Bert Hubert wrote at length and more openly about EU dependance on US software since the election of Trump. Not that engineers did not know about all that, but European IT is not run by engineers to the same extent as in US.
The situation is slightly different in Belgium:
- We have our own government cloud. It runs on US software, but we are pretty much in control of it.
- We have our own authentication service, but large parts of it run on COTS software from US.
- We forgot how to host our own email, even the Ministry of Foreign Affairs and the Cabinet of the Prime Minister use M365.
- We voluntarily gave up control over Belgian Certificate Authority to the US-based conglomerate DigiCert.
I guess things have to be fixed in the reverse order:
- Take back control of Belgium Root CA
- Host our own email
- Own government auth
- Migrate government cloud off Broadcom and IBM (anyway we need to migrate off Broadcom for money reasons)
That's a nice task list and luckily we already have an IT czar
P.S and Disclaimer: I indirectly work for the government, but everything above is public knowledge, for instance:
- Belgian Government Cloud website describes its setup in sufficient detail, including the use of VMWare and OpenShift software.
- The history of Belgium Root CAs control passing to DigiCert can be traced in Mozilla mailing lists and its Bugzilla.
- BOSA leaks the name and the version of the ForgeRock Identity Management software in its error messages.
- There is publicly available information about setting up M365 accounts in the office of Prime Minister. Also, job ads sometimes reveal infrastructure details.