Back to Blog
Trending Post

Ludo Baauw on Digital Sovereignty and Big Tech Cloud

·Technology Policy

Explores Ludo Baauw's warning on digital sovereignty, US Big Tech cloud lock-in and how governments can protect critical public data.

LinkedIn contentviral postscontent strategydigital sovereigntycloud computinggovernment ITbig techgeopoliticstechnology policy

Ludo Baauw, CEO & Founder @ IMG - Intermax Group | Chairman NBIP | Sovereign Cloud & Security Expert | Speaker & Serial Entrepreneur, recently posted something that made me stop scrolling: "Rot op, zeggen we tegen Trump. Terecht.

Maar ondertussen gaat de SVB naar Azure en verhuist de Belastingdienst z'n mail naar M365."

In a few lines, he captures a deep contradiction: politically we tell Donald Trump to get lost, but economically we quietly wire billions in taxpayer money to the same US Big Tech ecosystem that sits under his country’s laws and strategic interests.

Baauw goes further and calls it what it is: an economic front line. While the US threatens European countries with tariffs for supporting Denmark in Greenland, Dutch government agencies are moving core systems and email to US hyperscale clouds.

"We sturen militairen naar Groenland om soevereiniteit te verdedigen. Maar onze belastingdata en belastingcenten? Die gaat gewoon naar Redmond."

That image is hard to unsee: soldiers in the Arctic to protect sovereignty, while tax data and tax euros stream to Redmond, Washington.

Digital Sovereignty Is Not Abstract

When policymakers talk about digital sovereignty, it can sound abstract or ideological. Baauw’s post drags it back into the concrete world: SVB (social security payments), the tax authority’s mail, and the billions of euros that follow these workloads into foreign clouds.

Digital sovereignty, at its core, is about three questions:

  1. Who controls the infrastructure that runs our critical public services?
  2. Under which jurisdiction is that infrastructure truly operating?
  3. What leverage do we have if geopolitics turn sour?

When a public body moves to a hyperscaler like Microsoft Azure or M365, it is not simply "buying software". It is entering into a long-term dependence on a foreign corporation that is bound by foreign law, including extraterritorial instruments like the US CLOUD Act and FISA.

As Baauw points out, it is one thing to already be inside that ecosystem and carefully work on diversifying: "we zitten erin en zoeken naar alternatieven om autonomer te worden". It is another to double down and invest even more deeply: "we gaan er nu nog dieper in, het is een rijdende trein die we niet meer kunnen stoppen".

From Trump to Taxes: The Hidden Front Line

What makes Baauw’s post sting is the timing. On one side, there is political outrage when Trump threatens tariffs because European countries do not fall in line. On the other, there is a steady, almost bureaucratic flow of contracts that increase our dependence on US cloud providers.

That dependence is not only financial. It becomes:

  • Operational dependence: mission-critical systems, email, identity, collaboration, and core data all coupled to one platform.
  • Legal dependence: data and operations exposed to another country’s laws, court orders, and security agencies.
  • Strategic dependence: reduced ability to respond if relations deteriorate or if economic "pressure" is applied.

In calm times, this can seem theoretical. But Baauw asks the uncomfortable question: what if it really does become economic war? What if tariffs are just the warm-up and data, services, or access become bargaining chips?

Big Tech’s "Sovereign" Cloud: Solution or Story?

Baauw notes that Big Tech clearly feels the pressure. Suddenly, AWS and Oracle have "sovereign" European clouds. Microsoft launches beautiful "sovereign initiatives" with separate regions, extra controls, and European partnerships.

On paper, this sounds like the best of both worlds: hyperscale innovation with European-style control. In practice, we need to ask tougher questions:

  • Who ultimately owns the company delivering the service?
  • Which board can be compelled by which government to act?
  • Which jurisdiction prevails when US and EU law clash?
  • Can the parent company still access or switch off key components, even indirectly?

If the ultimate power still lives with a US-headquartered company, then "sovereign" risks becoming more of a marketing term than a legal and strategic reality.

This is where Baauw’s frustration with the Dutch government comes in: "Maar de Nederlandse overheid tekent gewoon door." Despite all the noise about sovereignty and strategic autonomy, contracts keep being signed that deepen long-term dependence on US hyperscalers.

Lock-In vs. Real Autonomy

Lock-in, in this context, is not just a technical issue about APIs or data export formats. It is a systemic combination of:

  • Financial incentives (discounts, committed spend, bundled licenses)
  • Organizational habits (skills, processes, culture built around one stack)
  • Psychological comfort ("no one ever got fired for choosing Big Tech")

Baauw calls out that familiar corporate saying:

"No one ever got fired for choosing Big Tech"

It sounds safe. But safety for an individual decision-maker is not the same as safety for a country. For a state, the real risk is that, in five or ten years, turning back or even rebalancing becomes almost impossible without huge cost, disruption, or political fallout.

That is why the timing of decisions matters. Moving deeper into one foreign ecosystem today closes doors tomorrow. It is far easier to design for autonomy at the start than to retro-fit it under pressure.

What If It Really Becomes (Economic) War?

Baauw ends his post with a shiver: "Brrrrr, ik word er net zo koud van als het nu waarschijnlijk op Groenland is..." The image of troops in Greenland defending sovereignty while core tax systems sit in data centers controlled by a foreign superpower is not just poetic; it is a risk scenario.

Imagine a future where:

  • Trade relations deteriorate sharply between the EU and the US.
  • Sanctions or countermeasures target tech and data flows.
  • A major US provider is compelled, by its own government, to limit services, raise prices dramatically, or hand over certain data.

In such a context, "we can always move later" stops being realistic. Migration projects that take years cannot be accelerated to weeks just because the geopolitical weather has changed. Autonomy has to be built before the storm, not during it.

What Governments Can Do Differently Now

Responding to Baauw’s warning does not mean banning US technology overnight. It means treating digital infrastructure with the same seriousness as energy, defense, and transport. Some practical directions:

1. Classify Data and Workloads by Sovereignty Sensitivity

Not all workloads are equal. Countries should clearly classify data and systems:

  • Highly sensitive (tax systems, social security, health records, national security)
  • Moderately sensitive (public sector collaboration, internal comms)
  • Low sensitivity (public websites, open data, generic tooling)

For the top tier, the bar for foreign dependence should be extremely high and require explicit political justification.

2. Define Real Sovereign Cloud Requirements

Instead of accepting marketing labels, governments can define what "sovereign" means in law and procurement:

  • EU or national ownership and ultimate control
  • Full operation and support from within the EU
  • Immunity from non-EU extraterritorial law as far as possible
  • Technical and contractual ability to exit or switch provider

This creates a level playing field where European providers and genuinely sovereign setups have a fair chance.

3. Avoid Single-Vendor Monocultures

Multi-vendor and multi-cloud strategies are not just about price negotiation; they are about resilience. Critical functions like identity, email, and document management can be architected in ways that allow multiple providers or open standards, even if one large vendor remains in the mix.

4. Bake Exit Strategies into Contracts

Every major cloud contract should come with a funded, tested exit plan: how data will be exported, how applications can be rehosted, what timelines and costs are realistic. Without this, "we can always move" is an illusion.

A Consistent Approach to Sovereignty

Baauw’s post forces a simple but uncomfortable question: if we are willing to deploy soldiers to defend physical territory and sovereignty, are we prepared to invest at even a fraction of that level to defend digital territory?

Right now, the answer often seems to be no. We wave off Trump’s threats with "Rot op" and yet continue signing long, deep contracts with the very ecosystem that gives his country leverage over our data and services.

Listening to Ludo Baauw means recognising that sovereignty is not just a flag or a border; it is the sum of the dependencies we choose or accept. Digital infrastructure is now one of the most strategic of those dependencies.

The choice is not between cloud and no cloud, or between innovation and stagnation. The real choice is whether we design our cloud future in a way that preserves room to manoeuvre when the geopolitical climate turns icy — perhaps as cold as it is in Greenland today.

This blog post expands on a viral LinkedIn post by Ludo Baauw, CEO & Founder @ IMG - Intermax Group | Chairman NBIP | Sovereign Cloud & Security Expert | Speaker & Serial Entrepreneur. View the original LinkedIn post →

View Original LinkedIn Post