Germany is replacing Windows. France has ordered ministries to adopt Linux. Denmark is leaving Microsoft behind. Even the International Criminal Court (ICC) has abandoned Microsoft after discovering how geopolitical tensions could instantly disrupt operations. Across Europe, governments, cities, and public institutions are quietly moving away from Big Tech platforms and toward open-source alternatives. 

For years, Europe’s public sector has relied on U.S. technology giants to power critical systems. Email, collaboration tools, cloud storage, and video conferencing—much of the digital backbone of European governments has been outsourced to foreign vendors. 

Now, that relationship is changing, thanks to the current political instability and a 2018 law.

Why Europe Is Rethinking Tech Dependence

At the center of Europe’s shift is a growing concern over digital sovereignty—the ability to control infrastructure, systems, and data without dependence on foreign entities.

For security leaders, the concern is one: What happens when your critical infrastructure depends on a provider outside your legal and political control?

That question has become increasingly urgent due to 2 factors:

1. The Cloud Act Problem

One of Europe’s biggest concerns is the U.S. Cloud Act, which allows U.S. authorities to compel American technology companies to provide access to data, regardless of where it is physically stored.

In practical terms, European government data hosted by a U.S. provider could still fall under foreign legal jurisdiction. That risk moved from theory to reality when the International Criminal Court lost access to its Microsoft-hosted email services following U.S. sanctions, exposing how quickly political events can disrupt essential systems.

2. Vendor Lock-In Is Becoming a Security Risk

Many organizations continue relying heavily on a handful of technology providers.

European governments increasingly view dependence on Microsoft and Google as a form of strategic concentration risk.

The French region of Occitanie cited rising licensing costs and concerns around the Cloud Act when replacing Microsoft Teams, SharePoint, and OneDrive with an open-source collaboration platform. Meanwhile, some German states framed digital sovereignty alongside energy independence: critical infrastructure should not depend on external actors.

The more deeply embedded a single vendor becomes, the harder it becomes to respond when pricing changes, access restrictions emerge, or geopolitical pressures intensify.

Germany Is Showing What Large-Scale Migration Looks Like

If digital sovereignty had a flagship case study, it would be Schleswig-Holstein.

The German state is replacing Microsoft software across roughly 30,000 government workstations, transitioning from:

• Windows → Linux
• Microsoft Office → LibreOffice
• Exchange/Outlook → Open-Xchange and Thunderbird
• SharePoint → Nextcloud
• Teams → OpenTalk and Jitsi

By late 2025, around 80% of workplaces had already migrated to Linux and LibreOffice, proving that large-scale transitions are operationally possible—even in highly regulated environments.

Germany also plans to reinvest licensing savings into local IT development, strengthening domestic expertise rather than exporting spend to foreign vendors.

France Is Taking It National

Germany is not alone.

In 2026, France ordered ministries to migrate away from Windows and adopt Linux-based alternatives, while expanding its sovereign software ecosystem through La Suite Numérique, an open-source collaboration suite designed to reduce dependency on foreign software.

France is building on years of successful open-source adoption, and cities are following suit:

• Lyon is replacing Microsoft 365 with open-source tools.
• Marseille eliminated Microsoft products after rebuilding systems following a cyberattack.
• Occitanie replaced Microsoft collaboration platforms with open-source alternatives.

The trend is becoming systemic.

This Is Bigger Than Europe

Across Europe, countries like Italy, Spain, and the Netherlands, among others, are moving thousands of computers away from American-based tech companies.

While Europe is leading the movement, the underlying trend is global.

Security leaders everywhere face growing questions around:

• Data jurisdiction
• Supply chain resilience
• Third-party risk
• Cloud concentration
• Geopolitical disruption

The assumption that software vendors will always remain politically neutral is now, more than ever, being challenged.

As ransomware attacks, sanctions, trade disputes, and cyber conflicts become more frequent, dependency itself becomes part of the risk equation.

Cybersecurity leaders are shifting the conversation from:

“Which platform is best?”

to

“Which dependencies can we afford?”

The Open-Source Question

Does this mean every organization should abandon Microsoft tomorrow?

No.

Even countries pursuing digital sovereignty are taking gradual approaches through pilots, hybrid environments, and phased migrations. 

Open-source migration also comes with challenges:

• User adoption resistance
• Training requirements
• Integration complexity
• Ongoing support costs

But Europe’s experience suggests that open source is no longer being treated as a budget alternative—it is increasingly viewed as a resilience strategy.

A New Cybersecurity Conversation

Europe’s drive for digital sovereignty is reshaping public-sector IT as governments demonstrate that large‑scale open‑source deployments are feasible, cost‑effective, and politically advantageous. 

This break-up with Big Tech reflects a broader shift in how governments think about resilience.

More than preventing breaches, security encompasses maintaining operational independence, reducing external dependencies, and ensuring continuity during political or legal disruption.

That mindset will likely shape private-sector cybersecurity strategies in the years ahead.

The question for Cybersecurity leaders is:

Has your organization already mapped the risks created by the vendors it cannot operate without?

At Aware Force, we track the cybersecurity trends reshaping enterprise resilience—from supply-chain risk to digital sovereignty and emerging infrastructure threats. If your organisation is reassessing third-party dependencies or strengthening cyber resilience, explore our latest insights or get in touch with the team.

---

Sources: Computerweekly, ArsTechnica, TechRepublic, PBS