To what extent is AGOV digitally sovereign?
Initial situation
AGOV is developed and operated in partnership with Swiss economic partners. On behalf of the Swiss Federal Chancellery, operations are conducted in federal data centers and – to enhance resilience – additionally in privately owned, Swiss-controlled data centers.
The infrastructure required to operate and use AGOV across the entire value chain – from end users, power supply, and internet connectivity to the AGOV system itself and the specialized infrastructures of the authorities – is inherently and inevitably embedded in international contexts. This integration spans all layers, particularly software, hardware, organizational structures, and the underlying know-how.
Scientific Classification of AGOV’s Digital Sovereignty
1. Theoretical framework
Digital sovereignty is not a static or binary state, but a relational and graduated property of complex socio-technical systems. Scientific literature defines it in various ways, notably as technological self-determination, control over data and information flows, and institutional and economic independence from external actors [1,2].
It follows that digital sovereignty should not be understood as total autarky, but as the capacity for self-determined governance of a system within existing dependencies.
2. Layered Model and System Boundaries
The digital sovereignty of AGOV can be analyzed through a layered model that highlights different degrees of control and dependency. This perspective aligns with established approaches for analyzing socio-technical systems, which view technical, organizational, and infrastructural components as inextricably linked [5,6].
- Application and Governance Layer:
Development, source code ownership, and strategic steering of AGOV are located in Switzerland. This ensures a high degree of control over functionality, future development, and security mechanisms. - Operational Layer (Hosting):
Operations are conducted in federal data centers and Swiss partner facilities. Consequently, both legal and physical control remain within national jurisdiction. There are no direct dependencies on foreign cloud platforms for core processes. - Interface to Relying Systems (Scope of Assessment):
AGOV functions as a central Identity and Access Management (IAM) system. Its operational scope ends at the technical handover interface (e.g., OIDC, SAML) to connected applications and registries. The digital sovereignty of these relying systems is not part of this assessment. AGOV provides a sovereign access mechanism; responsibility for downstream data processing lies with the respective specialized authorities. - Infrastructure Layer (Structural Dependencies):
Hardware, software components, and network protocols are embedded in global supply chains. Research on IT supply chains shows that these dependencies are structural and fundamentally shape the control and trust characteristics of digital systems [4]. Complete autonomy is unattainable at this layer; sovereignty manifests here through the active management of dependencies, for example, through standardization and diversification. - User Layer (Periphery):
End-user devices and operating systems lie outside direct state control. This layer marks a systemic boundary of governability and illustrates that digital services are always embedded in external usage environments.
3. Operational Autonomy and the “Killswitch” Criterion
A key criterion for assessing digital sovereignty is the question of immediate external controllability.
AGOV does not feature an external “killswitch” scenario: no external state or private actor can unilaterally and immediately disable the service. Operational decision-making authority remains within Swiss jurisdiction.
At the same time, internet governance analyses show that digital infrastructures are shaped by global standards, protocols, and institutional frameworks [6]. This results in indirect and distributed forms of influence that do not act on a single point of control but operate systemically.
4. Conclusion
AGOV is classified as highly digitally sovereign in both institutional and operational terms. The core state function of identity brokerage can be provided independently and under control within realistic conditions.
However, this sovereignty is not absolute. It exists within clearly defined system boundaries and is based on the capacity to actively manage dependencies rather than eliminate them entirely. This understanding aligns with current strategic interpretations of digital sovereignty as a state's capacity to act within a context of global technological interdependencies [7].
AGOV is therefore digitally sovereign within its system context—but not independent of the global dependencies in which every digital system is inevitably embedded.
References
[1] Florian Pohle & Thorsten Thiel (2020). Digital sovereignty. Internet Policy Review, 9(4).
[2] Stéphane Couture & Sophie Toupin (2019). What does the notion of sovereignty mean when referring to the digital? New Media & Society, 21(10). https://doi.org/10.1177/1461444819865984
[3] Neil Gershenfeld et al. (2017). Designing Reality. Basic Books. (bewusst nicht im Text verwendet)
[4] Nir Kshetri (2018). The Economics of Cybersecurity: A Supply Chain Perspective. Springer.
[5] Geoffrey C. Bowker & Susan Leigh Star (1999). Sorting Things Out. MIT Press.
[6] Laura DeNardis (2014). The Global War for Internet Governance. Yale University Press.
[7] OECD (2021). Digital Sovereignty for the Digital Decade.