you automatically switch to the network of another provider when you cross the national border, you can imagine a similar situation with 8ra. If you are a medium-sized company with factories in several European countries, they can automatically communicate with each other because a cloud roaming service is offered.
If we as Europe do not succeed in managing the digital catch-up process now, we will no longer be able to do so.
Christine Knackfuss-Nikolic, Chief Sovereignty Officer of T-Systems
I believe 8ra has the advantage of having been created in a different "window of opportunity". For me, a bit of "now or never" applies. If we as Europe fail in managing the digital catch-up process now, we will no longer be able to do so. This provides strong momentum for these programs, even though many competing interests need to be resolved. Moreover, it is crucial to avoid letting bureaucracy stifle the process once again. The pressure to act is great, since it has been made clear to us that we as Europeans obtain 80 percent of the technology from non-European countries and are therefore extremely dependent. We will never face such favorable conditions again. That’s why 8ra holds a tremendous opportunity and will also provide a significant boost to Gaia-X.
That depends on what you mean by an alternative. What I appreciate about the 8ra approach is that it doesn't approach the matter naively. Everyone involved is aware that we also need the hyperscalers. Thus, 8ra is a complementary approach that creates alternatives. It offers resilience and independence where they are needed. For highly sensitive workloads or situations where data exchange is critical, you can avoid relying on hyperscalers while still leveraging them in other areas.
First, users should analyze their workloads and the required sovereignty and security requirements. In the second step, you look at the market offer, for example with us, to find the best infrastructure for the respective workload. Many users who have only pursued a multi-vendor strategy with hyperscalers are now asking themselves whether this is sovereign if, for example, the Cloud Act takes effect or services are shut down. They then resort to a more sovereign European hyperscaler alternative. There are already numerous offers available on the market today, such as our T Cloud, from which an effective solution can be built, especially given the significant efforts being made to ensure compatibility and migration capabilities.
