[Press Release]

Bare.ID Aligns with the Federal Digital Strategy

The federal digital strategy is undergoing revision, with a focus on digital sovereignty - an aspect that is already inherent to Bare.ID today.

28. February 2023

SwooshDigitalstrategie Bund

Cyberattacks and the associated risks are more prevalent than ever in times of crisis: Both the COVID-19 pandemic and the conflict in Ukraine have demonstrated the urgent need for digitization in public institutions and critical infrastructure sectors (KRITIS). However, these sectors have also become frequent targets of cyberattacks.

The escalating threat of falling victim to a cyberattack highlights the increased necessity for any digitization strategy to be accompanied by a comprehensive cybersecurity strategy. As business processes and data become increasingly digital, the attack surface expands, demanding appropriate security solutions. Notably, American digital companies hold a dominant role in shaping digitalization in the European landscape due to their progressiveness. To avoid dependence on these non-European providers and to adhere to significantly higher data security standards in Germany and Europe, the federal government calls for support of the domestic economy, particularly in the cloud sector.

The Federal Government of Germany's international digital strategy places a significant emphasis on security and digital sovereignty. The strategy is guided by various stakeholders, including the Federal Association of IT-SMEs (BITMi), of which Bare.ID is a member. BITMi recently provided more information about the core objectives of its advisory role in a press release.

The issue of dependence on foreign entities due to foreign majority ownership is not unfamiliar in the context of Single Sign-On cloud solutions. Therefore, Bare.ID, as a cloud IAM solution, has centered its focus on digital sovereignty from its inception, making compliance its unique selling point (USP). We will delve into how full digital sovereignty can be realized and how Bare.ID adheres to this, thereby aligning with the Federal Digital Strategy.

Digital Sovereignty: What Must Be Ensured?

Various factors, both geographical and technological, play a role in achieving digital sovereignty and minimizing dependencies. Geographically, the aim is to significantly reduce reliance on third-party states, which, as mentioned, is still prevalent in the digital realm. This is achieved not only through national providers carrying the "Made in Germany" seal, indicating exclusive origin and location, but also through the retention of legal control within Germany at all times. Ultimately, it doesn't matter if data processing occurs in data centers on Swiss, European, or German soil - what matters is the jurisdiction under which the provider falls due to its origin. True digital sovereignty is achieved when there are blocking minorities and thus no majority shares for non-German shareholders. Another often overlooked aspect is supply chain analysis. Even if the provider adheres to all standards and regulations, dependence on non-German software suppliers impedes full sovereignty. To achieve digital sovereignty, these criteria must also be fulfilled.

In addition to the geographical aspect, data availability also plays a role. On the one hand, providers or solutions must ensure that availability or access is guaranteed even in times of crisis. This implies creating redundancies so that if one part of the system fails, another part can take over its tasks until it's restored or replaced. High availability also contributes to scalability, enabling simple growth as needed. This makes it easier for companies to adapt quickly to unexpected changes or spikes in demand. On the other hand, easy data portability is relevant: dependence on individual providers, referred to as Vendor Lock-In, should be avoided. Vendor Lock-In occurs when a customer is unable or unwilling to migrate away from a specific provider, whether due to contractual obligations or other factors like the lack of compatible systems from other providers or fear of disruptions caused by migration processes. Avoiding vendor lock-in allows companies to switch providers whenever necessary without major repercussions. This grants them greater flexibility in making decisions about their IT infrastructure and operations.

Implementing Digital Sovereignty with Bare.ID

Bare.ID provides users with the benefits of a premier Cloud Identity and Access Management (IAM) solution that complies with German data security and privacy requirements. Bare.ID places significant emphasis on adhering to German laws and regulations - from jurisdiction to the support team based in Germany, and the data centers controlled by German entities. This ensures that all user data conforms to applicable regulations while providing an additional layer of security against potential threats or vulnerabilities beyond German borders. Moreover, Bare.ID ensures that only suppliers and partners meeting German security standards are chosen within the supply chain.

To fully guarantee digital sovereignty, Bare.ID addresses not only legal and geographical requirements but also technological requirements effectively. At its core, the solution leverages the established open-source IAM framework, Keycloak, ensuring straightforward data portability. If a change in provider is desired, there is no Vendor Lock-In, and the customer can easily move their data to another provider. Alternatively, through the availability of the source code, they can work without a vendor, attaining complete independence.

Reliability is also ensured through high availability, achieved through multi-node operation with possible geo-redundancy architecture. Multiple nodes provide redundancy and fault tolerance, guaranteeing high system availability. If a node fails or an issue arises, another node takes over to sustain system operations without interruption or data loss. Additionally, at least two nodes are situated in a different geographic location in accordance with KRITIS regulations on geo-redundancy.

Press Contact

Bare.ID GmbH | Lisa Holzhofer | 0611 945 735 0 | info@bare.id | www.bare.id


In today's ever-changing technological landscape, digital sovereignty is becoming increasingly crucial for businesses worldwide. To achieve true digital sovereignty, it is imperative that majority shares remain under German jurisdiction. Companies must maintain full control over their IT environment while ensuring secure access with high availability and avoiding dependence on individual providers. This way, they can preserve genuine autonomy over their data while reaping the benefits of cloud computing solutions, such as scalability and cost savings. With the right implementation of these elements, businesses can confidently look to the future, free from unwanted limitations imposed by external providers or third parties.

Ähnliche Artikel


EU NIS 2 – Why All Industries Should Take Action Now

EU NIS 2 - What's Changing and Why Should All Industries Take Action Now?

Passwort-Manager vs Single Sign-On

Password manager vs. single sign-on: finding the right solution

The advantages and disadvantages of the two tools in terms of secure login processes and user-friendliness.

Passwortlose Authentifizierung

Passwordless authentication as a security measure

Say goodbye to passwords: the future of secure login with passwordless authentication

Termin vereinbaren

Get in touch

Request a non-binding consultation now and discover how Bare.ID can be integrated into your IT environment.

Bare.ID is committed to respecting and protecting your privacy. We will only use your personal data to provide you with the information you have requested. All information can be found in our Privacy Policy. By clicking "Submit" below, you consent to Bare.ID storing and processing the personal data provided above in order to provide you with the requested content.


Sign up for our newsletter to stay updated.

I agree to receive further information and news from Bare.ID. For more information, please see our Privacy Policy.

Bare.ID represents user-friendly Identity & Access Management in the cloud. With Bare.ID, digital business processes and applications can be connected to a local user directory, benefiting from centralized security and Single Sign-On. Whether On-Premise, Hybrid, or Cloud, Bare.ID offers a multitude of pre-configured integrations. 100% security, Made in Germany.

Bare.ID's offerings are exclusively intended for business customers in accordance with §14 BGB. All prices are to be understood as net prices, plus applicable VAT at the time of billing.

Bare.ID is a product and registered trademark of Bare.ID GmbH - an AOE Group company © 2024 - All rights reserved.