The public debate about cloud sovereignty often revolves around a seemingly simple question: Where is the data? European data centers, GDPR compliance or the Frankfurt server location shape many cloud decisions. This perspective is understandable because regulatory requirements and legal access options play a central role. However, it falls short when it serves as the sole measure of sovereignty.
In practice, dependencies arise primarily where technical decisions create long-term relationships. Anyone who moves workloads to a European cloud, but uses proprietary services, manufacturer-specific APIs and platform-bound automation, does not regain any real freedom of action – they simply shift their dependency to another data center.
Cloud sovereignty is often reduced to location issues. In practice, however, dependencies arise primarily through architectural decisions: Proprietary APIs, data formats and platform services bind applications to individual providers in the long term. The article shows typical lock-in mechanisms and explains how modular, interoperable architectures can reduce dependencies.

The core of sovereignty lies deeper: in the freedom to decide for yourself about data and processes and to be able to make this decision again at any time. A clear analogy is the car and the gas station. Sovereignty does not mean running your own refinery. It means being able to drive to any gas station – portability, interoperability and real freedom of choice. If you take these architecture and design principles into account right from the start, you won’t build up dependencies in the first place, regardless of where the server is located.
That was the excerpt from our heise Plus article “Sovereignty in the Cloud: From Dependence to Personal Responsibility”. With a heise Plus subscription you can read the entire article.
