Digital Sovereignty: The Emperor Has Clothes, But They Cannot Be Washed
March 6, 2026
8 min read
March 6, 2026
8 min read
By Tom Olisangers
Presales Manager, EMEA & APAC in Enterprise Sales ROW at Origina
It is becoming painfully clear, we in the IT industry have accepted a new reality where our ability to operate is increasingly dictated by the very companies that sold us the equipment. Without realising it, we are told when to upgrade, what to patch, and how much to pay, year after year. This dependency undermines the very foundation of digital sovereignty.
A well-functioning secondary market is an absolute necessity for any organization serious about taking back control of its digital destiny.
The longer I work in the domain of independent software support, the more I recognize that a secondary market is a critical necessity for any true digital sovereignty. I see daily how companies are trapped in their efforts by being completely locked into a technology:
The growth in the independent support market shows that more and more companies come to that realisation.
Let’s step outside of IT for a moment. If you buy a new car, you’ll likely have it serviced at the manufacturer’s garage for the first few years, perhaps under a warranty or an all-inclusive insurance plan. But as the car’s value decreases over time, you right-size your insurance and find a trusted, independent garage. This new mechanic offers the right level of service for your needs and helps reduce your maintenance costs. This is perfectly normal, sensible behavior.
Yet, in the IT world, this logic is abandoned. Most people believe that maintenance can only be done by the vendor itself. And this belief persists even as maintenance costs rise year after year, and not by a small margin. The double-digit growth reported by companies on the stock market is largely fueled by this ever-increasing stream of maintenance revenue. It’s the lifeblood of their business.
The business model of a software company is starkly different from that of an independent support company. At an independent provider, the majority of revenue is reinvested into the company itself to provide a better support experience for end-users. For a software vendor, however, most of the revenue from stable, mature software, their “cash cows”, is reinvested into developing entirely new products, not the ones you are paying maintenance for.
BCG Matrix Illustration
The BCG Matrix is a framework to analyze a company’s product portfolio. It classifies products into four categories:
Many legacy enterprise software systems are classic Cash Cows. The maintenance fees you pay are milked to fund the vendor’s new Question Marks and Stars.
With the rapid advance of artificial intelligence, we can expect more and more software to be released at an ever-faster tempo. This creates a significant problem for CIOs: how do you maintain the legacy software that is still critical to your business processes, but is no longer strategic? The only way to liberate budgets for innovation is to look at independent options. This allows the support experience for your stable systems to go up, while the costs go down. By making no more changes on a stable platform, risks are reduced and the time spent maintaining it is significantly decreased, all while it remains secure under independent support. That time and money can then be reinvested into new platforms and innovation.
Security is always a critical topic. As software evolves and exists for 10 years or more, it becomes very mature. As the curves of disruptive innovation from Clayton Christensen’s theory teach us, at a certain moment, software becomes so mature that it serves the needs of most users because it has been incrementally improving over many releases. The product begins to overachieve on the expectations of most of its user base.
At that point, what reason is there for a customer to keep buying new releases? There are not that many new functionalities being added to the mature software because it has become a cash cow, and the company is busy investing its resources into building new kinds of software. This is where security enters the picture, but not in the way you might think. We are seeing a clear trend where security updates are now being sold as the new features. If a simple configuration change can solve a security vulnerability, it is now often wrapped in a non-transparent patch. That patch becomes the reason to stay on the vendor’s flywheel of buying new versions.
I challenge you to a fact-check. Look at the support tickets you have with your software vendors over the last few years. Do you see an evolution in the number of patches being proposed versus simple workarounds or configuration changes? I suspect you will find that vendors are spending less time providing a simple mitigation and are instead pushing patches. This keeps you locked in, and you never really know what’s happening behind the scenes of that patch.
This rigidity is unique to the IT industry. Customers I speak to don’t ask about what new functionality they will miss if they don’t upgrade, they always ask about security. Over the lifecycle of a product, it is the security update that is now being sold as new features were in the past.
This continuous push for new versions also gives rise to a form of e-waste. I experienced this myself. I had a perfectly fine running iPhone, where the value was not in the beautiful hardware, but in the apps that ran on it. I bought new AirPods, and to use them, I was forced to upgrade my iPhone to a new iOS version, which included a “liquid glass” look and feel that added no value for me. My iPhone’s hardware couldn’t cope with the performance needed by these useless features, and it ended up malfunctioning. I had to buy new hardware. After a day or two, the novelty of the new look and feel wore off, and I realized I was just using the exact same apps as before, but I had spent quite a lot of money to fix a problem created by a supposedly valuable software update. This resonates in the enterprise context, where a new software release often increases the performance requirements of the servers it runs on, triggering a whole chain of lifecycle management and new costs.
It’s a curious thing. As individuals, we grow up striving for independence. As companies, we seek competitive differentiation, which requires control and the freedom to make our own choices. Yet, the IT industry, born from independent thinkers tinkering in garages, is moving in the opposite direction. We are becoming more and more dependent.
This trend mirrors a broader societal issue with debt. The industry-wide shift from perpetual software licenses to subscriptions is often framed as a move to a flexible, “pay-as-you-use” model. It sounds attractive: no over-capacity, just pay for what you use. But the reality is far different.
Perpetual License vs. Subscription Explained.
The subscription model is not being applied to things that are truly pay-as-you-use. Enterprise software is often so heavily customized that phasing it out quickly is impossible. In this case, you are not paying as you use, you are trapped. Rowan O’Donoghue aptly describes this as ‘support purgatory’: locked in, let down, and left behind. Organizations find themselves trapped not by technical limitations, but by contractual and economic ones. The software isn’t broken, the system is. By replacing perpetuals with subscriptions, you are changing what used to be a software asset that you owned into a liability. You cannot phase it out, and you will keep paying.
When we as individuals buy a house with a mortgage, we are laser-focused on the interest rate and securing ownership. This common sense is absent in the IT world. As Matt Ryan puts it, ‘because the vendor said so is not a strategy.’ Yet many organizations find themselves making abrupt changes at the end of maintenance periods, rushing into new platforms without adequate time for proper evaluation. We enter into subscriptions, which are effectively loans, without sufficient protection against the year-to-year cost increases that vendors can push upon us. This creates another flywheel. IT budgets are not rising at double-digit rates, but the vendor’s expectation is that their market share must. They extract this growth from maintenance and subscription fees. Software costs rise faster than IT budgets, creating a downward pressure on the money available for IT employees and for business-critical projects. Having less capable people in-house only increases the dependence on software vendors, shifting the company further into a “buy over build” mentality.
All of these factors are completely incompatible with digital sovereignty. I see many posts on LinkedIn discussing digital sovereignty in terms of data residency, encryption, and sovereign clouds. But a critical aspect is missing. Suppose, in the best-case scenario, the software is controlled and installed by us, running on a server in our own data center that we can power up and down. The final question remains: are we capable of maintaining and supporting that software ourselves?
This is the core of the issue. The conversation needs to move beyond “Day One” (deployment) to “Day Two” (operations). True sovereignty is the ability to independently manage, maintain, and secure your systems throughout their entire lifecycle.
This is why advocacy groups like Free ICT Europe Foundation are so important. Operating in Europe and America, they work to make legislators aware that IT markets are treated completely differently from normal product markets. As Jan Hoogstrate and the Free ICT team have highlighted, cloud-connected products that lose vendor support too often become instant e-waste, forcing unnecessary replacement. Nobody prohibits you from upgrading your car or going to an independent garage. If there is a safety issue with a car, you are alerted through a recall action; you don’t pay a yearly fee for it. We are seeing the first consequences of this advocacy in Europe with legislation like Lot 9, which requires that critical firmware updates for hardware be available for a certain duration. This is a start, but it must be broadened to software. It’s the right thing to do, because the current lack of competition and the dependence on major vendors for support and security is what is creating this unsustainable momentum.
This is not an isolated effort. A wave of EU regulations is systematically dismantling vendor lock-in from multiple angles, creating a powerful legal framework for a true secondary market.
DORA (Digital Operational Resilience Act) – In Effect
Cyber Resilience Act (CRA) – Phasing In
Data Act – Phasing In
Right to Repair Directive – Phasing In
Ecodesign Regulation (Lot 9) – In Effect
If we want to get serious about taking back control of our digital sovereignty, there is a huge amount of work to be done. The company I work for, Origina, is seeing massive demand for independent software support, which is why, with the support of Enterprise Ireland, we are adding 350 jobs and seeking partners to help us deliver this capability to companies.
But this is bigger than any single company. I invite you to share your views. How does your organization tackle digital sovereignty? Are you thinking beyond Day One and data location? How dependent are you on your vendors for Day Two operations and keeping your critical systems running?
This article was originally published on LinkedIn.
Gain insight into industry-only news, access to webinars, tips and tricks, blog posts, podcasts, and guides, surrounding topics like cybersecurity, reducing software support and maintenance costs and much more, all delivered to your inbox each month.
LEARN MORE
