And What Europe’s Push for Digital Sovereignty Means
In today’s cloud-first world, it’s easy to assume that everything—including critical identity services—should be outsourced to global cloud providers. But as digital sovereignty becomes a central issue across Europe, a growing number of public institutions are rethinking that assumption. At the heart of this shift lies a key insight: identity is infrastructure, and infrastructure should be under your control.
From compliance risks to geopolitical uncertainty, the move away from fully cloud-based identity management isn’t just about preference—it’s about strategy and security.
The Rise of Digital Sovereignty in Europe
Digital sovereignty refers to a country’s or region’s ability to control its own data, digital infrastructure, and decision-making processes without relying on foreign powers. In recent years, this has evolved from an abstract policy goal into a driving force behind real, large-scale IT transformations.
Across the EU, new frameworks and initiatives are reinforcing this shift:
- GAIA-X: a European initiative for federated, transparent, and secure data infrastructure
- The EU Cybersecurity Act: which pushes for more trusted, local services
- France’s SecNumCloud and Germany’s Souveräner Arbeitsplatz: national efforts to define and enforce sovereign IT standard
- UK’s Cyber Strategy and 2025 legislation: national efforts like the Telecommunications (Security) Act and the Data (Use and Access) Act reinforce digital sovereignty by securing critical infrastructure, reducing vendor risk, and strengthening control over data and digital identity systems
As these policies take root, public institutions are re-evaluating their software stacks—and identity services are a major focus.
Case Studies: Europe Is Moving Away from Microsoft
Several high-profile examples show how this sovereignty movement is gaining traction:
- The City of Lyon, France has started replacing Microsoft Office and Windows with Linux, OnlyOffice, and PostgreSQL. This move was motivated by a desire to reduce dependence on American providers and increase environmental and financial sustainability. The end of Windows 10 support in October 2025 further reinforced the need for change (source).
- Denmark’s government announced it would stop using Microsoft 365 in favor of Linux and LibreOffice across several ministries, citing concerns about data control and legal uncertainty related to GDPR compliance (source).
- The state of Schleswig-Holstein in Germany is migrating 60,000 public sector users to Linux, LibreOffice, and open-source collaboration tools, eliminating Microsoft Teams, Outlook, and Word from the workplace (source).
These decisions are not just about software licenses, they’re about who controls your infrastructure and how much influence external providers should have over national IT systems.
The Hidden Risks of Outsourcing Authentication
While identity management might seem like a backend task, it’s actually central to operational security and governance. Moving it entirely to the cloud—especially through foreign-controlled services—creates multiple risks:
- Loss of control over credential storage, authentication flows, and logs
- Reduced auditability, which complicates compliance with regulations like GDPR and national cybersecurity laws
- Exposure to outages and global service disruptions
Increased reliance on opaque pricing models and vendor lock-in - Geopolitical dependency, where sanctions or regulatory changes can impact core IT services
In this context, the question isn’t just “Is the cloud convenient?” it’s “Who owns your identity infrastructure?”
The Case for On-Prem (or Hybrid) Identity Solutions
Not every workload needs to be in the cloud—and authentication is a prime example. On-prem or hybrid identity systems offer:
- Full control over data location and access policies
- Integration with local infrastructure, including legacy systems and national platforms
- Transparency and customizability—you see and manage everything
- Compliance alignment with local and EU-level regulations
- No dependency on cloud vendor changes or pricing
For public institutions, the ability to host and manage identity services internally is becoming not just a preference but a policy requirement.
How SambaBox Fits Into This Landscape
SambaBox is an on-premise identity and authentication solution designed for institutions that want to modernize without losing control. Built on open standards and designed for security-conscious environments, SambaBox offers:
- Active Directory-compatible user management
- LDAP and Kerberos support for flexible integration
- Delegated administration and audit logging
- Full control over data and authentication processes
- Support for complex access policies and group-based permissions
Because it’s deployed entirely within the organization, SambaBox allows institutions to align with digital sovereignty requirements while maintaining compatibility with existing systems including Microsoft environments during transition phases.
Windows 10 End-of-Life: The Tipping Point
With Microsoft ending support for Windows 10 in October 2025, thousands of institutions are being forced to make a decision: upgrade and pay for extended support, or rethink their desktop and identity infrastructure altogether.
For many, this is a wake-up call. If changes must be made, why not align them with long-term goals like sovereignty, sustainability, and control?
Identity Is Not Just a Feature, It’s a Foundation
As Europe moves decisively toward digital sovereignty, institutions need to critically evaluate what they can afford to outsource and what they must keep under their own control. Identity and authentication services belong firmly in the second category.
SambaBox offers a practical, standards-based solution for those who want to modernize without giving up control. For organizations navigating the post-Windows 10 era and the growing call for sovereignty, now is the time to act.
