The public sector is digitizing rapidly. Citizens expect government services to be secure, accessible, and fast. They want to apply for permits online, view files, share data, or contact their municipality, province, or executive organization. At the same time, the government must be able to explain how data is stored, who has access, and how digital systems are protected.

That is where the tension lies. Governments want to modernize but are often dependent in practice on large technology platforms, external software vendors, and cloud environments outside Europe. This makes digital service delivery more efficient but also raises questions about control, privacy, continuity, and strategic dependency.

For public organizations, it is therefore about trust. From citizens, administrators, regulators, and chain partners.

Why sovereignty is so urgent right now

Dependency on foreign technology has become increasingly visible in recent years. Governments work with sensitive data from citizens, entrepreneurs, employees, and social institutions. Think of personal data, permits, legal files, social data, financial information, policy documents, and archives.

When that data is stored or processed via external platforms, concrete questions arise:

Where exactly is the data located? Which legislation applies to the provider? Who can access the data, including during support or management? What happens in the event of a geopolitical conflict? How quickly can the organization recover after an outage or a cyberattack? Is there an exit strategy if a provider becomes too expensive, too dominant, or unsuitable?

During the European summit on digital sovereignty in November 2025, France and Germany emphasized that Europe must reduce its technological dependency. Among other things, higher protection standards for sensitive data, protection against non-European extraterritorial legislation, and the use of privacy-enhancing technologies were highlighted.

This directly affects the public sector. Governments, in particular, must be able to demonstrate that they handle data that citizens are required to share with them with care.

From cloud-first to control-first

Many public organizations have opted for cloud solutions in recent years. This is understandable. Cloud offers scalability, flexibility, and often lower management costs. But the discussion is shifting. Not every question should start with: can we move this to the cloud? The better question is: what level of control does this data or service require?

For some applications, a public cloud is fine. For other data, more control is needed. Think of sensitive personal data, critical services, legal files, administrative information, archives, and backups.

That is why the need for hybrid infrastructure is growing. An environment where cloud, European solutions, and on-premise storage coexist. Not out of distrust toward the cloud, but out of risk awareness. The public sector does not need one standard solution, but a conscious data strategy per type of information.

AI in the public sector requires trust

AI is also taking on a larger role within the government. Think of customer contact, document analysis, policy preparation, search functions, process support, and making large amounts of information accessible. The European Commission encourages AI applications in public services, with an emphasis on reliable AI, social value, and protection of fundamental rights.

Yet this is precisely where a sensitive point lies. Governments cannot simply process citizen data in public AI models. A policy document, permit application, notice of objection, or social file is not an arbitrary dataset. It often involves information that citizens do not share voluntarily but must share to use public services.

Therefore, AI in the public sector must be verifiable. What data is being used? Where is it processed? Is information shared with external models? Can outcomes be checked? And does human responsibility remain clear?

Local AI can play an important role here. Not by completely excluding public cloud, but by keeping sensitive data within its own environment. This way, governments can benefit from AI without losing their grip on data and decision-making.

Public digital infrastructure requires conscious choices

In addition to regulations, there is a growing realization that Europe and the public sector need their own digital infrastructure. Not everything can be left to commercial platforms. Public service delivery requires systems that are transparent, verifiable, secure, and sustainable.

That is why open source, digital commons, and public digital infrastructure are being discussed more frequently. Open-source tools can help limit dependency, increase transparency, and make collaboration between public organizations easier. This is not just about software, but about a different way of thinking: public resources deserve digital systems that serve the public interest.

Procurement also plays a major role in this. The public sector purchases a lot of digital technology annually. By steering more specifically toward data sovereignty, open standards, exit options, European storage, and control over backups, governments can move the market.

Smart procurement is therefore a strategic instrument.

Continuity and cyber resilience

Digital sovereignty is not just about where data is located. It is also about availability and recoverability. A municipality, province, or executive organization cannot afford long-term outages. Citizens must be able to continue managing their affairs. Files must remain available. Critical processes must be able to continue.

Ransomware and cyber incidents make this more urgent. Attackers target not only primary systems but also backups. If backups are encrypted, deleted, or unreliable, recovery becomes difficult and pressure on the organization increases rapidly.

Therefore, the public sector must take a critical look at backup and recovery. Are backups protected against ransomware? Is there a physically separate copy? How quickly can critical services be restored? And has recovery ever actually been tested?

For public organizations, this is not just an IT question. It affects service delivery, administrative responsibility, and social trust.

The role of Comex

Comex helps public organizations gain more grip on data, storage, and digital continuity. We support municipalities, provinces, educational institutions, archives, and other public organizations with European on-premise storage solutions that suit sensitive and long-term data retention.

Our solutions help protect backups, archives, and critical datasets. Think of secure storage, protection against ransomware, physical airgap, long-term availability, and control over where data is stored.

Comex can also provide expertise regarding local AI. For example, for applications where documents, archives, or internal knowledge sources are made searchable without sensitive public data having to be sent to external AI platforms.

For the public sector, digital innovation is ultimately about trust. Citizens must be able to count on their data being secure. Administrators must be able to explain the choices that have been made. And organizations must be able to continue functioning, even if something goes wrong.

Digital sovereignty therefore does not start with policy or technology alone. It starts with a simple question: do we still truly have a grip on our data?