Munich Makes Digital Sovereignty Measurable With Its Own Score
2 17alternative_right writes: The city of Munich has developed its own measurement instrument to assess the digital sovereignty of its IT infrastructure. The so-called Digital Sovereignty Score (SDS) visually resembles the Nutri-Score and identifies IT systems based on their independence from individual providers and 'foreign' legal spheres. The Technical University of Munich was involved in the development.
In September and October 2025, the IT Department already conducted a first comprehensive test. Out of a total of 2780 municipal application services, 194 particularly critical ones were selected and evaluated based on five categories. The analysis already showed a high degree of digital sovereignty: 66% of the 194 evaluated services reached the highest levels (SDS 1 and 2), only 5% reached the critical level 4, and 21% reached the most critical level 5. The SDS evaluates not only technical dependencies but also legal and organizational risks.
2 comments
Re:This is f**d up (Score: 5, Insightful)
by korgitser ( 1809018 ) on Thursday February 05, 2026 @04:24AM (#65969926)
Everything is inherently global to some extent. But global systems only work if every actor has good will. Everyone should have learned that lesson by now.
And even within a system of good will, there's still basic facts about sovreignity, like if a country cannot feed itself, it's not independent. When it needs food the most is also when everyone else needs it most, and it will therefore starve. In this real world of ours that sadly has a severe lack of good will, you are going to bend over to someone you really don't want to be bending over to, just to stay alive.
Now as to data and such. With the US showing it's true colours more and more in the recent times, the threat becomes real that if your infrastructure is based on US tech, hosted by US companies, and maybe even hosted within US borders, they might just take all of that hostage, and you will be bending over again.
Compliance on the other hand is not so much an issue of affordability, but of giving a fuck. If you are big enough to serve government contracts, you can afford to comply to their requirements. Even more, the government itself will pay for the compliance, because in the end it's just part of the pricing calculation. But let's compare Google, who cannot be arsed to comply with the EU requirement to keep all EU data within EU borders, and Microsoft, who can be arsed. Guess which company has all the business.
Interoperability, on the other hand, is not really the name of the game of the status quo, is it. Every vendor is working to get you locked in to their platform. It takes policy and budget and will to steer clear of that. Funny thing is, interoperability is cheaper, because you can just use off-the-shelf components to build your stack. But building a vendor lock-in platform takes investment, and that's a mega-platform game.
Lastly, there's always the magic word of efficiency at play, isn't it. Well here's the problem with efficiency. Efficiency is brittle. If you optimize for efficiency, there's no room for a safety margin. The 2008 economic crisis was caused by efficiency. Nvidia melting connectors are caused by efficiency. Covid supply chain issues were caused by efficiency. It's just a catchall word to argue against anything that might be important, but what it really argues for is that spending as little money as possible is the most important thing. And it isn't. Money is just something you use to achieve what is actually important. If you spent the money, however little, but didn't get what you need, the money was wasted. If you want to make sure you will not be bending over when the shit hits the fan, you will need to pay your way.
Re:This is f**d up (Score: 5, Interesting)
by Bert64 ( 520050 ) on <bert.slashdot@firenzee@com> on Thursday February 05, 2026 @05:14AM (#65969956)
Global isn't the problem, it's central control by a foreign entity which is the issue.
Linux is global, and even tho Linus lives in the US and is thus beholden to US law any changes forced by the government would be noticeable, and foreign users could create a fork that's free of further US influence.
The same can't be said of commercial operations - even when a US based company has an EU division, they are ultimately answerable to the US based bosses and thus by extension to the US government. Sure they may store data on servers physically in the EU, but that doesn't do much good if the people managing those servers answer to foreigners.