…
While Brussels champions policy initiatives and American tech giants market their own ‘sovereign’ solutions, a handful of public authorities in Austria, Germany, and France, alongside the International Criminal Court in The Hague, are taking concrete steps to regain control over their IT.
These cases provide a potential blueprint for a continent grappling with its technological autonomy, while simultaneously revealing the deep-seated legal and commercial challenges that make true independence so difficult to achieve.
The core of the problem lies in a direct and irreconcilable legal conflict. The US CLOUD Act of 2018 allows American authorities to compel US-based technology companies to provide requested data, regardless of where that data is stored globally. This places European organizations in a precarious position, as it directly clashes with Europe’s own stringent privacy regulation, the General Data Protection Regulation (GDPR).
…
I don’t know much about Sweden, but the government released a report including options for digital collaboration platform technologies for the public sector in 2021 (available in English and Swedish, both a s pdf).
At least the Swedish National Board of Housing, Building and Planning has chosen Nextcloud in 2022.
No Swedish governement agency can freely choose a technical solution. Almost all such choises fall under a public procurement, which are heavily regulated. They can demand that the service supports certain things to exclude actors, but if too strict I think the procurement can be overturned. In some cases a US actor can just offer a low enough price and the agency more or less have to pick them.
I feel like ”adhering to GDPR and not sharing personal information of citizens with actors outside the EU” would be a reasonable requirement. But I’m not lobbied by big tech so what do I know.