Technologies, concepts and regulatory framework conditions are in place

The real bottleneck no longer lies in technical feasibility, but in trust, security and joint implementation. Digital added value will only be created when companies can control their data with confidence, when AI acts reliably and comprehensibly and when data rooms are not just pilot projects but are rolled out on a broad scale.

In many conversations, I see that we often assume that security is already an integral part of digitalization technologies. But IT security is not an automatic given. It must be actively developed, reviewed and guaranteed by clear framework conditions. A purely organizational trust model is simply not enough for networked industrial ecosystems. Security must be enforceable at a technical level. It must be in place before digitalization can even function on an industrial scale. Only then will the trust that a data-secure Germany needs develop.

Security is the foundation - not the downstream supplement

It is true that powerful building blocks for sovereign data spaces already exist with connector technologies such as the Sovity Connector, the EDC Eclipse Dataspace Components, the Eclipse Tractus-X EDC Connector and the Amadeus Dataspace Connector. However, as long as different data space initiatives establish their own technical approaches and divergent governance models, isolated solutions will emerge. This may seem attractive in the short term, but it prevents what we urgently need: a common, interoperable basis. The X projects in Germany are providing important impetus, and many dedicated teams are working on impressive solutions. But only when security is understood as an overriding condition and when uniform technical standards are binding can these initiatives develop their full potential. Without such a foundation, the projects will remain small-scale, even though their potential lies on a large scale.

Data rooms must offer economic added value for SMEs

This consolidation is particularly crucial in order to effectively integrate SMEs. Many people imagine that onboarding small and medium-sized enterprises in data rooms is easier than it actually is in industrial reality. Participation for SMEs is only worthwhile if the costs and benefits are in an economically sensible relationship - in short, if costs can be saved or more turnover generated. Ultimately, an overall positive economic effect can only be achieved if everyone can participate in such a system. Individual pioneers are not enough.

AI needs control - and secure data rooms as a prerequisite

At the same time, we are observing a phase of enormous expectations of artificial intelligence. AI is undoubtedly a key driver of digitalization, but it is often overloaded with a promise of automation that can hardly be kept in practice. Successful industrial AI requires both autonomously acting agents at a higher level and controlled, explainable systems for machines and plants, especially in compliance with (occupational) safety, which are subject to clear responsibilities. This requires secure data rooms and enforceable data usage control. Without these foundations, AI can neither act in a trustworthy manner nor create sustainable economic added value.

EuroStack as a European development - the second half of the journey

This is where it becomes clear that Germany and Europe need to do their homework before the next stage can be reached. This is precisely where EuroStack comes into play as a consistent further development. While the German X projects primarily address the establishment of functioning data spaces and secure data usage, EuroStack expands the view to the European level and adds the necessary layers for sovereign cloud infrastructures, trustworthy AI and secure I(I)oT platforms.

You could say that working on technical standards, interoperable connectors and reliable security is half the way to a data-secure Germany. EuroStack is the second half by transferring these foundations into a European technology stack and thus creating a real alternative to the dominant US and Chinese infrastructures.

The fact that Fraunhofer CCIT is already addressing four of the seven EuroStack levels shows that we are by no means lagging behind technologically. The crucial question is whether we consistently transfer these existing building blocks into a joint implementation. It would be a missed opportunity if we get lost in fragmented discussions instead of joining forces to build European sovereignty.

2026 as the year of joint action

2026 brings with it a particular sense of urgency. The economic situation, geopolitical uncertainties and increasing international competitive pressure make it clear that we cannot afford another year of procrastination. We have research, know-how, technical foundations and committed networks. What counts now is the joint step from idea to implementation.

A data-secure Germany and a digitally sovereign European industry will not be created by everyone acting on their own. No one can manage this transformation process alone - not research, not industry, not politics. Only joint implementation, supported by interoperable standards and genuine cooperation, will enable the breakthrough.

Right now, we are also facing a rare opportunity - a once-in-20-years chance to build a European digital infrastructure as a genuine counter-model to existing dependencies. If we let it pass, it will not come back any time soon. If we have the courage to take this joint step in 2026, we can actively shape industrial digitalization and make Germany a pioneer.