The German state Schleswig-Holstein has completed a migration to a completely open-source email stack, ending a lengthy project that ultimately stemmed from an assertion of digital sovereignty and for the sake of data protection, but also independence — achieving autonomy with regard to services (not having to buy licenses) — thus long-term control over data and costs, “Tenderdigital” they write.
During a six-month period, the administration moved more than 40,000 mailboxes and more than 100 million messages (including calendar items) to OX in the data center on the server-side, and Thunderbird for email clients on the desktop.
The move will affect about 30,000 government workers in ministries, the judiciary, the police, and state bodies. One of the largest email overhauls in any public sector in Europe to date, its adoption is part of a wider push to reduce dependence on proprietary platforms and software, by adopting open standards and free/open-source software throughout the desktop environment.
Why Digital Sovereignty Matters for Public Institutions
As a result, digital sovereignty has emerged as an increasingly central policy goal for many European governments. At its core, it’s a simple idea: public institutions should retain control over key IT systems and the data of citizens, rather than lock those assets inside some proprietary ecosystem or one vendor’s cloud service.
Schleswig-Holstein crystallized the concept in a public strategy for open innovation and open source, arguing that steering clear of monopolistic dependencies is key to asserting control. The position is consistent with advice from European interoperability frameworks and national IT security agencies that advocate using open standards to enhance the auditability and resilience of systems.
German data protection officials have inspected enterprise cloud suites several times for compliance risks, and the invalidation of the transatlantic Privacy Shield framework has intensified questions about where sensitive public data is stored and who may see it. Open-source platforms hosted in EU jurisdictions are what a lot of CIOs would see as an easier governance model to defend.
How the Migration Worked Across 40,000 Mailboxes
The core server application was Open-Xchange, with Mozilla Thunderbird on the client side in the email and calendar migration.
Rather than calling on proprietary protocols, the stack relies on open standards — IMAP (for mail) as well as CalDAV and CardDAV (which are, respectively, for calendar and contacts). That move allows vendor-agnostic interoperability while mitigating integration risk over time.
Officials said that the project was conducted in phases with pilots, bulk mailbox moves, and phased cutovers for calendar data to prevent any disruption around court schedules and emergency services. Part of change management was specific training sessions, quick reference guides for the most common Outlook-to-Thunderbird workflows, and a help desk surge team that was trained in advance to manage the wave of tickets as they came in.
The change is part of a broader evolution. The federal state has been rolling out LibreOffice as its productivity package of choice, and is using open-source collaboration tools like Nextcloud to replace its legacy systems for file sharing and intranets. Collectively, the stack provides a cohesive, open-source alternative to proprietary suites.
Security, compliance, and costs in an open email stack
With its security in mind, the new platform leverages transparent code, independent audits, and the opportunity to conform controls with public-sector directives.
The recommendations from Germany’s Federal Office for Information Security emphasize open protocols and layered security, a model that follows, with Thunderbird supporting S/MIME and modern authentication, and complements Open-Xchange server-side policies.
Although the state has not released a detailed cost breakdown, public tenders and case studies within Europe consistently prove out two levers: avoiding perpetual licensing and reducing lock-in premiums over multi-year cycles. The cost of total ownership, officials stress, includes autonomy and the opportunity to self-host or use regionally based providers — as well as the freedom to tailor the system without needing a vendor’s go-ahead.
There are trade-offs. Users accustomed to Outlook’s seamless experience somewhat face a learning curve — and new ways of working around some legacy workflows with open protocols need to be worked out. But IT leaders argue these upfront modifications are dwarfed by the long-term control, data portability, and simplified compliance posture inside EU data centers.
A reusable template for future public administrations
Schleswig-Holstein is not alone. European public bodies, including those in the Austrian armed forces, Danish authorities, and the French city of Lyon have reduced their dependence on proprietary email and office suites thanks to open-source stacks. National digital offices, like France’s interministerial free software catalog, have helped to speed up use by certifying mature open-source tools for government work.
The state’s IT ministry has positioned its migration playbook — which includes data analysis, directory integration, user training, and data center monitoring — as reusable guidance for sister orgs. That knowledge transfer is important: email and calendar platforms are a touchpoint for nearly every workflow in government, meaning they’re a key (but sensitive) place to start modernizing.
What comes next for Schleswig-Holstein’s open email
By basing core communications on open standards, Schleswig-Holstein has made room to evolve without starting from scratch whenever a vendor product does. The next chapters may involve closely stitched integrations between email, collaboration, and document platforms, more pervasive automation around identity and access, and further learning on optimizing productivity.
This is the headline result: a major European government now operates mission-critical email in open-source software at scale. For public CIOs weighing sovereignty, compliance, and multi-year budgets, that example shifts the conversation from “Can open source cope?” to “How much of the shift can we do — and who will come with us?”
