Eske Ofner, Head of Sales at F24

In times of growing geopolitical uncertainty and global cyber threats, traditional IT security is no longer sufficient. Companies must review their digital infrastructure and partner strategies for resilience. The targeted use of European IT and communications providers – ‘Buy European’ for short – is thus becoming a key instrument for actionability, data protection and compliance.

The security situation in Europe is more complex than ever. As cyber attacks increase, political tensions destabilise supply chains and new regulations challenge companies, organisations in the DACH region are under growing pressure to make their digital infrastructure not only secure, but also sovereign. After all, anyone who wants to guarantee IT security today must think beyond the usual IT security measures. By 2025, cyber security will no longer be purely an IT issue. It is a management task, a competitive factor and, increasingly, a geopolitical risk. And it begins where strategic decisions about partners, technologies and data locations are made. In a world where cloud platforms, communication systems and software solutions form the nerve centres of modern organisations, it is not only the technologies used that matter, but also who they are entrusted to.

From cyber risk to crisis of confidence

Just a few years ago, ransomware, phishing and data theft dominated the security agenda. Today, a new dimension has been added: the political one. Extraterritorial laws such as the US CLOUD Act and the watering down of transatlantic data protection agreements show that digital infrastructures are increasingly becoming part of geopolitical conflicts of interest. The problem is subtle but serious: companies that use cloud services, SaaS solutions or communication platforms from third countries can effectively lose access to their own data – whether through government orders, sanctions or regulatory shifts. This brings into focus an aspect that has long been neglected: trust. Trust in the integrity of providers, in the stability of legal frameworks, in the sovereignty of one’s own infrastructure. While many security concepts still focus on firewalls, patches and access controls, the central question today is shifting: How can the ability to act in crises be maintained – regardless of external influences? And what role does IT security play in this?

From system protection to resilience

IT security in 2025 must no longer be understood solely as protection against attacks, but as a means of securing one’s own sovereignty. It must be expanded to include a strategic dimension if it is to remain relevant. This includes security management that not only analyses risks technically, but also manages them with a view to the overall corporate context. And this also includes the question of how sovereign one’s own infrastructure actually is. It is precisely against this backdrop that the ‘Buy European’ principle takes on a new dimension. It is not a protectionist reflex, but a concrete resilience measure. Those who consciously prioritise European partners in their procurement reduce several risk factors at once:

• Legal certainty and data protection: European providers are subject to the GDPR and are not bound by laws such as the US CLOUD Act. This means that data stored in European systems is subject exclusively to the protection of European data protection laws.
• Regulatory predictability: Legislative changes in Europe follow democratically legitimised processes with lead times and transition periods. This enables companies to adapt their compliance systems in good time instead of being surprised by abrupt regulatory interventions.
• Supply chain stability: European partners have local teams, shorter decision-making processes and cultural proximity. This minimises communication barriers and increases crisis response capability.
• Avoiding geopolitical dependencies: Outsourcing core infrastructure functions – such as alarm systems or cloud communication – to third countries creates political dependencies.
• Interoperability and innovative strength: European frameworks such as NIS2, DORA and the AI Act create common standards that promote both technological innovation and regulatory certainty.

The bottom line is that ‘Buy European’ is not a step backwards, but a strategic security gain. Those who anchor their systems, partners and processes within a stable, democratically legitimate and legally secure framework reduce technical, legal and strategic risks at the same time.

Use case: crisis communication as a lever for resilience

And this has a significant impact on everyday business operations. Anyone who has ever experienced a crisis situation in a company knows that in an emergency, the ability to pass on information quickly and reliably determines the organisation’s ability to act. Classic technical systems alone are not enough – dedicated alerting and communication systems are an integral part of the security architecture.

If, for example, a central IT service provider becomes the target of a cyber attack and important systems are only available to a limited extent, teams must still be informed and coordinated measures initiated. Modern solutions combine alerting, crisis communication and documentation via a secure, legally compliant platform. Even in the event of partial infrastructure failures, data integrity and operational capability are maintained. This interlinking of technology and organisational processes enables companies to combine speed, transparency and compliance and to manage crisis situations much more efficiently and in a more controlled manner. Crisis communication thus becomes a real lever of resilience that makes the difference between chaos and orderly crisis management. Those who rely on European providers in such critical situations also benefit from legal stability, local availability and clear standards.

Author: Eske Ofner: Eske Ofner is an expert in the field of alerting and crisis management and Head of Sales at F24, Europe’s leading Software-as-a-Service provider for resilience.