Europe’s digital dependencies: what breaks first, and what to do about it
In February 2025, the United States sanctioned officials of the International Criminal Court. Within hours, the Court lost access to its cloud services, email, payment systems and software licences. The infrastructure that failed that day is the same infrastructure European public administrations rely on daily. Three months later, the Court had migrated to European open-source products.
That fact tends to surprise people more than the sanctions themselves. It also raises two questions most European public organisations have not systematically asked: which systems would fail first if access were cut, and how feasible is it to exit those systems? The answer to the first question is, almost universally, the authentication layer. Microsoft Entra ID authenticates every user, on every system, at every moment. A licence suspension at that level does not degrade a service. It locks access to all services simultaneously. The answer to the second question is more encouraging than the prevailing narrative suggests.
The report maps dependencies across eight technology layers, from cloud infrastructure to artificial intelligence, and finds that for six of them, operational European alternatives already exist today. It documents what fails first under pressure, what can be switched and how fast, and what requires years of prior preparation.
The most important conclusion is not about the severity of the dependency. It is about the gap between what is perceived as feasible and what actually is. The municipality of Échirolles (37,000 inhabitants, ten-person IT team) documents annual savings of €350,000 on a €1 million IT budget. The German state of Schleswig-Holstein migrated 30,000 workstations for a one-time cost of €9 million against annual savings exceeding €15 million. The French Gendarmerie Nationale has been running over 100,000 workstations on Linux for more than a decade. These are not proof that migration is easy, but documented facts establishing that it is feasible, at very different scales, with returns on investment that are systematically and rapidly positive.
The report also identifies levers beyond the reach of any single organisation or administration: six European policy levers are proposed, none requiring new legislation. Four priority decisions are mapped to their institutional owners, their current blockers and a realistic delivery horizon. A prioritisation matrix allows any public organisation to identify its main vulnerabilities and determine where to start migrating.
The situation has changed. As of March 2026, Wero exceeds 43 million users. The Austrian military has removed Microsoft Office from its 16,000 workstations. Denmark is migrating to LibreOffice. The Finnish intelligence service declared that dependency on foreign cloud providers could compromise sovereignty. The European Parliament voted 471 to 68 for a resolution on technological sovereignty in January 2026. The alignment between documented feasibility, available European alternatives and political momentum has not been this favourable in a decade.
The full report is 137 pages, includes 178 sources and ready-to-use working documents. It can be downloaded below, under a CC BY 4.0 licence.
Nicolas Roux
roux.nse@proton.me
Download the report (PDF)
Zenodo DOI: https://doi.org/10.5281/zenodo.19358628