Why is this a problem?
There are several risks tied to this situation.
Political risk: Another country could exploit our digital dependence for its own purposes. For example, when the Trump administration imposed sanctions on the International Criminal Court (ICC), U.S. companies were banned from delivering cloud services there – Microsoft shut off Prosecutor Karim Khan’s email overnight. If similar measures targeted European authorities or businesses, the consequences could be devastating. Since U.S.-based tech companies control most of Europe’s cloud infrastructure, Washington could, in theory, shut down agencies, businesses, and critical systems across Europe.
Technical risk: When the majority of our data handling takes place on servers outside the EU’s jurisdiction, we become vulnerable to surveillance, disruptions, and sudden shutdowns. U.S. law grants intelligence agencies the right to access data stored with American cloud providers – even if that data is physically located in Europe. This creates potential access to sensitive information and conflicts with EU rules such as GDPR. Industry experts also warn that the risk of cloud services being forcibly shut down for geopolitical reasons is a “new paradigm” that must be taken seriously.
Lack of control: When our systems and data lie outside Europe’s legal and geographical reach, we risk being powerless in critical situations. More and more people realize that if our digital platforms are governed from across the Atlantic, we also lose part of our democratic room for maneuver. We do not own the conditions needed to protect, operate, or restore essential systems in a crisis – instead, we depend on the goodwill of foreign actors.
European countries are starting to act
Denmark has already begun addressing the problem. The government – along with several municipalities – is exploring how to phase out the American cloud giants and instead build digital resilience with alternatives closer to home. With strong political backing, measures are underway to reduce dependence on foreign cloud services. Denmark’s Minister for Digitalization, Caroline Stage Olsen, recently announced that her department will gradually abandon Microsoft’s software in favor of open-source alternatives such as Linux and LibreOffice. The goal is for all staff to use open solutions before the end of the year – a clear stand for greater self-reliance.
In France, authorities are encouraged to use cloud services while being guided to choose providers that comply with EU data laws and can offer secure options for sensitive information. The country has even launched a “trusted cloud” strategy (cloud de confiance) with criteria designed to protect French data from foreign legislation. Germany has long worked to strengthen digital sovereignty; Schleswig-Holstein, for example, is replacing Microsoft products with open-source alternatives. The Netherlands and Norway have also launched national cloud initiatives. Europe’s awakening has begun, with the aim of reducing risks and regaining control.
At the same time, voices in Sweden warn against falling behind. In June, several Swedish experts cautioned that tech giants could become a geopolitical weapon: in theory, the U.S. could “shut down” Sweden’s digital society in the event of a conflict. “For the U.S., tech giants are a weapon,” notes Gábor Sebestyén, head of digital risk management at the Swedish Public Employment Service. Swedish authorities have started forming networks to prepare for a situation where American services can no longer be used, but so far there are no clear national directives. It is evident that Sweden too must move faster to secure its digital sovereignty.
VisionFlow: Swedish-owned, secure, and EU-compliant
At VisionFlow, we meet organizations every day that share the same concerns now raised in the public debate: what happens to operations if digital infrastructure is suddenly affected by decisions in other countries? This is not only about technology, but about trust, continuity, and the ability to deliver even in critical situations.
That’s why we chose a different path. VisionFlow is built on open-source and Swedish-developed technology with no dependencies on U.S. tech giants. This means we are not subject to U.S. laws such as the CLOUD Act, which allows foreign authorities to demand access to data. Our customers’ information is protected by Swedish law and European regulations.
All operations run on Swedish servers with data centers located within the country’s borders. Sensitive information never leaves Sweden, ensuring that your data always remains under European jurisdiction. For many of our customers, especially in the public sector, this is a crucial prerequisite for meeting their own security and transparency requirements.
We also work actively with compliance. VisionFlow is built to meet the requirements of GDPR, Schrems II, and NIS2. We can demonstrate this in practice with clear documentation, traceability, and features that support regulatory frameworks. This means you are well prepared when supervisory authorities or auditors need to review how you handle personal data and information security.
Last but not least, it’s about everyday reliability. VisionFlow brings together cases, projects, documents, and customer data in a single platform. You avoid fragmented systems and dependency on foreign clouds, while gaining a clearer overview of your entire operation. For many of our customers, this has meant both measurable efficiency gains and a new level of control over their processes.
With VisionFlow, you don’t just get a system – you get a partner that puts Swedish data sovereignty at the center and provides the tools to work both efficiently and securely for the long term.
In conclusion
Europe will never be entirely digitally independent. But we can – and must – regain control over our digital infrastructure and reduce risks. For many organizations, it starts with choosing providers who share the values of data sovereignty and security.
VisionFlow is a natural part of the solution. We combine powerful functionality with hosting in Sweden and compliance with European regulations. This allows you to focus on your core business – without worrying about who really owns your data.
Want to learn more about how we can support your organization? Contact us for a demo or speak with one of our product specialists.
Sources
SVT Aktuellt – Europa allt mer beroende av amerikanska techjättar (15 september 2025)
https://www.svtplay.se/video/e6dYgAo/aktuellt/igar-21-00
Realtid – 80 procent av EU:s molnmarknad kontrolleras av USA
https://www.realtid.se/artikel/80-procent-av-eus-molnmarknad-kontrolleras-av-usa/
Politico – ICC prosecutor Karim Khan loses Microsoft email after Trump sanctions
https://www.politico.eu/article/icc-prosecutor-karim-khan-us-sanctions-microsoft/
EFN Ekonomikanalen – Vad händer om USA stänger av Europa?
https://www.efn.se/nyheter/vad-hander-om-usa-stanger-av-europa/
Omni / The Register – US surveillance laws apply to data stored in EU
https://www.theregister.com/2018/03/23/cloud_act_explained/
ComputerWeekly – EU faces new paradigm of cloud risks
https://www.computerweekly.com/news/252499512/EU-cloud-market-paradigm-risks
EU-kommissionen – European digital sovereignty and jurisdictional risks
https://ec.europa.eu/digital-strategy
DR Nyheder – Danmark fasar ut amerikanska molnleverantörer
https://www.dr.dk/nyheder/penge/danmark-vil-fase-ud-amerikanska-moln
Version2 (Danmark) – Caroline Stage Olsen: Övergång till öppna alternativ
https://www.version2.dk/artikel/digitaliseringsminister-linux-libreoffice
French Government – Cloud de confiance-strategi
https://www.numerique.gouv.fr/cloud-de-confiance/
Heise / Golem.de – Schleswig-Holstein byter från Microsoft till Linux
https://www.golem.de/news/schleswig-holstein-ersetzt-microsoft-software-durch-linux-2105-156111.html
Dagens Nyheter – Svenska myndigheter varnar: techjättarna kan bli ett vapen
https://www.dn.se/ekonomi/techjattarna-kan-bli-ett-vapen/