Lessons from Failed Initiatives
An honest assessment of why previous digital sovereignty initiatives failed or were abandoned, and how this Cooperative proposal addresses those failure modes.
Executive Summary
Bottom Line: Previous failures share common patterns: political capture, hyperscaler infiltration, scope creep, insufficient funding, and lack of user focus. This proposal's design specifically addresses each failure mode. However, failure remains possible—which is why the pilot programme includes defined exit criteria.
1. Gaia-X (EU, 2019-Present)
🇪🇺 Gaia-X: "Chronicle of a Failure Foretold"
| Launch | 2019 (Franco-German initiative) |
|---|---|
| Goal | European data infrastructure federation, digital sovereignty |
| Members | 350+ organisations including AWS, Azure, Google, Alibaba |
| Investment | Membership fees; no major infrastructure investment |
| Current Status | Widely criticised |
Why Gaia-X Failed
- Hyperscaler infiltration: AWS, Azure, Google, and Alibaba were admitted as members, allowing them to shape rules and "flood it with documents and regulations" (Nextcloud CEO). The organisations meant to be countered captured the initiative.
- No actual infrastructure: Gaia-X is a standards body, not a cloud provider. It produces specifications, not services. "A paper monster" (Karlitschek, 2024).
- Scope creep: "Some people wanted a cloud champion, some people wanted a regulator, some people wanted a standards body" (former CEO Bonfiglio).
- Political priority shift: When US administration changed in 2021, some EU governments reduced pressure for independence.
- No user focus: 180+ "use cases" documented but few actual services deployed that citizens or businesses use.
Source: EuroStack "Chronicle of a Failure Foretold", The Register: Nextcloud CEO assessment
How This Proposal Differs
| Gaia-X Problem | Our Mitigation |
|---|---|
| Hyperscaler membership | Excluded by design. Only non-US entities eligible for Cooperative membership. Suppliers from US-headquartered companies explicitly prohibited. |
| Standards body, not infrastructure | Infrastructure-first. Pilot programme deploys actual compute and storage before anything else. €478M infrastructure investment. |
| Scope creep / unclear mission | Single mission: Build and operate sovereign cloud infrastructure. Not standards, not regulation, not a marketplace. |
| Political priority shifts | Treaty-bound commitments. International agreement with binding obligations, exit penalties, and independent governance. |
| No user focus | User satisfaction as success criterion. Pilot must achieve 3.5/5 user satisfaction or triggers NO-GO. |
2. Munich LiMux (Germany, 2004-2017)
🇩🇪 LiMux: Political Reversal Despite Technical Success
| Launch | 2004 |
|---|---|
| Scope | 14,800+ desktops migrated from Windows to Linux |
| Reported Savings | €11 million vs. Microsoft licensing |
| Reversal | November 2017 - decision to return to Windows by 2020 |
| Reversal Cost | €90 million estimated |
Why LiMux Was Reversed
- Political capture: New mayor Dieter Reiter (elected 2014) described himself as a "Microsoft fan" and drove Microsoft Germany headquarters relocation to Munich.
- Strategic review by Microsoft partner: Accenture (Microsoft partner, same building as Microsoft Germany) was commissioned to review LiMux, identifying "organizational issues" rather than technical problems.
- User experience problems: Compatibility issues with external partners using Microsoft Office; some government tools Windows-only; Excel macros didn't work.
- Change management failure: Technical rollout outpaced user training and support. Staff frustration accumulated over years.
- Single-city isolation: Munich was alone. No network effect, no shared development costs, no interoperability with other governments.
Key finding: Investigative journalism (ARD, 2018) found majority of staff were satisfied with LiMux; reversal was politically motivated, not technically justified.
Source: Wikipedia: LiMux, It's FOSS analysis, FSFE: What happened in Munich
How This Proposal Differs
| LiMux Problem | Our Mitigation |
|---|---|
| Single mayor could reverse | Multi-national treaty. No single politician can reverse; requires consensus or supermajority across jurisdictions. Exit requires notice period and stranded capital payment. |
| Review by competitor partner | Conflict-of-interest rules. Reviewers must declare conflicts; entities with hyperscaler relationships excluded from governance roles. |
| External compatibility issues | Scale advantage. Four major economies adopting together creates critical mass; external parties adapt to government, not vice versa. |
| Change management failure | Dedicated training budget. Skills mobilisation is a defined workstream with budget allocation. User satisfaction is a Go/No-Go criterion. |
| Isolated single city | International cooperative. Shared development costs, network effects, interoperability by design, political mutual support. |
3. Australia Top Secret Cloud (2024)
🇦🇺 Australia: Sovereignty Rhetoric, Hyperscaler Reality
| Announcement | July 2024 |
|---|---|
| Investment | $2+ billion AUD over 10 years |
| Provider | Amazon Web Services (AWS) |
| Classification | Top Secret / intelligence community data |
| Assessment | Cautionary example |
Analysis
The Australian government announced a $2 billion deal with AWS to build a "sovereign" Top Secret Cloud for the National Intelligence Community and Defence. This is marketed as enhancing sovereignty while doing the opposite.
- AWS remains a US company: Subject to CLOUD Act, FISA 702, Executive Orders. Physical location in Australia does not change legal jurisdiction.
- Top Secret data to US company: Australia's most sensitive intelligence will be managed by the same company that provides cloud services to US intelligence.
- "Sovereign" is marketing: The term is used to mean "located in Australia" rather than "free from foreign legal control."
- Lock-in deepened: Rather than reducing dependency, this deal increases it—now including classified systems.
Source: Australian Government announcement, Breaking Defense analysis
Lesson: "Sovereign" has become a marketing term. Location is not sovereignty. This proposal defines sovereignty as freedom from foreign legal compulsion—which requires non-US ownership and control of the entire stack.
4. UK Government Cloud Strategy (2012-Present)
🇬🇧 UK: Vendor Lock-in Despite "Cloud First"
| Policy | "Cloud First" since 2013 |
|---|---|
| Framework | G-Cloud (now G-Cloud 15, £14B ceiling) |
| 2024 Spend | £6 billion public sector cloud |
| Primary Providers | AWS, Azure, Google Cloud |
| Assessment | Cautionary example |
Problems Identified (CDDO/GDS Internal Analysis, 2024)
- "Risk concentration and vendor lock-in" that "inhibit UK government's negotiating power over the cloud vendors" (CDDO paper, 2024).
- Fragmented procurement: Individual departments negotiate separately, losing collective bargaining power.
- Service reliability: 25% of respondents suffered critical outages in 2024; 123 critical outages in NHS England alone.
- Data sovereignty concerns: Microsoft unable to guarantee sovereignty of policing data in public cloud (Computer Weekly, 2024).
- Overseas data guidance: February 2025 DSIT guidance permits hosting outside UK for "resilience"—further diluting sovereignty.
Source: State of Digital Government Review (January 2025), Computer Weekly
Lesson: "Cloud First" without "Sovereignty First" leads to dependency. Procurement frameworks that include US hyperscalers inevitably concentrate spend on them. This proposal reverses the approach: sovereignty as the primary criterion, with cloud benefits following from a sovereign foundation.
5. Models That Worked
Not all sovereignty initiatives failed. Two models provide evidence of what works:
✓ CERN: International Scientific Cooperation
| Founded | 1954 |
|---|---|
| Members | 23 European states |
| Budget | ~CHF 1.2 billion/year |
| Infrastructure | Largest particle physics lab globally |
Why CERN Works
- Treaty-based governance: International organisation with legal personality
- Shared infrastructure: Physical assets owned by the organisation
- Long-term commitment: Members committed for decades, not political cycles
- Technical excellence: Attracts best scientists; quality drives support
- Clear mission: Fundamental physics research—no scope creep
Relevance: The Cooperative adopts CERN's governance model: treaty-based, shared infrastructure, long-term commitment, clear mission.
✓ Schleswig-Holstein: State-Level Linux Success (2024)
| Announcement | April 2024 |
|---|---|
| Scope | 30,000 workstations migrating from Windows to Linux |
| Applications | LibreOffice replacing Microsoft Office |
| Status | In progress |
Why Schleswig-Holstein Is Succeeding Where Munich Failed
- Learned from Munich: Explicit focus on change management and user support
- State-level political commitment: Cross-party support documented
- Sovereignty rationale: Post-2022 security concerns provide political cover
- Network effect: Denmark coordination provides mutual support
- "Öffentliches Geld, öffentlicher Code": Public money, public code principle embedded
6. Synthesised Failure Patterns and Mitigations
| # | Failure Pattern | Examples | Our Mitigation |
|---|---|---|---|
| 1 | Hyperscaler capture | Gaia-X admitted AWS/Azure/Google as members | US-headquartered companies explicitly excluded from Cooperative membership and supplier contracts |
| 2 | Standards without infrastructure | Gaia-X produced documents, not services | Infrastructure-first: pilot deploys actual compute before any standards work |
| 3 | Political reversal | Munich LiMux reversed by new mayor | International treaty with exit penalties; no single jurisdiction can reverse |
| 4 | User experience neglect | Munich staff frustration accumulated over years | User satisfaction is mandatory Go/No-Go criterion; dedicated training budget |
| 5 | Scope creep | Gaia-X tried to be everything to everyone | Single mission: build and operate sovereign cloud infrastructure |
| 6 | Isolation | Munich alone; no network effects | Four-nation cooperative from day one; shared costs, interoperability |
| 7 | Conflict of interest | Accenture (Microsoft partner) reviewed LiMux | Governance rules require conflict disclosure; hyperscaler-affiliated entities excluded from reviews |
| 8 | "Sovereign" as marketing | Australia "sovereign" cloud is AWS | Clear definition: sovereignty = freedom from foreign legal compulsion, not just location |
7. Residual Risk Acknowledgment
Risks that cannot be fully mitigated:
- Multi-nation coordination complexity: Four jurisdictions with different political cycles, procurement rules, and priorities creates genuine governance challenges.
- Technical integration at scale: No government has built the complete proposed stack at this scale. This is genuinely novel.
- Skills availability: CloudStack expertise is scarcer than AWS/Azure. Training programmes may not scale fast enough.
- Political will erosion: If US relations improve or threat perception decreases, political support may fade despite treaty commitments.
Honest Assessment: This proposal is designed to avoid known failure modes. It cannot guarantee success. The pilot programme's purpose is to validate feasibility before committing to full-scale implementation. The €400M maximum stranded capital in a NO-GO scenario is the cost of learning whether this can work.
Lessons Learned Summary
This proposal addresses each failure mode by design. However, failure remains possible— which is why the pilot programme includes defined exit criteria with controlled losses.