European Tea Party: step by step toward digital sovereignty.
Step 1: Know your dependencies
Together with you, we conduct a thorough inventory of your IT landscape. We do not limit the scope to business-critical applications, so tools like SolarWinds or CrowdStrike are not overlooked. We review both commercial software and open-source software (for example, Log4j or libxz risks). We build software bills of materials (SBOMs) with you in line with upcoming requirements from U.S. regulations and the European Cyber Resilience Act. For your software-as-a-service providers, we document not only the vendor but also cloud location and infrastructure provider. In your network, we identify DNS providers, domain registries, internet and email providers, including their subcontractors. At the end, we capture the hardware in use across network, client, and server environments. In manufacturing companies, we also inventory operational technology (OT), and in software companies, engineering technology (ET). Finally, we catalog dependencies on service and consulting partners and reconcile everything with procurement to close supplier landscape gaps. Within a few days, we can establish a reliable 80% baseline and then refine it step by step. We then assess corporate structures and country dependencies and provide a clear picture of your digital sovereignty status. This is your first concrete step toward digital sovereignty.
Step 2: Master emergencies
What do you do with the analysis from step 1? The answer has two parts. First, the report already reveals concentration risks whose failure or malfunction would critically affect your business. Then we model future threats with you. We start with seemingly simple questions: How seriously do your suppliers manage cybersecurity? But the scenarios quickly become more complex: Could China take over Taiwan, and would chip supply to the EU remain stable? How much of your IT would still run if BRICS+ countries turned away from the West and Indian providers stopped delivering services to the EU? Could a future U.S. administration use the power of big tech to enforce political objectives? Together, we prioritize the most relevant scenarios with the highest damage potential and develop contingency plans: What if Microsoft Cloud is unavailable for an extended period, if new hardware cannot be procured, or if critical service providers unexpectedly terminate contracts? You benefit from our practical experience with what has proven effective in real incidents. Once robust contingency plans for your most relevant risks are in place, the second step toward digital sovereignty is complete.
Step 3: Divide et Impera
As with every contingency strategy, the rule is simple: what is not practiced will not work in an emergency. We therefore test contingency plans together with you. In each exercise, we document where fallback systems still lag in functionality and quality. This gives us a regular benchmark of how close sovereign alternatives are to your original systems. Sovereign workplace solutions such as openDesk from the Center for Digital Sovereignty are becoming a real desktop alternative, while Linux-based options are widely available on the server side. We evaluate such solutions in practical drills as your next step toward digital sovereignty. Step by step, we then develop plans to move proven sovereign fallback solutions into productive use department by department. We integrate the new architectures into your existing security and monitoring stack and support ongoing operations. Finally, we run high-quality security checks. Only when there is reliable protection against known threats such as cybercrime and state-sponsored espionage is this part complete. Over the years, this is how we build your digital sovereignty together, incrementally and sustainably.
More information, downloads and links
