Vass Bednar is the managing director of the Canadian SHIELD Institute and co-author of The Big Fix.
France just announced that they are ditching American platforms such as Microsoft Teams and Zoom in favour of more sovereign communication options. To make the switch, they are rolling out a government-built videoconferencing platform called Visio that will be implemented across all departments by 2027 and they’re banning government officials from using Teams or Zoom during work. It’s worth noting that Visio is hosted on the French company Outscale’s sovereign cloud infrastructure, which is a subsidiary of French software company Dassault Systèmes.
It isn’t the only government motivated to source or build alternatives as the vulnerabilities from relying on American technology sharpen. The world is trying to log off U.S. tech: Germany is also moving toward open-source alternatives. The Dutch Court of Audit warned that two-thirds of public cloud services lacked proper risk assessments. Brazil started transitioning away from Microsoft and toward open-sourced Linux back in 2003. Denmark is moving from Office 365 toward a free and open-source office suite called LibreOffice. Jurisdictions including Spain, Italy, Taiwan and the Czech Republic also use it. Even Russia has local platforms successfully competing with American online services.
Thanks to an extractive business model that prevents outright software ownership in favour of renting it in perpetuity through subscription, the government of Canada paid Microsoft $7.7-million in software fees in 2024, and Microsoft just announced significant price increases for Office 365 subscriptions. Microsoft’s Suite comes with obvious built-in advantages: It’s a full-service solution to office functioning that links e-mail, asynchronous messaging, videoconferencing, Excel and Word processing.
Opinion: The catch-22 of Canadian digital sovereignty
But because of provisions in the U.S. CLOUD Act, firms can be compelled to share information that is facilitated by these technology companies with the U.S. government. On top of that, the entire sharing process can be totally secret, with gag rules that prevent notice and make meaningful challenges practically impossible.
The government of Canada’s white paper on data sovereignty recognized this vulnerability but dismissed it because of a “lack of evidence” that the power had been exploited. But it is highly unlikely there will be material evidence of this occurring.
Perpetuating these digital dependencies is at odds with our ambition to reassert Canada and resist subordination from the U.S. or any large companies. Building back our sovereignty is going to happen bit by bit. We should start with our most strategic sectors: defence, finance, health, utilities, advertising and government. To that end, France may also replace Microsoft with European cloud providers for its national Health Data Hub, and it was recently reported that a shortlist of replacement candidates has been validated.
This sovereignty moment has been almost brutally consumptive so far; instead of sparking new institutions or digital infrastructures that deliberately strengthen our strategic autonomy, we’ve simply sought to support Canadian products more often and take better vacations. There’s more we can do.
Technology critic Paris Marx has offered a guide for how people can get off U.S. tech, highlighting the challenges while supporting individual effort. Doing so should be a national ambition, especially as we consider the risk of the U.S. blocking access to tech.
Opinion: Canada’s digital sovereignty is crumbling under aggressive U.S. lobbying
In September, Prime Minister Mark Carney put the sovereign cloud on the nation-building projects list. We can build toward this faster. Canada needs to recast the government as the builder and owner of these critical digital public infrastructures.
There are other smart ways we can stand up for ourselves through public policy. Again, we can take inspiration from the French. France’s new SecNumCloud is a demanding standard for cloud service providers. It mandates that data is hosted in Europe, protected from non-European laws such as the Cloud Act, and managed by European personnel.
Germany made a similar standard 10 years ago. The Cloud Computing Compliance Criteria Catalogue is a rigorous, government-backed cloud security standard introduced in 2016. These mandates allow countries to work with hyperscalers to compel a sovereign option.
Through these expressions of national self-governance, Microsoft has created joint ventures that are owned and controlled by governments, like a genuinely sovereign Azure. In December, Microsoft announced a $7.5-billion investment to boost AI infrastructure, bringing its total planned investment in Canada to $19-billion. We can compel them to invest these funds in products that protect and affirm our technological sovereignty.
If France can phase out Teams and Zoom by this time next year, Canada can at least stop pretending that renting our state’s critical communications stack is the same thing as governing it. We need to decide what we are ready to say au revoir to.