Digital sovereignty in document management

Q: Does the primedocs template software see the completed documents?

No. Completed documents are not saved in primedocs.

Q: Can documents created with primedocs be used independently and in the long term?

Yes, because open and standardized formats are used, documents remain accessible regardless of individual providers and software (e.g. primedocs, Microsoft Office).

Q: Do we have to use the cloud?

No. You can purchase primedocs as a cloud-based SaaS solution or as an on-premises solution. If you purchase primedocs in the SaaS version, you can choose whether you want us to operate primedocs for you on Microsoft Azure in Switzerland or in Europe.

Q: Is primedocs only compatible with the cloud-enabled Microsoft 365?

No. primedocs is also compatible with Microsoft Office as a classic desktop version. But of course it also works with Microsoft 365.

Q: What does Microsoft mean by the sovereign cloud?

The Microsoft Sovereign Cloud is an approach that gives organizations more control over data and operating models. It offers public, private, and nationally operated cloud models so that digital solutions can also be used under high security and regulatory requirements. Companies and administrations decide for themselves which options to use.

Digital sovereignty has become one of the most widely discussed terms in both the public and corporate context. Hardly a week goes by without new political initiatives, media coverage or fundamental debates around cloud solutions, international providers and Microsoft in particular. For many organizations, this is less an ideological question and much more a practical one: How secure are our documents and how sovereign do we remain in our day-to-day operations?

Key takeaways

Digital sovereignty does not mean giving up cloud solutions or innovation. It means consciously designing technologies, dependencies and responsibilities in everyday digital work.
In the context of document workflows, digital sovereignty primarily means four things: self-determination, security, business continuity and transparency.
A clear distinction between document phases is essential: creation, storage and further processing and use - not every solution intervenes in all phases.
primedocs operates exclusively in the document creation phase and has no access to content or finished documents. Storage, cloud and security decisions remain entirely with the organization.
Cloud-based collaboration (e.g. with Microsoft 365) offers clear advantages. What matters is how data sovereignty, access and responsibility are defined - for example through models such as the Microsoft Sovereign Cloud.
Long-term digital sovereignty is achieved through open standards, offline capabilities and flexible architectures so that documents remain usable even in the event of technical, regulatory or strategic changes.

Why digital sovereignty is so prominent right now

The discussion about digital sovereignty has recently gained considerable momentum. Reasons for this include:

geopolitical uncertainties
increasing cyber threats
new regulatory requirements
and the widespread use of cloud-based work environments

Microsoft 365 in particular is at the center of attention. As a widely used platform, it is part of many debates - not least because it offers both opportunities for modern collaboration and raises questions about dependency and control. The aim of this article is not to reopen this debate, but to place it in the context of document workflows and answer the most important questions about our template software primedocs.

What is digital sovereignty?

Digital sovereignty is often equated with complete control or technological isolation. However, this understanding falls short. It describes only one aspect of what digital sovereignty actually means.

Classification by the Swiss Federal Government

At the political level, the term has recently been further clarified. At the end of 2025, the Swiss Federal Council adopted the report «Digital Sovereignty of Switzerland». In it, digital sovereignty is defined as the required ability to act and exercise control in the digital space so that the state can fulfill its tasks.

At the same time, the report emphasizes that this definition must respect the constitutional principles of individual responsibility and economic freedom. For companies and organizations, digital sovereignty therefore does not mean technological isolation, but a conscious, risk-based design of digital dependencies.

Network «Sovereign Digital Switzerland (SDS)»

The fact that digital sovereignty is not only a political or technological debate is also reflected in developments in Switzerland:

Just six months after its foundation, the «Sovereign Digital Switzerland (SDS)» network already includes 164 participating authorities and companies. The goal of the network is to jointly advance topics such as open-source strategies, standards, cloud infrastructures and digital skills.

Another key initiative is the establishment of a national competence center for digital sovereignty, which is intended to support organizations in legal, technological and organizational matters in the future.

Classification at EU level

The European Union has anchored digital sovereignty as a central objective of its digital policy. In the communication «Digital Compass 2030 - The European Way for the Digital Decade», the European Commission outlines and specifies this goal: Europe is to remain digitally capable of acting in a connected world and actively shape its digital future.

The focus is on building key technological competencies, reducing critical dependencies and strengthening resilience, security and competitiveness. At the same time, the Commission emphasizes the importance of an open and competitive internal market, rules-based international trade and alignment with European values and regulations.

Digital sovereignty in everyday document work: the four core factors

The classifications by the Swiss government and the EU show a common understanding: digital sovereignty is not a static state, but a continuous process of analysis, risk management and adaptability. For companies, this primarily means using digital solutions in a way that ensures long-term viability - technically, organizationally and strategically.

From the perspective of everyday document work, digital sovereignty primarily involves four aspects:

Self-determination: Organizations consciously decide which technologies they use, where data is processed and which dependencies they accept - or deliberately avoid.
Security: Confidential information and documents are protected, access is clearly regulated and risks are addressed in a transparent manner.
Business continuity: Operational activities remain possible even in the face of technical, regulatory or geopolitical changes - without full dependence on individual providers or operating models.
Transparency: It is clear where data is created, who has access to it and which systems are involved at which stages of a process.

Graphic: The four factors of digital sovereignty in the document ecosystem

Digital sovereignty is not the opposite of innovation. The goal is not to forgo modern, cloud-based workflows in order to suggest maximum control. Instead, it is about striking the right balance between innovation and self-determination: using modern tools without giving up the ability to act independently.

Digital sovereignty emerges where organizations understand their digital dependencies, consciously design them and adapt them when necessary.

Two key aspects of digital sovereignty

In everyday document work, two aspects can be clearly distinguished and addressed in a targeted manner:

control over data and documents in daily operations and/or and/or
long-term independence and sustainability of the solutions used

These two aspects are examined in more detail below.

Aspect 1: Control over data and documents

One of the most common questions in the context of digital sovereignty is: What happens to our documents and who has access to them? Especially in everyday document work, a clear differentiation helps to answer this question objectively.

The document lifecycle

Not every setup intervenes in all phases in the same way. Therefore, a clean separation is useful:

document creation
document storage
further processing and use

3 phases in th e life cycle of a document

Graphic: The three phases of a document lifecycle

Template solutions such as primedocs are active exclusively in the creation phase. What matters here is where this creation technically takes place.

Document assembly based on a template can be performed locally with primedocs regardless of whether it is operated as SaaS or on-premises. primedocs can be run either on-premises or as a SaaS solution in the cloud. The choice of operating model always lies with the organization.

Documents created based on primedocs templates are not generated within the provider environment of primedocs and are not stored there. Instead, they are created in the environment defined and controlled by the customer. primedocs as a provider therefore has no access to or insight into the resulting final documents at any time.

What happens to a document after creation - such as storage, distribution or archiving - lies entirely within the responsibility of the organization and its IT architecture.

Modern collaboration needs the cloud - with clear responsibility

In practice, many companies and public administrations deliberately rely on cloud-based work environments such as Microsoft 365 - not for ideological reasons, but because of the tangible benefits in everyday work.

These include among others:

location- and device-independent access to documents
real-time collaboration
integrated communication and approval functions
significantly faster coordination and approval processes

Cloud-based platforms support modern, flexible ways of working and facilitate collaboration across departments, locations and organizational boundaries.

What matters is not only whether a solution is cloud-based, but how data sovereignty, access and responsibility are regulated. A look at the «Microsoft Sovereign Cloud» helps to classify this differentiation.

Microsoft Sovereign Cloud - a differentiated approach

In public debate, «the cloud» is often discussed in very general terms. In reality, Microsoft has been pursuing a differentiated approach to strengthening digital sovereignty in Europe for several years.

With the Microsoft Sovereign Cloud, a comprehensive offering was introduced in 2025 that includes both public and private cloud models. The goal is to combine cloud-based innovation with increased requirements for data sovereignty and operational stability.

Sovereign public cloud

Data remains in European data centers - including the Swiss regions Zurich and Geneva - and is subject to European or EU/EFTA law. Operations include access controls by European personnel (Data Guardian) and customer-controlled encryption. Further information can be found in Microsoft’s news article.
Sovereign private cloud

For organizations with maximum requirements for operational autonomy, data sovereignty and control, Azure Local and Microsoft 365 Local enable workloads to run in customer-controlled, local or partner-operated data centers. Operations, access and encryption are fully under the control of the customer or a commissioned Swiss IT service provider.
National partner clouds
In some countries, so-called National Partner Clouds exist. These are sovereign cloud environments operated not by Microsoft itself, but by national partners. In Germany, Delos Cloud, a subsidiary of SAP, operates a sovereign cloud for the public sector that complies with specific requirements of the German government.

Image: Overview of the key elements of the Microsoft Sovereign Cloud (Source: Microsoft)

The US Cloud Act - a factual and practical perspective

The US Cloud Act is often cited as a key risk in discussions about digital sovereignty. A closer look shows that the law does not allow automatic or unrestricted access to data.

The Cloud Act regulates the conditions under which US law enforcement authorities may request data from US companies such as Microsoft - even if that data is stored outside the United States. Each request must be legally justified and follow a clearly defined process. Microsoft emphasizes that customer data is not disclosed without the customer’s knowledge, where legally permissible. (Source: Microsoft)

With its «Defending Your Data» measures, Microsoft reinforces this stance through contractual safeguards, legal challenges to unlawful requests and strong encryption. Organizations can manage their own encryption keys. In such cases, Microsoft has no access to these keys and cannot technically decrypt the data.

Current situation in Switzerland

According to statements by Microsoft Switzerland to the IT trade magazine Inside IT, there has so far been no documented case in which data from the Swiss public sector had to be disclosed due to the US Cloud Act.

The US Cloud Act therefore represents a theoretical risk that is significantly limited in practice by legal, technical and organizational safeguards.

Alignment with European models

As reported by Inside IT on 20 February 2026, Switzerland is examining how cross-border access to electronic data should be regulated in the future. The Federal Council is focusing on alignment with European models, in particular the EU «E-Evidence» system.

Classification for everyday document work

Organizations that choose Microsoft 365 use a cloud-based work environment. Within that environment, different operating and sovereignty models are available. (see above under «Microsoft Sovereign Cloud» )

primedocs does not make this cloud decision. primedocs integrates seamlessly into the customer’s existing Microsoft environment regardless of the chosen operating model.

The template management software primedocs intervenes exclusively in the document creation phase and has no access to completed documents. Cloud, storage and security decisions remain entirely with the organization.

Aspect 2: Sustainability and independence

While the first aspect focuses on access and control in everyday life, the second aspect concerns the temporal dimension of digital sovereignty: long-term usability and independence from providers.

A second, equally important aspect concerns the question of dependencies:

What happens when political or regulatory conditions change?
Will documents remain usable in the long term?

Open standards play a central role, especially in everyday document management. For solutions such as primedocs, this means in concrete terms: Documents are based on widely used, standardized formats such as Open XML and thus remain readable and editable independently of a specific software (e.g., primedocs or Microsoft Office) or a single manufacturer.

This has several practical implications:

Documents can also be opened and edited with alternative programs (e.g., Libre Office).
Access to content is not tied to primedocs.
A change in IT strategy does not affect the availability of existing documents.

Another important component of this independence is the offline mode in the primedocs desktop client. Even if the connection to the cloud is missing or restricted, employees can continue to work with templates and create documents. This means that everyday document processing remains operational even in the event of technical malfunctions, restricted connectivity or deliberately reduced cloud dependency.

This shifts the focus significantly:

It is not the choice of a single product that determines digital sovereignty, but rather the underlying architecture, the standards used and the ability to remain operational even under changing conditions.

This is exactly where primedocs comes in: as a template solution that fits into different IT strategies without creating additional dependencies.

Significance for companies and administrations

For companies, administrations and regulated organizations, this raises three specific questions for everyday document management:

Can employees continue to work even when technical restrictions are in place?
Will documents remain readable in the long term?
Can IT strategies be adapted without jeopardizing operations?

Modern document solutions should fit into existing strategies rather than creating new dependencies.

„Digital sovereignty is not achieved through isolation, but through conscious and sustainable architectural decisions. With primedocs, we give organizations the freedom they need: the solution can be operated both as SaaS and on-premises and documents can be generated locally. This allows our customers to retain control over their data.“

David Flury

Head of Engineering

Conclusion: Sovereignty comes from conscious design

Digital sovereignty is not an either/or proposition. It comes from conscious decisions:

for open standards instead of fixed dependencies,
for transparency instead of unclear systems,
for solutions that can be adapted.

In document management in particular, this means that sovereignty does not lie with those who do everything themselves, but with those who know where responsibility lies and what options are available.

The current assessments of the Federal Council and the developments of large platform providers show that digital sovereignty does not come from doing without digital tools.

Template software such as primedocs supports precisely this approach by clearly separating document creation, design and standards from storage and cloud decisions.

Clear structures, reliable standards and the ability to change operating models as needed are crucial. This freedom of design is central to stability and trust in everyday document management.

Digital sovereignty in everyday document management: 7 questions, 7 answers

What does digital sovereignty mean for an organization in concrete terms?

The ability to use digital technologies independently and adapt them as needed without jeopardizing long-term operations. Specifically, this means:

Independent: conscious decisions about technologies and dependencies
Secure: protected data, clearly regulated access
Business continuity: remaining capable of acting without complete dependence on providers
Transparent: traceable where data originates and who is responsible

Does the primedocs template software see the completed documents?

Can documents created with primedocs be used independently and in the long term?

Do we have to use the cloud?

Is primedocs only compatible with the cloud-enabled Microsoft 365?

What does Microsoft mean by the sovereign cloud?

What is the US Cloud Act and how does it work?

The US Cloud Act regulates the clearly defined legal conditions under which US authorities may request data from US companies such as Microsoft – automatic or unrestricted access is not permitted. Microsoft reviews such requests, challenges unlawful requests and does not disclose data without the knowledge of its customers, provided this is legally possible. In addition, there has been no documented case to date in Switzerland in which data from the Swiss public sector has been disclosed under the US Cloud Act. (Source: Inside IT)

Back to overview

Document check: How well-positioned is your organization?

Let's work together to see how you can balance modern document processes with maximum data control.

Schedule an appointment with our experts now