Executive Summary

The Cyber Command of the Swiss Army is replacing Microsoft 365 with the open-source solution Opendesk. The migration begins in October 2026. The reason is the US Cloud Act: classified military documents are not permitted to be stored in M365, which severely restricts the practical utility of the Microsoft solution. Army Chief Thomas Süssli had already communicated this issue to the Federal Chancellery in autumn 2025.

Persons

Topics

  • Digital Sovereignty
  • US Cloud Act
  • Open-Source Software
  • Army IT Security
  • E-Government

Clarus Lead

The switch signals a fundamental realignment of Swiss security policy: digital sovereignty becomes a condition for state protection. While the Army previously accepted proprietary US software, the US Cloud Act now forces a rethink – a precedent that gives other federal authorities and the City of Zurich pause for thought. The ambitious deadline (October 2026) signals political pressure, yet Opendesk must first prove in practice that it can fully replace M365 as a collaboration platform.

Detailed Summary

Cyber Command is responding to structural security gaps in Microsoft 365. The core of the problem: The US Cloud Act obligates Microsoft to hand over data upon request by US authorities. For the Army, this is unacceptable, as the majority of its documents are classified as secret or confidential and, according to federal guidelines, must not be stored in M365. This restriction makes M365 practically unusable for military workflows.

Divisional General Simon Müller emphasizes two strategic advantages of open source: First, data protection – Opendesk is not subject to the US Cloud Act and prevents security data from flowing to foreign authorities. Second, independence from licensing constraints: proprietary software exposes authorities to aggressive licensing strategies to which the Army no longer wishes to be subject. In parallel, Cyber Command itself operates as an open-source producer – for example with the analysis software Loom for document archives, which is published under a free license.

Zurich is not following immediately. The City's IT department has, together with the Bern University of Applied Sciences, prepared a scenario report that rejects an immediate migration. Instead, Zurich plans a practical test in a production environment in 2026 to gain insights into security and operational automation. This suggests technical hurdles that the Army is either ignoring with its more aggressive deadline or must overcome.

Key Statements

  • The Swiss Army is ending its use of Microsoft 365 due to the US Cloud Act and insufficient security classification for military documents.
  • Opendesk is to be available as a secure, sovereign alternative for Cyber Command starting October 2026.
  • Open-source software becomes a strategic necessity for the state to maintain digital independence from US licensing constraints.
  • Other Swiss authorities (City of Zurich) are also examining Opendesk, but are relying on longer-term pilot phases.

Further News

  • Red Cross Clarifies Cyber Emblems: The Red Cross emblem receives cyber-space protection status; Microsoft is also involved in the development.
  • Apple Sues OpenAI: Allegation of theft of trade secrets in the hardware sector.
  • DeepSign: Swiss administrations use electronic seals for secure document certification.
  • AI Usage in Switzerland: Employees use AI strategically for productivity, but do not fundamentally change workflows.

Critical Questions

  1. Evidence/Data Quality: Has Opendesk undergone an independent security audit by external cybersecurity experts, or is the decision based primarily on the assumption that open source is inherently safer?

  2. Conflicts of Interest: To what extent could the Army have a vested interest in promoting Opendesk if it itself develops and publishes open-source software (Loom)?

  3. Causality: The US Cloud Act is cited as the reason for the switch – but shouldn't the Army have already had to remove classified documents from M365 earlier if the risk was known?

  4. Feasibility: How realistic is the October 2026 deadline? The City of Zurich is only planning a practical test; does the Army have technical resources that Zurich does not?

  5. Alternative Solutions: Why was the option of storing classified documents in a separate, local system and using M365 only for less sensitive communication not examined?

  6. Dependency Risk: Will the Army become dependent on the community or a few open-source maintainers by switching to Opendesk if critical security vulnerabilities occur?

  7. Scalability: Does Opendesk already have millions of users in production environments, or is the Army an early adopter with unforeseen error risks?


Source Directory

Primary Source: Cyber Command Bids Farewell to Microsoft – inside-it.ch, July 13, 2026

Supplementary Sources:

  1. Report City of Zurich / Bern University of Applied Sciences on Opendesk Migration (May 2026)
  2. Parldigi-Dinner, Bern – Presentation by Divisional General Simon Müller on Open Source and Digital Sovereignty

Verification Status: ✓ July 13, 2026


This text was created with the support of an AI model.
Editorial Responsibility: clarus.news | Fact-checking: July 13, 2026