Who has access to our data, and where is it stored? These are questions that an increasing number of companies in the European financial sector are asking themselves. In light of increasing cyber risks, global tensions, and growing regulatory requirements – including those imposed by DORA – awareness of digital sovereignty is growing. Rightfully so, as working with US cloud services poses operational, legal, and security challenges for financial companies. Therefore, the importance of Europe as a data location for resilience, security of supply, and competitiveness is greater than ever. This also applies to contract management.
According to the latest bitkom study "Digital Sovereignty – How dependent is our economy?“, 81 percent of German companies depend on the US for digital technologies. Considering the US Cloud Act, this finding is particularly alarming. The US Cloud Act requires US cloud providers to hand over data belonging to international customers, even if the data is physically located outside the US and protected by laws such as the GDPR in the customers' home countries. This poses a considerable risk for financial companies, given the steady increase in outsourcing IT services over the past several years.
Digital dependencies are becoming a geopolitical risk
A recent example illustrates the close link between technological dependencies and the ability to act: The International Criminal Court in The Hague decided to stop using US services and rely on European software solutions in the future*. Political tensions and the prevention of access to a purchased IT service were the backdrop to this decision. This step demonstrates the importance of digital sovereignty in maintaining one's ability to act, not only for international organizations but also for European companies. Geopolitical developments are increasingly influencing digital infrastructures. This makes designing critical systems to be independent and resilient all the more important.
Cloud sovereignty starts in Europe
The local financial sector is subject to strict data protection and IT security requirements. Simply storing data in Europe is not enough to ensure 100 percent compliance. Therefore, for financial companies, relying on European cloud providers is a significant risk-mitigating factor. Another important consideration is data portability with regard to necessary exit strategies.
In addition, the EU continuously supports initiatives and projects aimed at further strengthening Europe's technological expertise and digital sovereignty. The EU research project EMERALD, for example, is working on the development of continuous and uniform certification of cloud services in Europe, including in the context of DORA.
Digital sovereignty offers financial companies not only security, but also tangible competitive advantages in the market. Customers and partners are also increasingly demanding transparent data protection and regional data sovereignty. Companies that use European technologies gain a competitive edge in terms of trust, which can be decisive in tenders and customer acquisition.Given the potential US tariffs and the EU's discussion of a digital tax on US IT services, switching to European providers early on can help avoid additional costs in the future.
Relevance for contract management
Independence from US cloud providers is a crucial factor, particularly in the context of contract management. This is because highly sensitive information relating to customer data, supply chains, security details, and much more is involved.It is essential to strictly avoid hidden dependencies, unclear data flows, or unauthorized access by third parties. The use of contract management software must enable secure and GDPR-compliant data storage and processing. The Austrian cloud-based software Fabasoft Dora provides data locations exclusively within Europe – either in Germany, Austria, or Switzerland. Internationally recognized certificates from independent testing authorities such as the BSI's C5 certificate, the EU Cloud Code of Conduct at Level 3, or ISAE SoC 2 Type 2 confirm the highest data protection and data security standards.
Conclusion
Dependence on the US poses a significant risk to financial companies in terms of data sovereignty, compliance, and the innovative capacity of European businesses. This makes it all the more important to strengthen their own digital sovereignty: Using EU cloud service providers for digital contract management not only ensures data protection and compliance, but also offers massive economic and operational advantages. In light of current political and technological developments, shifting to European providers is increasingly becoming a strategic necessity for companies that want to maintain their data sovereignty and make their contract processes secure and efficient.
*) Source: International Criminal Court Kicks Out Microsoft | heise online
