Digital sovereignty is a nation's ability to control its digital destiny and may include control over the entire supply chain, from data to hardware and software.

Digital sovereignty is especially important when there is a high level of dependency on specific technology providers. This dependency introduces the risk of losing control over your data protection, and no longer being able to fulfill national and EU-wide requirements.

 

This article by Anastasia Schmidt from TYPO3 agency coding. powerful. systems. CPS GmbH in Berlin, Germany, explores the idea of creating an index to measure a CMS’s sovereignty — and uses TYPO3 as an example.

Introduction 

Digital sovereignty is especially important when there is a high level of dependency on specific technology providers. Then there is a risk of losing control over its own IT and data protection and no longer being able to fulfill national and EU-wide requirements. In order to secure the government's ability to operate in the digital space in the long term and minimize  dependencies on specific technology providers, open source and open interfaces should be  used, among other things. 

There is currently the problem that it is not possible to measure and compare the digital  sovereignty of an application that consists of several individual components. It is of interest  whether the digital sovereignty of an application can be measured according to a general  system and made comparable via an index. This article deals with the conception of such an  index. The focus is limited to content management systems, especially TYPO3. Content  management systems are used for the creation and administration of websites and TYPO3 has a large part of the market in government administration. 

The Weizenbaum-Institut and OSB Alliance have started an initiative to make digital  sovereignty measurable through an index. The index, which analyzes parameters from  different areas, creates a comprehensive picture of the current situation and can display  changes in the level of digital sovereignty over time. This makes it possible to derive measures for politics, business and society to adjust individual indicators and achieve political goals.

How Can Digital Sovereignty be Measured?

Currently, there is no methodology for measuring digital sovereignty. To find an approach for  measurement, it is necessary to look at the definition. But even this is not unambiguous.  Digital sovereignty is defined differently in various sources, but all definitions have similarities. Generally, we are talking about digital sovereignty, when an individual, a company or even a government has the ability and possibility to maintain control over its own digital resources and its digital identity and to act independently of external influences. 

To be able to measure the digital sovereignty of a web application, it is necessary to define  first when a web application can be seen as digitally sovereign. 

From the perspective of the owner of this web application, this is when the owner has control  over all data and functions, is not dependent on other services or platforms, and can manage and publish content on its own.

From the user's point of view, there are additional points for the digital sovereignty of a web  application. The application must provide a high level of privacy and data protection. As little  data as possible should be collected about the user and not passed on to third parties, and the user should be able to manage his own data. Additionally, aspects such as reliability and  security are also important, as users should be able to interact with the website without  hesitation. Furthermore, the web application should be easy to use for all user groups. 

From these thoughts, some characteristics of a web application are derived. These  characteristics will be considered in the measurement of digital sovereignty: 

  • Control over data, content and functions: It can be checked whether the owner has full access to all functions and settings of the CMS and whether he can freely manage and, for example, export his data and settings. 
  • Independence from external providers: It can be checked whether the web application has external dependencies and the degree to which it depends on third-party providers. 
  • Privacy and security:  It can be checked whether the web application is compliant with data protection  regulations and is secure. This includes, for example, using appropriate encryption for data transmission and closing security gaps.
  • Accessibility: It can be checked if the web application is designed to be used by a large number of people or if certain groups are excluded. 

For the creation of an index these characteristics have to be included and because reference  is made to the CMS TYPO3, it is necessary to derive components from the TYPO3 structure  which should be investigated. It is possible to select the following components and investigate them in more detail: 

  • Operating system (ex. Linux, Microsoft Windows, macOS) 
  • Execution environment (e.g. PHP) 
  • Web server (e.g. Apache, Nginx, Microsoft IIS, Caddy Server) 
  • Database (e.g. MariaDB, Microsoft SQL Server, MySQL, PostgreSQL, SQLite) 
  • System extensions and 3rd party extensions 
  • Configuration and customization options in the backend and frontend (e.g. Tsconfig, TypoScript, Fluid Template Engine) 
  • Support and documentation

In addition, there are CMS-independent characteristics such as the human factor, including  skills and dependencies among employees and suppliers, as well as characteristics of a web  application such as privacy and accessibility implementation.

Survey for the Calculation of an Index for Digital Sovereignty 

A digital sovereignty index can be calculated with the help of a survey. This involves reference to vendors, certain technologies, or people. The aim is to identify where a lock-in effect or other problems that affect digital sovereignty may occur. 

The index has a color scale that indicates the degree of digital sovereignty. The score ranges from a green A for optimal application to a red E for a very large number of non-compliances. There are points that have a positive or negative impact on the index. Examples of these can be found in the figure below.