SUSE operationalizes digital sovereignty as 98% of IT leaders prioritize data independence

At a glance:

• SUSE shifts strategy to digital sovereignty, targeting organizations seeking independence from US-based tech providers
• 98% of IT leaders worldwide prioritize digital sovereignty, with 52% already taking steps to free themselves from hypercloud providers like Microsoft and Google
• SUSE is operationalizing sovereignty through reproducible builds, multi-Linux support, and sovereign AI frameworks with measurable assurance levels

SUSE's Strategic Pivot to Digital Sovereignty

At SUSECON 2026, European Linux powerhouse SUSE revealed a fundamental shift in its business strategy, moving digital sovereignty from a niche concept to its core operating model. The company is rebuilding its Linux, Kubernetes, and AI narratives around the principle that sovereignty is now the practical route to choice and resilience in enterprise IT globally. This isn't merely a response to European Union regulations; it's a recognition that customers worldwide are wary of centralized, proprietary, and US-centric tech services and hypercloud providers.

SUSE's research, presented at its annual trade show in Prague, Czech Republic, revealed that among IT leaders worldwide, 98% prioritize digital sovereignty. Of those, just over half (52%) are already taking concrete steps to achieve freedom from US-based hypercloud providers such as Microsoft and Google. These statistics reflect a growing concern among organizations about maintaining control over their data and infrastructure in an increasingly fragmented geopolitical landscape.

The Reality Behind Sovereignty Concerns

Frank Feldmann, SUSE's chief strategy officer, distilled the concept of digital sovereignty to its essence: "how quickly you can detach from a vendor or platform that no longer fits, and how easily you can move to the next one." This adaptability becomes crucial when organizations can't trust proprietary companies governed by countries that don't respect their rights to act in their best interests. The concerns aren't theoretical—SUSE reports that 51% of executives have already suffered a breach by a foreign entity, highlighting the tangible risks of over-reliance on centralized platforms.

The urgency of this shift is compounded by what Feldmann calls the "exit velocity and pivot ability" needed to react almost as fast as "a politician signs an executive order" to protect data and services. Yet there's a significant execution gap between executives who understand the need for change and implementers who haven't yet begun the transition. "People at an executive level… understand they need to change," Feldmann noted. "But if you then would ask a DevOps engineer or platform engineer, 'Is there stuff happening already?' the answer very often is still 'no, not yet'… We're articulating frameworks… but the real move is still a little left behind."

Engineering Sovereignty from the Ground Up

SUSE's approach to digital sovereignty begins at the code level. Miguel Pérez Colino, who oversees SUSE's Linux strategy, emphasized the connection between SUSE's build processes, European legal frameworks, and sovereignty. "We have a completely open mechanism for building everything," he explained. "Companies want to be in control, and they don't want anyone messing with them. What is the guarantee? SUSE is completely open source -- the build, the test bits, everything. What is the warranty? Being able to reproduce what you're doing. So reproducible builds are key for us."

Today, SUSE has achieved reproducible builds at over 97%, with plans to reach 100% soon. This technical foundation allows customers to rebuild and verify the binaries they run rather than trusting black box binaries. Pérez Colino further connected this technical approach to legal protection: "The European laws guarantee that your privacy is kept… So we're saying that being European guarantees sovereignty. It's not for sovereignty for Europe, it's for sovereignty everywhere, because the legal framework where we work enables us to do it."

Measuring and Implementing Sovereignty

To move beyond rhetoric, SUSE is rolling out tools that make sovereignty measurable and actionable. The Cloud Sovereignty Framework Self-Assessment, aligned with the EU Cloud Sovereignty Framework, enables organizations to achieve a Sovereignty Effective Assurance Level (SEAL) score (from 0 to 4) across eight objectives. This provides CIOs and CISOs with concrete metrics to demonstrate progress or risk to boards, regulators, and procurement officers.

Underpinning this assessment is SUSE Linux Enterprise 16 (SLES 16), which CEO Dirk Peter van Leeuwen positioned as more than just another long-term support release. "SLES 16 makes Linux exciting again," he stated. "It's the first platform of its kind that integrates agentic AI. It's designed specifically to handle the transformation from virtual machines to containers and from the datacenter to the edge. It's not just an OS. It's a platform for adaptation." This platform approach allows organizations to maintain flexibility while implementing sovereign infrastructure.

Expanding Options Through Multi-Linux Support

Recognizing that many organizations can't immediately abandon existing Linux deployments, SUSE has developed Multi-Linux Support. This offering allows customers to keep Red Hat Enterprise Linux (RHEL)- or CentOS-derived systems running while switching their updates and support to SUSE. "You have one company, you switch the company, you move to another company for your support," Pérez Colino explained. "This is based on the basics of open source. You have open source, and you provide the service on open source." This approach enables organizations to change their support provider without the massive undertaking of reinstalling their entire infrastructure.

The importance of this flexibility was highlighted by Arnab Chatterjee, senior infrastructure engineering manager at Nomura, Japan's largest investment bank. He described years of reliance on VMware as "carrying a 500-pound pet gorilla on your back," emphasizing the need for partners who can help organizations unwind long-term dependencies. "With SUSE premium services, we found somebody who can walk with us through the journey, advocate for us where there were problems and pitfalls, and be part of our team," Chatterjee stated.

Scaling Sovereignty Through Partnerships

To extend its sovereign capabilities, SUSE is enhancing its SUSE One Partner Program with a new sovereign specialization. "This provides," explained Hayley Wienszczak, head of SUSE global partner programs, "a horizontal layer across the whole program, so it will be open to all of our partners to join. This really is about helping our customers by working with and investing in service providers to build a sovereign stack based on SUSE." This ecosystem approach allows SUSE to offer comprehensive sovereign solutions even when customers need specialized services beyond SUSE's direct offerings.

The partner ecosystem includes organizations like evroc, a Stockholm-based company building a sovereign European cloud and a SUSE partner. CEO Mattias Åström proposed a blunt litmus test for sovereignty: "Does the foreign state have a kill switch? Can the foreign state see your data? Those are the definitions." While Dell EMEA CTO Marc O'Regan argued for a more nuanced full-stack view—warning that patterns extracted by AI can be more sensitive than raw data—SUSE aims to satisfy both perspectives with its comprehensive approach.

The AI Dimension of Sovereignty

Digital sovereignty has taken on new urgency with the rise of artificial intelligence. As van Leeuwen noted, "Shadow AI is becoming the new shadow IT." This phenomenon occurs when organizations approve one vendor's AI service while staff quietly paste confidential data into another, with security teams struggling to track where models run and how confidential tasks are segregated. AI has transformed sovereignty from a theoretical risk to a daily operational question.

The sensitivity of AI-driven information was emphasized by O'Regan: "Data is only data. It becomes valuable when it becomes information… The exposure of the patterns associated with that information is massively risky," he said, pointing to AI and even post-quantum cryptography as new sovereignty battlegrounds. This expanding threat landscape makes SUSE's comprehensive approach—combining open-source code, European legal frameworks, and flexible infrastructure increasingly valuable for organizations seeking true sovereignty.

Customer Perspectives on Sovereignty

For customers like Airbus Defense and Space, sovereignty isn't just a compliance issue—it's a survival imperative. Nichol Reuters, Airbus's SVP for innovation and technology, stated, "If we're locked in, we're not able to scale into the future or fulfill the customer requirements of future adaptations." This long-term perspective aligns with SUSE's vision of sovereignty as a foundation for decades of technological evolution, not just passing annual audits.

SUSE is extending its sovereignty approach beyond servers to the desktop with SUSE Linux Enterprise 16 Workstation extension. Pérez Colino described this offering as "a desktop that is protecting you, that is completely open, that you can audit, that you can control, that you can customize, and that, on top of that, is built in a place where the laws are protecting you." By separating the operating system from applications and relying on upstream kernels and Flatpak for third-party software, SUSE provides a hardened, reproducible base while maintaining ecosystem compatibility.

The Future of Sovereign IT

SUSE's comprehensive strategy—combining reproducible builds, multi-Linux support, EU-centric premium support, partner specializations, and sovereign AI frameworks—positions the company as more than just talking about sovereignty; it's operationalizing it. The approach isn't a single product but a combination of products, partnerships, and services designed to keep organizations safe during uncertain times.

If SUSE can demonstrate that its approach genuinely increases exit velocity and pivot ability—enabling customers to change course quickly without losing control of their data, models, and infrastructure while increasing resilience—it will have carved out a defensible niche as the open-source backbone for sovereign IT, particularly in Europe's public sector and regulated industries. As the company moves forward with its digital sovereignty strategy, it's not just addressing current concerns but building a foundation for technological independence in an increasingly complex global landscape.