IT modernisation and digital sovereignty in the AI era: A guide for IT managers

By
Olaf Terhorst
-

CIOs and IT managers are faced with the challenge of continuously modernising their IT landscapes while strengthening their company’s digital sovereignty. Artificial intelligence (AI) plays a key role in this – as a driver of efficiency, innovation and risk management.

In this blog article, we take a look at the key topics one by one.

  1. IT modernisation
  2. Digital sovereignty
  3. Artificial intelligence
  4. Organisation, culture and governance

For each area, we present practical solutions that will help you make your IT strategy sustainable and future-proof. Before concluding, we supplement the four core topics with further ideas that should be included in any roadmap drawn up by IT decision-makers.

 

1. IT modernisation: the basis for agility and innovation

Goal: Create a scalable, automatable infrastructure on which new business models can be developed quickly and securely.

1.1 Modern infrastructure as the foundation

Why? Only an up-to-date technology stack enables scalability, automation and cost transparency.

With Infrastructure-as-Code (IaC), you can define and provision networks, compute and storage resources in a standardised and audit-proof manner.

  • Solution: Introduction of an IaC framework (e.g. Terraform, Ansible) with modular templates and automated test pipelines.
  • Practical KPI: Mean time to provision (MTP) < 15 minutes; configuration deviations < 1%.
  • Expert tip: Set up a self-service portal for developers to further accelerate provisioning.

1.2 Phase-based transformation

Why? A phased approach minimises the risks of a ‘big bang’ and delivers visible results early on.

  • Pragmatic migration:
    • Consolidate legacy systems and phase out data centres.
    • Gradually move workloads to private or public clouds.
  • Operational optimisation:
    • Auto-tiering, VM resizing, Kubernetes autoscaling
    • Continuously adjust cost and performance metrics
  • Cloud-native innovation:
    • Serverless architectures and managed services for new business functions for rapid prototyping
    • New release strategies via feature flags and canary deployments.
  • Practical KPIs: Number of migration phases completed per quarter; rollback rate < 5%.
  • Expert tip: Set up an interdisciplinary ‘modernisation office’ that documents milestones, measures KPIs and processes lessons learned in real time.

1.3 Economic business case & agility

Why? Long-term success requires complete transparency of all costs and protection against vendor lock-in.

Automate cost tracking and compliance reports across all cloud and on-premise environments.

  • Solution: Implement a multi-cloud governance framework with integrated reports on:
    • Total cost of ownership (TCO), cost per workload
    • Compliance status (ISO 27001, etc.)
    • Failure risks (MTTR, SLA violations)
  • Practical KPI: Cost forecast accuracy > 90%; number of FinOps workshops per half-year.
  • Expert tip: Establish cross-functional FinOps teams to embed budget responsibility and optimisation initiatives.

1.4 Strengthen architecture and security awareness

Why? Security must be an integral part of every architecture decision and should not be considered an afterthought.

Regular roundtables and practical workshops promote a common understanding of architecture and security.

  • Solution
    • Regular architecture and security roundtables among senior management
    • Hackathons and threat modelling workshops
    • Automated security code reviews via CI/CD pipeline
  • Practical KPI: Number of security vulnerabilities discovered per release < 2; time to remediation < 48 hours.
  • Expert tip: Integrate threat modelling early in the design phase to proactively identify potential risks.

 

2. Digital sovereignty: control over data and technology

Goal: Maintain freedom of choice and transparency by reducing dependencies and strengthening your own competencies.

2.1 Open multi-cloud & open source strategy as a model for success

Why? The combination of public clouds, sovereign clouds (GAIA‑X) and open-source stacks maximises flexibility and auditability.

  • Solution: Set up an internal ‘open source competence unit’ for
    • Evaluate and operate internal libraries
    • Coordinate external contributions
    • Standardise CI/CD pipelines on an open source basis
  • Practical KPI: Proportion of open source components in the stack > 60%; number of libraries checked per quarter ≥ 10.
  • Expert tip: Conduct quarterly licence and security reviews for open source dependencies.

2.2 Pillars of sovereignty

Why? Digital sovereignty ensures control and reduces dependencies on external providers.

Digital sovereignty is divided into:

  • Data sovereignty: control over data, storage locations and access.
  • Operational sovereignty: end-to-end observability and business continuity.
  • Software sovereignty: Licence-independent, verifiable and maintainable software components.
  • Solution
    • Creation of a sovereignty roadmap with risk analysis, action plan and
    • quarterly audits.
  • Practical KPI Time to audit report < 4 weeks, number of sovereignty measures implemented > 3 per half-year
  • Expert tip: Use automated compliance tools to continuously perform your sovereignty checks.

2.3 eID wallet & IAM strategy

Why? Self-sovereign identity (SSI) combined with classic IAM reduces fraud risks and improves user-friendliness.

  • Solution: Integrate self-sovereign identity protocols (e.g., DID, verifiable credentials) into existing IAM platforms.
  • Practical KPIs:
    • Authentication errors < 0.5%
    • User onboarding < 3 minutes
    • Percentage of SSI accounts among all active user accounts ≥ 20% (pilot phase), 60% (rollout), > 90% (scaling)
    • Time to verify new users < 2 minutes.
  • Expert tip: Conduct pilot projects in user support to test acceptance and usability.

 

3. Artificial intelligence: the key to acceleration

Goal: Use AI to automate processes, reduce operating costs, shorten innovation cycles, proactively address compliance requirements, make data-driven decisions and create personalised customer experiences.

3.1 AIOps & predictive maintenance

Why? Predictive maintenance increases system availability and reduces unplanned downtime. RAG-based systems can be used for self-service or routing support requests. Anomaly detection in logs and metrics reduces unplanned downtime.

  • Solution
    • Introduction of an AIOps platform
    • Continuously retrain ML models with production data
    • Continuously automate alerts and recommended actions
  • Practical KPI: Reduction of unplanned downtime by ≥ 30%; model prediction accuracy > 85%.
  • Expert tip: Start with pilot projects on critical infrastructure components to demonstrate the added value.

3.2 Generative AI for software development

Why? Generative AI increases developer productivity and accelerates development cycles. Tools such as GitHub Copilot and OpenAI Codex speed up code reviews, refactoring and documentation. In combination with RPA bots, AI automates complex business processes.

AI-powered code assistance such as GitHub Copilot and OpenAI Codex speeds up reviews and refactoring.

  • Solution
    • Establish a generative AI-PaaS for on-demand code snippets, tests and configuration templates
    • Governance and guidelines on quality, security and the handling of AI-generated code must be created.
  • Practical KPI:
    • Use of AI suggestions in > 70% of commits
    • Time-to-market for new features reduced by 20
  • Expert tip: Integrate AI assistance directly into your CI/CD pipeline to deliver automated suggestions in real time.

3.3 AI & RPA: Automation of complex business processes

Why? AI complements classic RPA bots where structured rules are not sufficient. This enables end-to-end automation and orchestration of complex business processes.

AI-supported workflow optimisation and RPA bots take over routine tasks and decision support in business processes.

  • Solution: Combination with RPA tools (e.g. orchestrated via a central platform for end-to-end process control
  • Practical KPI:
    • Automation rate of complex processes 25% (pilot), 50% (scaling in selected departments), 75% (as North Star)
    • Process throughput time reduced by ≥ 40
    • Error rate after automation < 2%
  • Expert tip: Start with an end-to-end process to identify integration hurdles and regulatory gaps at an early stage.

3.4 Federated learning & data protection

Why? Federated learning allows data to remain in your own data centre while models are trained in a decentralised manner – for GDPR-compliant model improvement without central data transfer. Ideal for GDPR-compliant AI use cases.

  • Solution
    • Implementation of a federated learning framework on GAIA-X-certified nodes
    • Supplement with privacy-enhancing technologies (PETs) such as secure multi-party computation (MPC).
  • Practical KPI:
    • Number of models hosted in the federated network > 3
    • Data protection incidents = 0
  • Expert tip: Involve privacy engineers in the development process to implement technical data protection measures at an early stage.

3.5 Open-source LLMs & explainability

Why? The use of open LLMs (in conjunction with explainability tools) strengthens software sovereignty and promotes trust in AI decisions.

  • Solution:
    • Implement open models (e.g. BLOOM, Llama) and explainability tools (SHAP, LIME).
    • Set up an internal ‘model governance board’ to control lifecycle management, bias checks and auditing of AI models.
  • Practical KPI:
    • Proportion of explainable model decisions > 90%
    • Bias reports available per model generation
  • Expert tip: Integrate explainability reports into your model review meetings to ensure decision transparency.

 

4. Organisation, culture & governance: the glue

Goal: Embed new roles, promote data literacy and build a sustainable ecosystem.

4.1 Roles and governance

Why? Clear roles and responsibilities speed up decisions and increase transparency. Establish a Chief AI Officer (CAIO) alongside the CIO/CISO to centrally control MLOps and drive strategic AI projects.

  • Solution: Create an AI steering committee in which business, IT and legal departments jointly set priorities and approve budgets.
  • Practical KPI:
    • SLA compliance of MLOps projects > 95%
    • Time to decision approval < 5 days
  • Expert tip: Define role descriptions with clear areas of responsibility.

4.2 Data literacy & change management

Why? Data literacy enables informed decisions and promotes the acceptance of new technologies. The acceptance of new technologies depends on the competence of employees. Only competent teams can successfully implement innovative technologies.

  • Solution
    • Microlearning modules on the technologies used, data literacy, AI ethics and sovereignty principles
    • Interactive AI sandbox environments
    • Quarterly/continuous training
  • Practical KPI:
    • Training completion rate ≥ 85%
    • Interactive exercises per module > 5
  • Expert tip: Use gamification elements to increase participant motivation and engagement.

4.3 Partnerships & ecosystems

Why? Partnerships promote innovation and knowledge sharing. European AI start-ups, research institutions and open-source communities form the backbone of a sovereign technology roadmap.

  • Solution
    • Alliance programmes with European AI start-ups, research institutes and open-source communities.
    • Clearly defined innovation goals and co-innovation agreements
    • Joint co-innovation projects
  • Practical KPI:
    • Number of joint projects > 2 per year
    • Project success rate ≥ 80%
  • Expert tip: Hold co-creation workshops with partners to strengthen mutual understanding and commitment.

These four core areas – IT modernisation, digital sovereignty, AI orchestration and organisational and governance structures – cover the ‘big stones’ of your roadmap: they lay the technological foundation, ensure control and compliance, take automation and innovation to the next level and anchor responsibilities and capabilities within the company.

 

Other topics on the roadmap of IT decision-makers

Identify emerging trends and areas for action so you can plan strategic initiatives early on.

Platform orientation & developer experience

  • Platform engineering: Build internal platform teams (‘platform as a product’) that provide self-service functionalities for developers, thereby further reducing time to market.
  • Developer experience (DevEx): Tooling, documentation-as-code and automated test and deployment pipelines to sustainably increase developer satisfaction and quality.

FinOps & cost management

  • Cloud FinOps: Continuous optimisation of cloud spending through transparency, budget forecasts and auto-scaling – a key tool for cost-effectiveness and decision-making confidence.

Observability & resilience

  • End-to-end observability: Standardised metrics, logs and traces (e.g. via OpenTelemetry) for fast root cause analysis.
  • Chaos engineering: Targeted failure scenarios to strengthen operational resilience and validate business continuity plans.

Sustainability & green IT

  • CO₂ accounting for data centres and cloud services, use of ‘green’ regions and renewable energy credits (RECs).
  • Architectural decisions from an energy efficiency perspective (e.g. serverless vs. always-on instances).

Supply chain security & hardware sovereignty

  • Secure by design in supply chains: monitoring software dependencies (SBOMs) and securing critical hardware components.
  • European chip initiatives and trusted platform modules (TPMs) to reduce dependencies on non-European suppliers.

Data architecture & data mesh

  • Data mesh principles for domain-driven data ownership, self-service analytics and scalable data products.
  • Metadata management and data catalogs as the basis for data literacy and governance.

Low-code/no-code & citizen development

  • Establishment of a governance framework for citizen developers to quickly implement business solutions without violating IT standards.

Ethics, law & AI risks

  • Responsible AI: Setting up internal ethics boards, bias monitoring and CI/CD gatekeeping for ML models.
  • Regulatory developments (EU AI Act) and their operational impact on AI rollouts.

Talent strategy & next-gen skills

  • Active sourcing, partnerships with universities and upskilling programmes in cloud native, data engineering and AI operations.

Cyber resilience & zero trust

  • Further development of the security architecture for hybrid environments.

Edge computing & quantum computing

  • Decentralised processing for low latency and scaling.
  • Identification of initial use cases and security impact analyses.

API management & integration platforms

  • API gateways, service mesh and event-driven architectures.
  • Monitoring, versioning and governance via API portals.

These additional topics give CIOs and IT decision-makers an even more comprehensive set of levers. These topics add the ‘small parts’ that make all the difference in day-to-day business. They ensure that your strategy is not only big in scope, but also operationally robust, cost-efficient, sustainable and future-proof. The result is a well-rounded picture that takes into account all facets of modern IT landscapes and confident digitalisation – across the entire technological spectrum, with operational depth and strategic foresight.

Expert tip: Hold regular trend workshops with business stakeholders to continuously adjust roadmap priorities.

Practical KPI:

  • Number of future topics identified per year ≥ 5
  • Degree of implementation of strategic initiatives within 12 months > 50%

Conclusion

IT modernisation and digital sovereignty are inextricably linked today. Artificial intelligence acts as an accelerator – from automation and innovation to compliance and risk management. CIOs who renew their infrastructure with a structured, phase-based approach, establish a clear sovereignty strategy and methodically implement AI use cases are laying the foundation for a sustainable competitive advantage.

Expert tip for quick wins:

  1. IaC pilot project in a core environment (e.g., test API)
  2. Sovereignty workshop with stakeholders
  3. AIOps POC on selected server group

As a management consultancy, we support you in creating your individual roadmap, managing change processes and taking your company to the next level in terms of technology and organisation. Put your trust in the triad of modern infrastructure, sovereignty principles and AI orchestration – for a fit and sovereign IT of the future.

Ähnliche Artikel MORE FROM AUTHOR