A major IT outage on October 31, 2025, brought critical Danish infrastructure to a near standstill—highlighting the nation’s deep and potentially dangerous reliance on a single foreign cloud provider: Microsoft.
From national rail operator DSB and Copenhagen Airport to Skat (the Danish tax authority) and several major banks, essential digital services across both public and private sectors were disrupted for hours. The root cause? A faulty update in Microsoft Azure, the U.S.-based cloud platform that underpins a vast swathe of Denmark’s digital ecosystem.
“Denmark is a Microsoft Country”
Carsten Schürmann, Professor and Head of the Centre for Information Security and Trust at the IT University of Copenhagen, did not mince words: “We are completely dependent on Microsoft—across universities, government agencies, and corporations.” While precise market share data is scarce, Schürmann estimates that roughly 95% of Danish organizations rely on Microsoft’s cloud infrastructure in some capacity.
This dependency stems from Microsoft’s strong security track record and the high cost of maintaining in-house alternatives. “For many, outsourcing to a global tech giant like Microsoft is not just convenient—it’s economically rational,” Schürmann explained. “But convenience shouldn’t come at the cost of national resilience.”
The Risks of Monoculture in the Cloud
The outage reignited a long-standing debate about digital sovereignty. In a recent analysis for Version2, journalist Louise Olifent warned that “society has rendered itself immobile in critical situations by handing over control to a single American supplier.” Her argument echoes growing concerns across Europe about overreliance on U.S. tech giants—not just for efficiency, but for continuity of essential services.
Schürmann agrees: “Putting all your eggs in one basket is never sound strategy—whether in finance or digital infrastructure.” He advocates for diversification across multiple cloud providers to mitigate systemic risk. However, he cautions that simply switching to another major platform—such as Amazon Web Services (AWS) or Google Cloud—is not a panacea. After all, AWS suffered its own widespread outage earlier in October 2025, disrupting apps and services globally.
Resilience Requires Redundancy—and Planning
True resilience, Schürmann argues, demands more than supplier diversification. “Organizations must maintain updated local backups and robust contingency plans,” he said. “When the cloud goes down, you need to be able to switch to an on-premises system—or at least keep core functions running manually.”
He noted that Denmark’s largest enterprises likely fared better during the outage precisely because they’ve invested in such fail-safes. Smaller public institutions and mid-sized firms, however, may lack the resources—and foresight—to do the same, leaving them dangerously exposed.
Geopolitical Vulnerabilities Add Urgency
The issue isn’t just technical—it’s geopolitical. Denmark’s near-total reliance on American cloud infrastructure raises strategic concerns, especially amid shifting U.S. foreign policy. Former President Donald Trump’s repeated interest in acquiring Greenland has fuelled speculation that future U.S. administrations could leverage digital infrastructure as a political tool. While Microsoft has publicly assured European clients of uninterrupted service regardless of U.S. leadership, such promises offer little legal or operational guarantee in a crisis.
A Call for National Digital Strategy
The October 31 outage should serve as a wake-up call. Denmark needs a national strategy for digital resilience—one that promotes multi-vendor architectures, supports European cloud alternatives like Gaia-X, and mandates minimum continuity standards for critical infrastructure.
As Schürmann put it: “Digital convenience must never override national security. When your tax office, transport system, and banks all hinge on a single update from Redmond, Washington, you’ve outsourced not just IT—but sovereignty.”
The path forward isn’t about abandoning Microsoft, but about ensuring that no single point of failure can paralyze a nation. In an era of escalating cyber and geopolitical risks, redundancy isn’t optional—it’s essential.