AI in the State: German Deficiency List versus Swiss Sovereignty

Executive Summary

In April 2025, the German Federal Audit Office documented fundamental deficiencies in the BPAvis system of the Federal Press Office: missing IT security concept two years after launch, no cost-effectiveness analysis, no performance control, and cloud emergency infrastructure on Microsoft Azure. In parallel, the Swiss Federal Audit Office praised the AI deployment of the Swiss Federal Court in January 2026: own servers, open-source basis (Llama 3.3), ethics charter, and all four recommendations accepted. Both reports address state AI infrastructure but reach diametrically opposed assessments. The central difference lies not in individual deficiencies but in the architecture of digital dependency and the implicit or absent understanding of sovereignty.

People

• Gerhard Andrey (Swiss National Councilor; AI sovereignty)
• Thomas Süssli (Former Swiss Army Chief; Cloud Act warning)

Topics

• Digital sovereignty
• Artificial intelligence in administration
• Cloud infrastructure and data security
• Open-source strategy
• Governance and accounting

Clarus Lead

The two audit reports reveal a fundamental difference in institutional prioritization: While the German Federal Audit Office examines budgetary discipline and completely excludes the strategic question of digital sovereignty, the Swiss financial audit implicitly rewards precisely those architectural decisions that enable independence from US hyperscalers – without explicitly naming sovereignty. The comparison becomes politically significant in emergencies: Germany's crisis infrastructure runs on Microsoft Azure under the CLOUD Act in case of emergency, while Switzerland deliberately pursues an exit strategy with Apertus and its own servers. The question that both reports avoid is simultaneously the most urgent for European capability to act.

Detailed Summary

Germany's Project Without Control

The BPA operates BPAvis as an "essential component of crisis communication" – the system distributes 1.8 million agency messages daily to chancellor, president, and all departments. The Federal Audit Office report documents failure at all control levels: Two years after go-live (August 2021), no valid IT security concept exists, despite the 2017 Implementation Plan Bund demanding this "as a priority." The BPA had itself documented internally that a security concept was required before go-live – it launched anyway. The audit logs of the SAP-HANA database (security-critical event logging) were disabled, against explicit recommendations from the Federal Office for Information Security and by SAP itself. Justification: data protection – a factually questionable prioritization.

The support hotline for crisis infrastructure operates Monday to Friday, 9–5 p.m. Trained shift staff? No – it cost too much, salary classifications said. Service Level Agreement missing. Emergency concept according to BSI Standard 200-4 missing. Cost-effectiveness analysis in the planning phase? None, and that violates § 7 BHO. Performance control? Unable to provide. Until October 2023, 6.4 million euros flowed, 2024–2027 another 4.4 million planned – budget justification is "substantially based on offers from external service providers." In case of crisis, the federal government runs on Microsoft Azure. The Federal Audit Office mentions this in a footnote but draws no political or sovereignty-related conclusions.

Switzerland: Deliberate Avoidance of Dependency

The Federal Court is taking a different course. In 2023, internal rules for AI use were enacted, followed by an ethics charter in 2025 with three core pillars: Autonomy (AI only supportive, decision always by legal professional), Transparency, and Traceability. Employees must label work results supported by AI. Training is mandatory before ChatTF access. The critical architectural decision: ChatTF runs on the court's own servers. Input data does not leave the internal IT environment. The Federal Court uses Llama 3.3 by Meta as its base model (open, but training data not transparent – explicitly named as remaining risk). Long-term goal: Apertus, the first large Swiss language model with disclosed training data, developed September 2025 by the Swiss AI Initiative at ETH/EPFL.

Cost picture: 170,000 CHF for AI integration into anonymization software Anom, approximately 500,000 CHF for ChatTF (6.5% of the annual IT budget of 7.8 million CHF). Of this 50% server hardware. External model queries capped at 10,000 CHF/year. The Federal Court expects amortization within one year through efficiency gains. The Swiss Federal Audit Office accepted all four recommendations – two with the reasoning that the Federal Court would implement them anyway.

Costs versus Documented Benefit

A direct cost comparison is methodologically questionable – BPAvis serves the entire government, the Federal Court 217 legal professionals plus staff. However, the ratio of effort to demonstrable benefit is meaningful: Germany spends 10.8 million euros but cannot prove whether BPAvis is cost-effective because cost-effectiveness was never examined. Switzerland spends 670,000 CHF, has modeled the result (amortization year 1), and plans periodic impact evaluations. Germany's problem is not cost efficiency, but that the word "efficiency" has been operationalized.

Blind Spots in Both Reports

The Federal Audit Office does not address sovereignty, although the cloud architecture is a central strategic decision. It examines procedural formality, not procedural decision. The Swiss Federal Audit Office, on the other hand, implicitly rewards sovereignty criteria (in-house operation, open source, Apertus goal) without naming the term. It simultaneously overlooks geopolitical fragility: Llama 3.3 is Meta (USA). DeepL is German but commercial. Apertus exists but performance versus GPT-5 is open. In case of US export restrictions on AI weights or license changes by Meta, the Federal Court also becomes dependent. The Swiss Federal Audit Office mentions this in a half-sentence but draws no consequences.

Both reports share a structural blindness: They examine institutions individually, nationally. The supranational architecture – hyperscalers, model providers, licensing regimes – falls between the cracks. In Germany as technical inevitability, in Switzerland as a generational task that one approaches strategically without being able to solve it today.

Key Points

• The German Federal Audit Office documents at BPAvis fundamental violations of security guidelines and budget law (no IT security concept, no cost-effectiveness analysis, no performance control). In case of crisis, the federal government runs via Microsoft Azure under the CLOUD Act – a sovereignty-relevant fact that the Federal Audit Office does not acknowledge.

• The Swiss Federal Audit Office praises the Federal Court for consistent sovereignty architecture: own servers, open-source model (Llama 3.3), ethics charter, mandatory training. All four recommendations were accepted. The implicit reward of sovereignty-oriented decisions without explicitly naming this goal is significant.

• Both audit offices avoid the term "digital sovereignty" – with opposite consequences: The Federal Audit Office overlooks the dimension entirely, the Swiss Federal Audit Office orients itself toward it without naming it.

• Apertus from the Swiss AI Initiative is the first large Swiss language model with disclosed training data (September 2025). It is intended to replace Meta-Llama in the medium term and marks a deliberate exit strategy from US model dependency.

• Cost ratio: 10.8 million euros (BPAvis total expenditure) versus 670,000 CHF (Federal Court Anom + ChatTF). The direct comparison is delicate; however, the ratio of documented expenditure to demonstrable benefit is meaningful – Germany cannot show the latter.

• Structural weakness of both reports: The supranational architecture of digital dependency (cloud providers, model licenses, export restrictions) is not examined bilaterally or European-wide but falls between national control grids.

Critical Questions

1. Data Quality: On what data basis does the Federal Audit Office judge the cost-effectiveness of BPAvis if the BPA itself cannot provide performance control and call statistics, and how can such judgment be credible without basic metrics?

2. Methodology: What comparative standards does the Swiss Federal Audit Office apply when it calls the Federal Court "balanced" and "responsible" without including other Swiss courts (Federal Administrative Court, Federal Criminal Court) in the same depth of examination – is the assessment thereby representative?

3. Conflicts of Interest: What contractual relationships to Microsoft (BPA: Azure emergency) and Meta (Federal Court: Llama 3.3) exist, how do they influence the selection and evaluation of solutions, and are these relationships periodically subject to criticality review?

4. Causality: Can the expected efficiency gain from ChatTF actually be attributed to AI, or does the Federal Court benefit from structural advantages (in-house operation of IT infrastructure, highly qualified specialists) that already existed – how is this counterfactual resolved?

5. Alternatives: Which open-source alternatives (Nextcloud, OpenStack, on-premise inference with European models) were systematically evaluated at the BPA for emergency infrastructure before contracting Microsoft Azure, and why were they abandoned?

6. Feasibility: If Apertus as a Swiss model alternative is not yet fully production-ready, how realistic is an exit from Llama 3.3 within a manageable timeframe – and what performance losses does the Federal Court expect?

7. Geopolitical Risks: What would be the consequences of a US export regime for AI model weights (analogous to chip export restrictions against China) or a license change by Meta for the Federal Court and the BPA – are these scenario analyses addressed in strategic planning?

8. Governance Gap: Why do both audit offices examine institutions in isolation rather than investigating structural dependencies European-wide or bilaterally – and which body bears institutional responsibility for this supranational perspective?

Bibliography

Primary Sources:

• Federal Audit Office (2025): Final Report to the Press and Information Office of the Federal Government on the Audit "Use of Artificial Intelligence to Inform the Federal Government, Part 3 – BPAvis", Ref. VII 3 – 0001818/3, 7 April 2025

• Swiss Federal Audit Office (2026): Audit of the Use of Artificial Intelligence, Federal Court, EFK-25732, 23 January 2026

Supplementary Sources:

• Federal Act on the Use of Electronic Means for the Fulfillment of Administrative Tasks (EMBAG), 17 March 2023
• Implementation Plan Bund 2017 – Guidelines for Information Security in Federal Administration
• BSI Standard 200-4: Business