Digital Sovereignty 2026: France Acts, Germany Hesitates
France's DINUM directive forces every ministry into a concrete exit plan from non-European tech by autumn 2026. Germany talks, surveys, agrees, and waits. The gap between intention and action has never been more measurable.
On April 8, 2026 France's Interministerial Digital Directorate DINUM instructed all ministries to submit exit plans from non-European technology by autumn 2026, covering operating systems, collaboration, cloud, AI, databases, virtualization, antivirus and network. At the same time Bitkom reports that 99 percent of Germans want digital independence yet only 34 percent actually choose European services, and Luenendonk shows that 83 percent of German firms consider a Kill Switch scenario realistic while only 57 percent have an exit strategy. The Gendarmerie Nationale demonstrates since 2008 that sovereign IT saves around 2 million euros per year in licenses and cuts total cost of ownership by about 40 percent. The lesson for European enterprises: digital sovereignty is no longer a debate, it is a procurement and governance decision with a hard deadline.
France's DINUM Directive: The April 8, 2026 Starting Gun
On April 8, 2026 the Direction interministerielle du numerique , better known as DINUM, issued a directive that is short in text and long in consequences. Every French ministry must submit a concrete exit plan from non-European technology by autumn 2026. No pilot disclaimers, no optional clauses, no grace period framed as a strategic review. The instruction is binding and it reaches the entire central government.
The scope is the part that matters. DINUM does not limit the directive to one category. The instruction covers operating systems, where Windows is to be replaced by Linux; collaboration tools, where non-European messenger and video products must go; cloud services, AI platforms, databases, virtualization stacks, antivirus and network equipment. Eight technology layers, one direction of travel.
What This Means In Practice
The Caisse nationale d'Assurance maladie, the public health insurance body, has already announced the migration of 80,000 employees to a sovereign workplace stack. The central French health data platform will move to European hosting by the end of 2026. In parallel, DINUM is convening the first "rencontres industrielles du numerique" in June 2026, a procurement and ecosystem event that brings French ministries together with European vendors to translate the directive into contracts.
A Directive, Not A Discussion Paper
The novelty is not that France wants digital sovereignty. It has said so for years. The novelty is that the French state has now put a deadline on itself, with identified scope, named institutions and an industrial follow-through event scheduled for June 2026. In policy terms this is the difference between strategy and execution.
The 99 Percent Paradox
In spring 2026 Bitkom ran a representative telephone survey, n=1,004, across calendar weeks 9 to 12. The results are unusual in their clarity and in their contradictions. Practically everyone in Germany agrees that digital sovereignty matters. Practically no one acts accordingly.
The agreement is so wide that it raises a structural question: if nearly every respondent wants digital independence, why is the market share of European alternatives still in single or low double digits? The same Bitkom data provides a first answer.
Actual Adoption of EU Alternatives
When Bitkom asked about concrete categories, the reality of adoption becomes visible. The delta between attitude and behaviour is the real story.
Social Networks
14 percent use European alternatives. US platforms remain the default.
Search and Browsers
13 percent rely on European options. Google dominates on both desktop and mobile.
Messengers
11 percent use a European messenger. Matrix-based services grow but slowly.
AI Applications
Only 6 percent use European AI. 5 percent use a European smartphone platform.
55 percent of respondents say the problem is not willingness. They consider switching too complicated. The friction they name is concrete: data migration, ecosystem lock-in and feature gaps. These are not abstract concerns. They are the engineering reality of moving from a mature commercial stack to a younger European one, and they are exactly the questions a credible sovereignty programme has to answer.
We need investment and moderate regulation. Without a functioning European market for sovereign technology, every directive remains a letter of intent.
Ralf Wintergerst, Bitkom PresidentKill Switch: Companies Fear the Off Button
Where Bitkom surveys the public, the Luenendonk study from December 2025 and January 2026 polls 155 large German companies. The picture is even sharper. The fear of a geopolitical off button is now mainstream in the German boardroom, and preparation lags behind the fear.
Nine out of ten German companies describe themselves as digitally dependent. 57 percent say they could keep operating for a maximum of one year if digital imports stopped. That number is not a theoretical stress test. It is a CIO self-assessment.
83 percent fear a Kill Switch. 57 percent have an exit strategy. The missing 26 percentage points are the uncomfortable middle: companies that see the risk and have not yet done the work. This gap is where the first wave of sovereignty projects in 2026 and 2027 will land.
Why The Gap Persists
Exit strategies are expensive. They require an inventory of vendors, data flows and hosting locations, a stress test against defined scenarios, and a migration budget that competes with feature backlogs. Many German firms took the first step, wrote a risk register, and stopped there. The Luenendonk data suggests the second step, a concrete migration playbook with timelines and owners, is still rare. For deeper context on sovereign AI within this same debate see Germany's industrial sovereign AI push and the EU-first solutions overview .
The Gendarmerie Model: 18 Years of Linux in Government
The strongest argument in favour of DINUM's directive is not new. It is eighteen years old. The Gendarmerie Nationale, France's national police force with responsibilities in rural and peri-urban areas, began migrating its workstations from Windows to Linux in 2008. The programme became one of the largest and longest-running Linux-in-government deployments anywhere in the world.
2 million euros per year
Recurring license savings compared to the previous proprietary stack. Not a peak figure, a steady annual run rate.
40 percent lower TCO
Total cost of ownership across hardware refresh cycles, support, training and administration fell by roughly 40 percent.
18 years stable
The deployment has survived three French presidencies, several operating system generations and multiple security crises.
The Gendarmerie is not a pilot. It is a reference case. DINUM uses it explicitly when talking to ministries that worry about risk. The counter-argument that sovereign IT is not ready for critical public-sector workloads has been refuted in production, at scale, on French soil, for almost two decades.
Why The Reference Case Matters Now
The DINUM directive does not ask ministries to invent a new operating model. It asks them to generalise an operating model that already exists inside the French state. That is a politically cheaper move than starting from zero, and it explains why the deadline of autumn 2026 is plausible rather than aspirational.
The New French Toolkit: Tchap, Visio, FranceTransfert
To make the directive implementable, DINUM has built and promoted a small but coherent set of sovereign tools. The selection is deliberate: cover the most visible daily workflows, avoid feature bloat, document interoperability.
Tchap
Sovereign messenger for the French public sector, based on open-source Matrix technology. End-to-end encrypted, hosted in France, integrated with the French administration's identity system. The functional equivalent of WhatsApp or Signal for ministries.
Visio
Video conferencing service operated by DINUM, built on open-source components, hosted in France. Replaces US conferencing platforms for internal and cross-ministerial meetings.
FranceTransfert
Secure file transfer service for large documents. Replaces commercial file-sharing offerings for sensitive content, avoids third-country data transfers and produces an auditable trail.
These three tools do not cover every workflow. They cover the three workflows where shadow IT historically emerges fastest in the public sector: chatting, meeting and sending files. By offering sovereign, documented and usable alternatives first, DINUM takes the most common excuses off the table before it asks ministries to migrate the deeper layers of their stack.
Challenges and Risks
Honesty requires naming the friction. A sovereignty programme at state scale is not free, and it is not risk-free.
Feature Gaps
Some European alternatives are younger than their US counterparts. Gaps exist in workflow automation, ecosystem integrations and mobile experience. Every migration plan has to budget for workaround engineering.
Data Migration
Historical data, document formats, mailbox archives and collaboration histories do not move themselves. Data migration is the single most underestimated cost line in sovereignty programmes.
Skill Shortage
Operating Linux, Matrix, European cloud stacks and open-source databases at enterprise scale requires in-house expertise that many organisations outsourced years ago. Hiring and retraining take time.
Vendor Viability
Several European alternatives are still scaling. Procurement must assess financial stability, roadmap credibility and open-source governance, not only features. A sovereign vendor that folds is not sovereign.
What German and European Companies Should Do Now
The DINUM directive is a French government instruction. It is also a preview of the procurement questions that European customers will start asking private-sector vendors in 2026 and 2027. Companies that prepare now avoid a reactive migration later.
Digital Supply Chain Inventory
Catalogue every vendor, data flow and hosting location. Tag each entry with jurisdiction, data classification and criticality. The goal is a single-page dependency map the board can read. Without this map every later step is guesswork. Related reading: AI security and data protection and shadow AI risks .
Kill Switch Stress Test
Run a scenario exercise: what happens if a critical non-European provider becomes unusable for 30, 90 or 365 days. Identify the top three single points of failure. This exercise is the honest version of the Luenendonk survey question, and it turns anxiety into a prioritised list. See also the BSI-compliant integration guide .
Pilot Parallel Deployments
For the top three replacement candidates, run parallel pilots with European alternatives: Mistral or Aleph Alpha for generative AI, DeepL for translation, GAIA-X-aligned cloud for hosting, Linux workplace images, open-source office and collaboration stacks. Measure feature gaps honestly and document the migration playbook.
Governance and Procurement Reform
Tie digital sovereignty into procurement criteria the same way GDPR is already tied into them. Align the programme with the EU AI Act deadline in August 2026, see the EU AI Act action guide . Make sovereignty a board-level metric, not a side project of the infrastructure team.
The Asymmetry Is The Opportunity
France set a deadline and named institutions. Germany published surveys and waits for politics. The practical consequence is that French buyers will demand sovereign stacks before German buyers do, and European vendors will calibrate to that demand first. European companies that want influence on vendor roadmaps should arrive at those conversations as customers, not as observers.
Conclusion
The DINUM directive of April 8, 2026 does not invent digital sovereignty. It operationalises it. For the first time a large European state has put a deadline, a scope and an industrial follow-through event on a complete exit plan from non-European technology. The Gendarmerie proves it is doable, the Caisse nationale d'Assurance maladie proves it is being done, and Tchap, Visio and FranceTransfert prove that usable sovereign tools exist for the most visible workflows.
Germany sits on a different curve. 99 percent want independence, 83 percent fear a Kill Switch, and only 57 percent have an exit strategy. The contradiction is well documented by Bitkom and Luenendonk, and it is solvable. What it needs is not more surveys, but the same three moves France is making: a scope, a deadline and an ecosystem event that turns the directive into contracts.
Digital sovereignty in 2026 is no longer a political opinion. It is a procurement decision with a calendar. Companies that inventory their supply chain, stress-test a Kill Switch scenario and pilot European alternatives in the next 90 days will face the next crisis with options. Companies that wait for certainty will face it with excuses.
Further Reading
Frequently Asked Questions
France's Interministerial Digital Directorate DINUM instructs every French ministry to submit a concrete exit plan from non-European technology by autumn 2026. The scope covers operating systems, collaboration tools, cloud services, AI platforms, databases, virtualization, antivirus and network equipment. The directive is not a recommendation but a binding instruction to the entire central government, and it is accompanied by the first "rencontres industrielles du numerique" in June 2026 to line up European vendors for the resulting contracts.
Since 2008 the Gendarmerie Nationale has run one of the largest Linux-in-government deployments worldwide. The measurable outcome is around 2 million euros per year in license savings and roughly 40 percent lower total cost of ownership compared to the previous proprietary stack. After 18 years of stable operation across multiple political cycles the Gendarmerie proves that sovereign IT works at public-sector scale, which is why DINUM uses it explicitly as a reference when talking to other ministries.
The Luenendonk study from December 2025 and January 2026, based on 155 responses, shows that 96 percent of German firms import digital technologies and 75 percent are dependent on US software. Nine out of ten companies describe themselves as digitally dependent and 57 percent say they could survive a maximum of one year without digital imports. 83 percent consider a Kill Switch scenario realistic, yet only 57 percent have an exit strategy in place, which leaves a 26 percentage point gap between fear and preparation.
Bitkom's representative survey in spring 2026, with 1,004 telephone interviews in calendar weeks 9 to 12, found that 99 percent of respondents want digital independence for Germany and Europe, 93 percent perceive a dependency on US and Chinese providers, and 79 percent demand stronger investments in European technology. At the same time only 34 percent have consciously chosen a European service and actual adoption ranges between 5 and 14 percent across categories. 55 percent consider switching too complicated because of data migration, ecosystem lock-in and feature gaps.
For large language models Mistral and Aleph Alpha offer European sovereign options. DeepL is the established choice for translation. GAIA-X builds the federated cloud infrastructure layer. Open-source operating systems such as Debian and Ubuntu replace Windows at workstation level. In France DINUM promotes Tchap as a sovereign messenger, Visio for video conferencing and FranceTransfert for secure file sharing. Open-source office suites, European email providers and European database and virtualization stacks round out the practical catalogue.
Start with a digital supply chain inventory that captures vendors, data flows and hosting locations. Then stress-test each critical system against a Kill Switch scenario of 30, 90 and 365 days, define exit criteria, prioritise the top three replacement candidates and run parallel pilots with European alternatives. Budget honestly for migration, feature gaps and training. Tie the programme to the EU AI Act deadline in August 2026 and the GDPR regime, and communicate digital sovereignty as a procurement and governance criterion at board level, not as a side project of the infrastructure team.