Renowned technology lawyer, expert speaker and author, Andrew Katz has co-authored the newly published paper – “Addressing Lock-in Effects in the Public Sector: How Can Organisations Deploy a SaaS Solution While Maintaining Control of Their Digital Assets?”, alongside Jonas Gamalielsson and team leader Björn Lundell, both from the University of Skövde in Sweden.

As the world moves to cloud-based solutions like Microsoft 365 and Google G-Suite, there is increasing concern from countries, regions and organisations about retaining control of their data and other digital assets as they move from servers under their own control into servers controlled by multinational corporations. The term “digital and data sovereignty” covers the desire of these organisations to be free to keep control over their digital services and data and that they can access, process and migrate the data freely and predictably, and retain security over them.

One challenge to digital and data sovereignty is “lock-in”, which means the tendency for a customer to become dependent on a specific supplier for reasons including that supplier’s use of proprietary data formats, the difficulty of exporting the data in bulk (and in meaningful format with complete metadata) from the supplier’s solution, and the human factors, like familiarity with a particular supplier’s user interface and means of providing functionality, as well as the ease of continuing to deal with and contract with the current supplier, owing to familiarity with their business processes, and the existence of established business contracts.

Once lock-in is established, it becomes more difficult for a customer to migrate to another supplier, and this has economic effects.

The study focusses on public sector organisations (“PSOs”). The overarching goal was to investigate and explain how the use of commercial SaaS solutions may cause different types of lock-in effects that impact on a PSO’s ability to maintain control of its digital assets and reports on how PSOs can, and should, avoid lock-in throughout the lifecycle (commissioning, deployment and decommissioning) of the SaaS solution, specifically the Microsoft Office 365 SaaS product (O365) (now called Microsoft 365).

Andrew, Björn and Jonas investigated how 33 PSOs address different lock-in effects, focussing on the City of Gothenburg, and show that none of the PSOs determined possible lock-in effects prior to implementation or were able to provide documented evidence that they would be able to independently access, process and maintain the digital assets processed by the SaaS solution after decommissioning. The paper also reports on jurisdictional and data processing issues, with consequent impact on digital sovereignty.

Andrew Katz, Moorcrofts Joint Managing Partner, Head of Technology and Co-Author, said:

“Vendors sell their cloud services on simplicity, convenience and functionality, but in reality they are a much bigger step away from tradition on-premise software than might be imagined. There are significant risks in adopting a cloud service, and our research shows that many public sector bodies, including Sweden’s second city, Gothenburg, failed to take appropriate steps to consider these risks before deploying the service. The paper provides important advice for any body – public sector or otherwise – wishing to deploy a SaaS solution”.

Prior to becoming a Lawyer, Andrew, was a software engineer and developer, releasing software under the GPL. Now Moorcrofts Joint Managing Partner and Head of Technology, Andrew has practised technology law for nearly 30 years. In that time, he has become one of the UK’s leading free and opensource software lawyers and renowned worldwide for his specialisms in Open Hardware.

The paper, which was part of the EGOV- ePart – CeDEM and financially supported by the Swedish Knowledge Foundation (KK-stiftelsen) and participating partner organisations in the LIM-IT project, can be accessed online.