The Digital in Public Administration: Notes for Debate
Over the past few months, an inspiring movement has taken hold across public administrations around the world. These are isolated…
Over the past few months, an inspiring movement has taken hold across public administrations around the world. These are isolated initiatives — at the federal, state, and even municipal levels — aimed at restraining the almost unstoppable advance of the so‑called Big Techs over the applications, communication systems, and infrastructures that provide digital services to and by the Public Authorities. Examples abound and include reviews of public contracts, a preference for open‑source solutions, agencies devoted to technological sovereignty, and regulations that make the infrastructure storing countries’ strategic data proof against external injunctions.
Recently, a Microsoft executive publicly acknowledged that there is no way to prevent the United States government from intervening in the company’s cloud services. In testimony and court actions, Bill Gates’s company conceded that, owing to US legislation such as the CLOUD Act[1], the US government may demand access to data stored on its servers, even when those servers are located outside US territory. Brad Smith, Microsoft’s Chief Legal Officer, stated that the company receives thousands of court orders that oblige it to provide customer data and, often, to maintain secrecy about those requests, which makes it impossible to alert affected users. This shows that, regardless of where data are physically located, international clients — including governments — have no guarantee of protection against the jurisdiction and intervention of US authorities.
Concrete measures to curb this interventionism by Big Techs and by the US government can still be counted on one hand, but the debate has been advancing in several countries and deserves visibility. However difficult it may be to overcome the technical, cultural, and political barriers surrounding the risks of relying on foreign digital technologies, something is starting to be done. Rather than offering a catastrophist prognosis, this text seeks to inform readers about solutions that might serve as examples to nation states still bound to a dependent relationship with US technology companies and, more recently, with those of China. The inventory points to disruptive cases as well as to those still taking stock of the situation and seeking ways out.
France
La Suite Numérique[2] is a French government initiative to create a suite of collaborative and productivity applications based on free software and open standards and geared towards public administration. The aim is to reduce dependence on foreign proprietary solutions, such as Microsoft Office and Google Workspace, promoting what has come to be termed digital sovereignty and the protection of the State’s sensitive data. The project was developed in response to growing concern over security, privacy, and technological autonomy, particularly after debates on the use of foreign platforms by public bodies.
Historically, France has invested in sovereign digital alternatives, such as Nextcloud for storage and collaboration, OnlyOffice or LibreOffice for document editing, and Matrix for secure communications. La Suite Numérique integrates these and other tools into an interoperable ecosystem tailored to the needs of the French public sector. Development is conducted in collaboration with government agencies, free‑software communities, and French companies, with the aim of ensuring transparency, auditability, and local control over data and administrative workflows.
In parallel, cross‑border cooperation is growing: France and Germany formalised, a month ago, an economic agenda that includes convergence between their collaborative suites — La Suite Numérique and openDesk. The aim is to strengthen a Franco‑German ecosystem of modular applications geared towards the European Union, as well as to develop joint projects in AI, quantum computing, and federated cloud for sensitive data. The agenda provides for a “European Summit on Digital Sovereignty[3]” in November to align investment and rules for cyber‑security and AI. In the private sector, the EuroStack consortium — created last year — is gaining traction: Switzerland’s Proton announced incentives of up to €100 million, offering one year of Proton Mail or Proton Pass free of charge for French SMEs, in a declared strategy to strengthen European vendors and reduce dependence on US Big Techs.[3]
Germany[4]
The German state of Schleswig‑Holstein is advancing an ambitious strategy to replace Microsoft software with open‑source alternatives across the public administration, migrating around 30,000 workstations to tools such as LibreOffice, Open‑Xchange, Thunderbird, and Nextcloud. The Digital Minister, Dirk Schrödter, stated that “the timetable is tight,” but expressed confidence in the target, highlighting that “we already have 24,000 workstations using the new working environment”. He stressed that the change seeks to be as transparent as possible for staff, minimising impacts on their daily work, and that the goal is to eliminate almost all Office licences by 2029.
Schrödter emphasised that digital sovereignty goes beyond cost savings and is a strategic issue for the future: “What we are doing is economical in the sense of using fewer resources over time,” but it is also “an investment now to reap benefits later, when there are no licences left to renew.” He argued that the State’s purchasing power should be used as a “decisive lever” to boost the free‑software market, and called on the European Union to give preference to open source in its public‑software procurement rules.
At the regional level, Germany is also behind pressure for the European Union to exclude the leading US Big Techs from the sharing of financial data on companies and citizens in EU member states. The regulation known as FiDA will allow the exchange of such information among financial institutions, but will not be open to large technology companies such as Apple, Google, Meta, and Amazon[5]. The European justification is to promote a domestic digital‑finance ecosystem, ensure a level playing field, and protect consumers’ digital sovereignty. However, this exclusion is perceived in the US as discriminatory against its companies, especially because access to the European market for financial services represents a significant competitive advantage.
Nationally, however, the situation is more complicated. Created in 2022 by the Federal Ministry of the Interior to reduce the federal administration’s dependence on vendors such as Microsoft, the Centre for Digital Sovereignty of Public Administration (Zentrum für Digitale Souveränität — ZenDiS[5]), set up as a state‑owned enterprise, achieved quick results — the openCode repository already hosts hundreds of public projects and the openDesk collaborative suite began to be rolled out in dozens of agencies, attracting interest even from other countries. Despite this initial impetus, funding has slowed: €34 million in federal funds approved for 2023 were not released and, in the 2025 draft budget, almost all resources destined for open initiatives were cut. According to reports, the freeze results both from austerity pressures imposed by the “Schuldenbremse” (debt‑brake rule) and from internal disputes — the Ministry of Finance has delayed the entry of state governments into the company’s shareholding, hindering the expansion of the contract portfolio that should underpin its model without a fixed appropriation. The result is a paradox: while the coalition professes to bet on open source to gain autonomy, it relegates ZenDiS to surviving on ad‑hoc projects, prolonging dependence on proprietary software in the public sector.
The reversal has been such that SAP, the country’s giant in enterprise IT systems, announced two partnerships with US companies on the same day. With OpenAI, a programme of “sovereign AI” for the German government will be implemented from next year. “OpenAI for Germany”[6] will allow public‑sector employees to use artificial intelligence for their daily work tasks. The platform, which will rely on Microsoft infrastructure, will also enable the creation of custom AI applications for specific administrative needs, such as the automated management of records and the analysis of administrative data. In the cloud‑services field, the company announced a partnership with Amazon Web Services[7]. The AWS European Sovereign Cloud — scheduled to launch its first AWS Region in Brandenburg by the end of 2025 — is designed to offer more options to public‑sector organisations and clients in highly regulated sectors. The offering may help these organisations meet their specific needs for relative digital sovereignty, including data‑residency requirements, operational autonomy, and resilience. SAP Sovereign Cloud resources are already available on AWS in Australia and New Zealand (since 2023), the United Kingdom (since 2024), Canada, and India (since 2025).
Netherlands[8]
The debate on digital sovereignty has moved from academic recommendations to concrete political decisions. In March 2025, Parliament approved motions requiring a fully state‑controlled “rijkscloud” (literally, government cloud), a review of the use of Amazon Web Services for the .nl domain, and a preference for European suppliers in future tenders. It also determined that each ministry must present strategies to abandon US services and to assess sovereignty and operational‑continuity risks. The federal agenda adds to municipal initiatives such as the Common Ground programme and the open‑source Haven platform, which bring cities together to develop services based on Nextcloud, LibreOffice, and Matrix, gradually eliminating dependence on proprietary software. These actions are reinforced by the Council of Ministers’ decision in July on a European definition of sovereign cloud, incentives for open standards, and joint financing of critical infrastructure.
Nordic countries[9]
Denmark began in 2025 the governmental migration from Windows and Microsoft 365 to Linux distributions and LibreOffice. The Ministry of Digitalisation argues that, to avoid new cases of international‑body blocks, sensitive data must be kept under national jurisdiction. Copenhagen and Aarhus began the transition prior to the federal decision and now serve as laboratories for technical support and training of public servants. In Finland, the government defined an “open‑source priority” in all public procurement: bodies must require open interfaces, publish code, and, where possible, use the X‑Road (Palveluväylä) data‑exchange infrastructure that underpins Suomi.fi portals. Moreover, the AuroraAI plan prepares proactive services running on this free architecture, while procurement criteria oblige officials to explain whenever a proprietary solution is preferred.
Sweden has implemented a comprehensive digital‑sovereignty strategy since 2023, focused on reducing dependence on large foreign technology providers and protecting sensitive data. The country developed the “Digital Sweden 2025” plan, which prioritises data autonomy, encourages the use of open‑source software, and promotes European collaboration. The Swedish Authority for Privacy Protection has been strict, prohibiting the use of services such as Microsoft 365 and Google Workspace in public agencies owing to GDPR violations, resulting in fines and forcing migration to local alternatives such as Safespring, a Swedish cloud company operating exclusively in Scandinavia.
Unlike countries such as Germany (ZenDiS) and the Netherlands (Rijkscloud), Sweden adopts a more decentralised and incremental approach, without a single “national cloud,” but with efforts distributed among local providers and European and Nordic partnerships. The country invests heavily in open‑source software through the Agency for Digital Government (DIGG[10]), promotes solutions such as Nextcloud in public institutions, and strengthens cyber‑security with digital‑authentication systems such as BankID.
Italy[11]
The first robust “sovereign cloud” initiative to leave the drawing board in southern Europe is the Polo Strategico Nazionale (PSN), launched in 2023 by the Italian government. The public‑private consortium operated by TIM, Leonardo, Sogei, and CDP provides four Tier IV data centres on national territory; private, hybrid, and even public‑cloud IaaS/PaaS offerings operated by hyperscalers, but with encryption keys under state control and physical separation of services. This ensures that classified information in the administration remains under Italian jurisdiction. The PSN is financed with Next Generation EU resources and has already opened migration programmes for ministries, regions, and the health system, betting on sustainability (ISO 50001/LEED Gold) and a mandatory cloud‑first policy for new systems by 2026.
Iberian Peninsula[12]
In Spain, the central government is following regional success models such as Galicia’s Mancomun to disseminate open‑source platforms throughout the public sector. The 2025 Country Report highlights that 19 of the 22 autonomous communities already have “Open Source first” policies and share common repositories; the federal goal is to host 80% of new services on a state infrastructure based on free software by 2027, strengthening interoperability among autonomous regions and reducing licensing costs.
Portugal follows a similar path: the 2024 “National Open‑Source Software Roadmap” determined that all government procurement must formally justify the non‑adoption of OSS and initiated pilots of X‑Road for secure data exchange among ministries, while preparing a GovCloud PT with data centres in Lisbon and Évora to host digital identities, e‑invoices, and health systems, also requiring open code in critical components.
Canada
Judging by the reaction likely to be triggered by Barry Appleton’s recent article in the National Post[13], measures similar to the European ones are likely in Canada. The piece argues that the country is ceding its digital sovereignty to what the author calls the United States’ “algorithmic empire”. According to him, critical Canadian government systems — such as internal communications and the storage of personal data — are operated by foreign companies and governed by US laws, such as the CLOUD Act, which allows the US government to access data even when stored on Canadian soil. Dependence deepens due to the use of algorithms and artificial intelligence developed abroad, which influence decisions on health, immigration, and finance, without local transparency or oversight. Appleton warns that, although the public‑service interface appears Canadian, each digital interaction crosses legal and technical borders, transferring decision‑making power to foreign interests.
The author also notes that this new form of dependence does not manifest through military occupation, but through control of digital infrastructure, cloud contracts, and AI systems. He compares the Canadian situation to Europe, where there is robust legislation to ensure transparency and data protection, and to China, which has opted for strict state control. He argues that Canada needs its own legislation — such as a Digital Infrastructure Act — that treats AI, cloud, and payment systems as constitutional infrastructure, requiring algorithmic transparency, dispute resolution under Canadian law, and incentives for national suppliers. Without this, the country risks becoming a “digital province” of foreign powers, governed by external codes and contracts.
In the same scenario seen in other countries, of the 283 data centres existing in Canada, around one third belong to American companies, reinforcing US influence over the country’s digital infrastructure. In the governmental sphere, the list of companies authorised to sell cloud services to the federal government includes seven American companies and only one Canadian — ThinkOn. This extends dependence from physical infrastructure to the provision of strategic services for the Canadian public sector. This reality has driven the pursuit of truly Big Tech‑free cloud and data‑centre projects[14].
India[15]
In the land of public digital infrastructures exported worldwide, the Global Trade Research Initiative (GTRI) warns that India’s dependence on physical facilities controlled by US companies — from mobile and desktop operating systems to public clouds and cyber‑security solutions — constitutes a strategic vulnerability comparable to that in oil and rare‑earths. A GTRI report notes that banks, e‑commerce platforms, and critical government services already run mostly on Amazon Web Services, Microsoft Azure, or Google Cloud, whereas the government programme MeghRaj does not yet offer equivalent scale. Similarly, power grids, telecommunications, and defence run industrial control software developed in the US, leaving open the possibility of remote disruptions in scenarios of geopolitical tension.
The report’s most forceful point states that “more than 25 million government and corporate laptops run Microsoft Windows, while more than 500 million smartphones depend on Google’s Android and another 30 million use Apple’s iOS. If access to these systems were cut off or their licences revoked, banks, governments, and corporate operations would stop instantly.” A similar warning is made about the predominance of Microsoft Office, Exchange, and Teams on 20 million devices, as well as the limited reach of the public NIC‑mail service. In advocating a “digital‑sovereignty mission” by 2030, GTRI recommends a gradual migration to local operating systems, expansion of the domestic cloud, and stimulation of a national cyber‑security ecosystem.
Indonesia
Despite maintaining a high dependence on infrastructure and digital services provided by US Big Techs, the country created a specific institutional architecture to implement digital sovereignty in the public administration, centred on INA Digital (launched in 2024), a national implementation agency responsible for the in‑house development of strategic and priority systems. This agency operates under the coordination of the Committee for the Acceleration of Government Digital Transformation, with a joint secretariat between the Ministry of Administrative and Bureaucratic Reform (PANRB) and the Ministry of Communication and Digital Affairs (Komdigi). The project seeks to overcome historical fragmentation, where responsibilities were dispersed among multiple ministries, consolidating 27,000 distinct applications and government online platforms into an integrated system. The strategy adopts a “priority use‑cases” approach focusing on systems with the greatest leverage, such as Digital Public Infrastructure (DPI), poverty alleviation, and citizen services through a “life‑moments” approach.
The project’s technical core is the National Data Centre (PDN) in Cikarang, which began operations in 2025, functioning as the backbone of governmental digital sovereignty. The system integrates multiple platforms: the Government Service Exchange System (SPLP) for interoperability among ministries; the National Unique Socio‑Economic Data (DTSEN) managed by the Statistics Bureau as the basis for economic programmes; the Population Digital Identity (IKD) for authenticity verification; and a unified citizen portal for service access. The Perlinsos pilot project (digitalising the social‑protection system) in Banyuwangi demonstrates practical implementation, using layered verification and dynamics based on real‑time cross‑checking of data among ministries, with manual‑verification mechanisms for special cases. The system promises up to a 30% reduction in state‑budget expenditure through greater accuracy, efficiency, and operational transparency.
Asia
Asian countries that have advanced in digital sovereignty have jointly adopted data‑localisation laws and the creation of government clouds controlled by public entities. Japan and South Korea follow a similar model: both maintain sovereign clouds (G‑Cloud and K‑Cloud) that require ministries to migrate by 2027, use Kubernetes, Istio, and certified HSMs, and require that all public software be made available in open‑code repositories. Singapore focuses on an ecosystem of public APIs via GovTech, with the MyInfo identity that auto‑completes forms and policies requiring projects such as SingPass and e‑Citizen to be published on code‑sharing platforms.
In Southeast Asia, Indonesia, Malaysia, Thailand, and Vietnam created sovereign clouds — Nusantara Cloud, MyGov Cloud, Thai Cloud, and Vietnam Cloud — based on OpenStack, Ceph, and Kubernetes, with encryption and key‑management requirements. These countries also instituted laws requiring the retention of citizen and business data within their borders, reinforcing the need for domestic infrastructure. In addition, each adopted open‑source mandates, publishing projects such as e‑Procurement (Indonesia), e‑LHD (Malaysia), e‑Health (Thailand), and Smart City (Vietnam) in national repositories, enabling audit and reuse across government levels. Unique digital identities — Resident Registration Number (Japan) and MyInfo (Singapore) — are the basis for authentication and consent in public services, integrated with sovereign clouds via RESTful APIs and OAuth 2.0/OpenID Connect protocols.
China and Russia
A final distinct note is necessary when looking at paradigms of sovereign digital ecosystems. Russia and China have heavily invested in strategies to nationalise the digital agenda, seeking to reduce dependence on foreign platforms and infrastructures and to ensure state control over data and communications. In China, the state uses a hybrid model. For key infrastructure functions — for example, the national platform “政务服务平台” (Gov.cn App), which consolidates more than 1,000 basic administrative services, civil records, and the digital identity card — code is commissioned and maintained by development centres linked to the Ministry of Industry and the Cyberspace Administration, which also coordinates provincial data systems and the government network backbone (“e‑government extranet”). But at the citizen‑interaction layer, Beijing outsources extensively to its Big Techs. Super‑apps such as WeChat[14] (Tencent) and Alipay (Ant/Alibaba) integrate official “mini‑programmes”: issuing residence certificates, booking medical appointments, paying taxes or fines, and, more recently, the electronic ID card and the “health code”. These modules are developed by the private groups themselves, which receive “public service” seals after submitting source code and APIs to state security audits and signing agreements that require data hosting on certified clouds (operated by Alibaba Cloud, Tencent Cloud, or the state‑owned China Telecom) and the real‑time provision of logs to authorities.
The arrangement reflects the principle of “public platform, private ecosystem”: ministries define standards for digital identity (Real‑Name System), encryption, and data sovereignty, while Tencent, Alibaba, and Baidu monetise the experience, charging provinces for customisations and receiving advertising and payment commissions. In the back office, however, the state maintains redundancy: since 2020, all provinces have been required to implement at least one state “contingency node” for each service hosted in a commercial cloud, and large software‑as‑a‑service contracts must be co‑signed by the state‑owned CETC (China Electronics Technology Group). In this way, the government ensures that, if necessary, it can replicate or assume any application considered critical, while relying on the agility and user bases of Big Techs to scale public‑facing services.[16]
Russia, in turn, has accelerated in recent months the replacement of foreign applications with domestic solutions. The government launched the Max messaging app, which will be pre‑installed on all devices sold in the country and integrated with public services, payments, and digital authentication, in an attempt to replace WhatsApp and Telegram — both with voice calls already restricted by decision of the regulator Roskomnadzor. Migration is mandatory for public bodies and encouraged for companies and citizens, to protect data and combat fraud[17]. The move is part of a broader package that includes the Sovereign Internet Law, a locally produced smartphone, and the development of RuStore (the national app store), consolidating a digital environment made up of local players.
And Brazil?
On 10 September, during the Google Cloud Summit in São Paulo, the company announced[18] a package of novelties aimed at governments, including a complete digital infrastructure that combines cloud, artificial intelligence, and data analytics. The highlight was the integration of Gemini, Google’s multimodal AI, into Serpro’s Government Cloud, allowing public bodies to use advanced AI resources in isolated environments, hosted in the federal state‑owned company’s data centres. The offering includes Gemini for Government, a solution presented as designed to modernise citizen‑service digital systems and process automation, in addition to AI training initiatives for public servants and universities. Google also announced the expansion of its infrastructure in São Paulo, promising faster and more efficient AI processing, and stressed that the partnership with Serpro would place Brazil at the global forefront of public innovation with a sovereign cloud.
There are other examples suggesting that Brazil is moving in the opposite direction to the countries analysed here and is missing a once‑in‑decades window of opportunity. By giving preference to agreements with US and Chinese conglomerates, training public servants with proprietary tools sold by these companies, and adopting corporate digital platforms maintained by the same actors, the Brazilian State shows that it will not be an easy challenge to take digital sovereignty out of rhetoric — and out of the traps that surround us[19]. Despite all the warnings raised by the current geopolitical moment, the maintenance of a situation that is known to be challenging for the set of government needs prevails. Facing the difficulties head‑on, this debate needs to be held.
Despite the diagnosis that Brazil needs “sovereign infrastructures” to protect strategic data, public procurement remains dependent on foreign giants. According to a study by two public universities[20], the country has spent more than R$23 billion over the past 10 years, contracting primarily three foreign companies to provide digital services of different kinds. In the federal government, contracts with foreign cloud providers totalled R$9 billion in the period analysed. Microsoft led with R$4.8 billion, followed by Google (R$1.8 billion) and Amazon Web Services (R$1.5 billion).
Even with efforts in the opposite direction by segments of the federal government, the dependent choice involving these conglomerates is neither an exception nor focused on specific entities or governments. An audit by the Federal Court of Accounts (TCU)[19] showed that, between 2022 and 2023, federal bodies spent R$286.5 million on Microsoft licences via Corporate Agreement 8/2020, with price increases averaging 48% above the stipulated index, reinforcing lock‑in to the Office 365 suite[21]. Similar practices have occurred for many decades. Small spasms of sovereignty, as with Serpro contracting by federal bodies after the US espionage revelations by Edward Snowden in 2013, are short‑lived and only confirm the rule. But the pressure and capture that Big Techs have exerted on the public apparatus for years make the mission even more arduous.
Inconsistency also appears in training policies. While proclaiming the need for technological autonomy, government schools at different levels maintain courses for senior executives[22] delivered in partnership with Amazon Web Services, with modules advocating a “cloud‑first” strategy and the contracting of commercial cloud, with instructors from Jeff Bezos’s company teaching courses offered to public servants since 2020[23]. In parallel, free Microsoft training agreements — focused on Azure, Power BI, and generative‑AI fundamentals — continue to be promoted for federal and state IT teams, perpetuating technical dependencies rather than fostering in‑house expertise on open and national solutions. A few weeks ago, the federal government promoted an event [24] to address digital sovereignty within the Brazilian Artificial Intelligence Plan (PBIA) in partnership with OpenAI, a company that dominates the global generative‑AI market and maintains contracts with the US Department of Defense.
These cases reveal a mismatch between the rhetoric of digital sovereignty and the practices of contracting and capacity‑building: while governments announce control over citizens’ data, they continue to fund proprietary licences, resort to foreign hyperscaler data centres, and outsource the training of their staff to the very companies whose presence they claim to want to mitigate. The maintenance of this dependence is often justified in a curious way. Those interested in maintaining it say that any attempt at change will run up against the costs of transition to national suppliers, to open models, or will contradict the organisational culture that is deeply rooted in public servants’ familiarity with proprietary interfaces.
What has happened with various IT technologies for more than three decades becomes even more sensitive in the case of AI. Generative models need to be fed and trained with large volumes of data and information, often strategic, to generate good results. It is hard to accept that using a foreign platform to process government information is the most appropriate protocol to ensure the security of those data. Even if there is a proprietary cloud storing government data, not everything will be safe if public servants themselves are trained to continue throwing confidential documents and complete databases into these proprietary platforms, which, owing to model scale, are generally processed at their places of origin — in other words, outside Brazil. According to the Secretariat for Digital Government, today the federal government has 117 AI projects[21] in operation across 42 bodies. Only eight have implemented ethics and governance policies for handling the technology[25].
A delicate partnership
It seems that the alarm does indeed take time to sound even in territories where it is very well understood where all of this may lead us. The Institutional Multi‑user Laboratory of Artificial Intelligence and Supercomputing (LmiSUP) at the University of Brasília (UnB) was inaugurated on 15 September with two servers equipped with Intel Gaudi 2 accelerators, capable of performing more than a quadrillion operations per second. The partnership, according to Intel, seeks simultaneously to meet UnB’s demand for AI infrastructure and to provide local visibility to the Gaudi platform, in addition to training qualified professionals.
According to the press[26], the manufacturer is already negotiating similar agreements with another ten Brazilian universities and is in dialogue with the Ministry of Science, Technology and Innovation to accelerate strategic projects that “dispense with dependence on international super‑clusters”. Since August, however, around 10% of Intel’s capital has belonged to the US government, a share resulting from the conversion of CHIPS Act subsidies into stock, in an investment of close to US$11 billion[27]. This foreign state presence in the shareholder structure means that the supercomputer now equipping a Brazilian public university will, indirectly, be under the influence of another government.
For Brazil’s digital sovereignty, the UnB move creates dilemmas: the partnership may bring technology transfer and capacity‑building, but it also reinforces dependence on sensitive hardware linked to US strategic interests, which may affect future negotiations on data, patents, and semiconductor supply chains. In scenarios of geopolitical disputes or export restrictions, access to updates, parts, or support may become vulnerable, requiring the Brazilian State to adopt robust policies for the governance of critical infrastructures and for supplier diversification to mitigate risks.
Comfort zones
The good news is that the federal government has just created a working group, within the Inter‑ministerial Committee for Digital Transformation (CIT‑Digital), to coordinate actions that strengthen the resilience and autonomy of cloud services.[28] The core goal is to develop a strategy to bring critical data — strategic information for the State and society, such as security records, economic data, and essential services — back for storage on national territory by 2030, as well as to devise a plan for cloud services in Brazil. The group, composed of various ministries and autonomous agencies, will have until December to present a report with diagnoses, guidelines, and proposals to reduce dependence on foreign infrastructures and to increase Brazil’s digital security.
But that may not be enough. From what we have seen at the outset — examining experiences implemented in some countries with relatively less geopolitical weight than Brazil — it is evident that a broader change of attitude is required. And that alternatives such as those under way should be analysed by society with transparency and accountability. It is not enough to say that services run within state data centres and that data are encrypted to be safe from interference by the foreign companies that supply the equipment and systems. Such arguments do not apply to productivity‑software suites and videoconferencing platforms, for example. To this day, technicians and leaders of these institutions have not spoken clearly about the reach of the US CLOUD Act over this Government Cloud arrangement. Nor have they made public the contracts with Big Techs.
Yet this analysis — and the policy derived from it, seeking national solutions — requires more than strategic vision. It is necessary to dismantle fiefdoms, to cause seismic tremors in different comfort zones, and to go against the interests of those who, among us, want to submit the country to the select group of companies whose market value (US$21 trillion)[29] is nine times greater than Brazil’s GDP. And our case is not an exception. Many leaders in various countries, subjected to pressure from actors wielding diverse economic and political power, domestic and foreign, are dealing with a complex cost‑benefit calculation.
In weighing the expense of alternatives such as those presented here against the benefit of going down in history as statesmen who honour their nation and accept their responsibility to future generations, they are setting us an example. The question is to decide how much longer we will avoid contradicting those who prefer submission to that select group of conglomerates and postpone the implementation of a long‑term development project in one of the most sensitive sectors of our time.
*James Görgen is a Specialist in Public Policies and Government Management and an adviser at the Ministry of Development, Industry, Trade and Services of Brazil.
[2] https://lasuite.numerique.gouv.fr/en
[3] https://cadeproject.org/updates/france-and-germany-unite-on-digital-sovereignty-ai-quantum-and-cloud-technologies/ e https://proton.me/blog/eurostack-offer
[4] https://netzpolitik.org/2025/zentrum-fuer-digitale-souveraenitaet-bund-legt-offener-verwaltungssoftware-steine-in-den-weg/ e https://www.linux-magazin.de/ausgaben/2024/11/bund-kuerzt-foss-budget/
[6] https://news.sap.com/2025/09/sap-openai-partner-launch-sovereign-openai-germany/
[8] https://licenseware.io/a-turning-point-for-digital-sovereignty-in-the-netherlands/ e https://www.nldigitalgovernment.nl/featured-stories/non-paper-on-strengthening-cloud-sovereignty-adopted/
[9] https://dig.watch/updates/denmark-moves-to-replace-microsoft-software-as-part-of-digital-sovereignty-strategy e https://udsenterprise.com/en/new-government-finland-promotes-open-source/
[10] http://digg.se
[11] https://www.polostrategiconazionale.it/en/
[12] https://interoperable-europe.ec.europa.eu/collection/open-source-observatory-osor/document/free-open-source-software-galicia-spain-mancomun-project and https://interoperable-europe.ec.europa.eu/sites/default/files/inline-files/OSS%20Country%20Intelligence%20Report_PT_1.pdf
[13] https://nationalpost.com/opinion/canada-is-ceding-sovereignty-to-americas-algorithmic-empire
[14] https://betakit.com/canadian-sovereign-cloud-evan-solomon-all-in/
[16] https://cepa.org/article/super-apps-a-path-to-surveillance-in-china-and-russia/
[17] https://valor.globo.com/mundo/noticia/2025/09/07/ft-russia-cria-aplicativo-nacional-para-encerrar-dominio-do-whatsapp.ghtml and https://www.cnnbrasil.com.br/internacional/russia-restringe-chamadas-no-telegram-e-whatsapp-e-alega-violacoes-da-lei/
[18] https://www.serpro.gov.br/menu/noticias/noticias-2025/ia-google-nuvem-governo-serpro , https://www.hardware.com.br/noticias/google-cloud-ia-infraestrutura-sao-paulo/ and https://timesbrasil.com.br/empresas-e-negocios/google-cloud-investimento-brasil-inteligencia-artificial-infraestrutura-educacao-populacao/
[19] https://teletime.com.br/24/10/2024/a-transformacao-digital-do-estado-e-suas-armadilhas/
[20] https://drive.google.com/file/d/1g2_xAnpewu0P0Rn_HXSIePjF_hOFQuVQ/view
[23] https://suap.enap.gov.br/vitrine/curso/1104/
[24] https://capitaldigital.com.br/plano-brasileiro-de-inteligencia-artificial-vira-palanque-para-openai/
[27] https://www.cnnbrasil.com.br/economia/negocios/intel-participacao-acionaria-dos-eua-pode-prejudicar-vendas-internacionais/ e https://g1.globo.com/tecnologia/noticia/2025/08/26/entenda-como-o-governo-trump-virou-socio-da-intel.ghtml
[29] https://www.cnbc.com/2025/09/05/tech-megacaps-worth-market-cap.html