Inside Germany’s digital sovereignty agency

Germany’s Sprind innovation agency has captured Europe-wide attention for what it says is a new model of quick, bureaucracy-free and competitive public innovation funding. Both the EU and national governments such as the Netherlands hope to ape some of its features. 

But a year after Sprind was founded in 2019, Germany set up another innovation agency, also designed to shake up how public invention is done. 

The Cyberagentur aims to anticipate what Germany and Europe will need to remain digitally sovereign in 10-15 years time, a mission more crucial than ever as the continent tries to wean itself off the technology platforms of a now sometimes hostile US. 

Unlike Sprind, the Cyberagentur deliberately keeps a low profile. Its headquarters in the medieval Hanseatic city of Halle is surrounded by security cameras, and large gates block out prying eyes. 

Its managing and scientific director, Christian Hummert, is very much not on LinkedIn. “This is not by chance. It's a feature, not a bug,” he told Science|Business of the agency’s relatively low profile.

Fascinated by cybersecurity from a young age, the ponytailed Hummert became a self-described hacker in the 1990s, before starting a career cracking encrypted messages for the police. He once decrypted the computers of the leaders of the National Socialist Underground, a neo-Nazi terror group responsible for a series of murders and bombings in the 2000s. 

“I hate locked doors,” says Hummert, “because this make me want to go through them.” He practices locksmithing in his spare time. 

Close watch

Rather like Sprind, the agency runs competitive challenges, typically pitting six teams against each other to build technology prototypes, which are then whittled down to just one. The European Innovation Council is currently piloting a similar model. 

One recent Cyberagentur project, for example, funded three teams to build mobile quantum computers in a €35 million initiative. Sometimes, competing teams join forces to combine their expertise. Projects normally back very early-stage ideas at technology readiness levels 1-4, although from this year the agency is now allowed to go up to six. 

However, what makes the Cyberagentur unusual is its network of “connectors” embedded in Germany’s military, police and intelligence services, who feed ideas for projects to the agency. “We always address a need,” says Hummert. “We do not finance research because it’s excellent [. . .] I think, for Germany, that’s rather new.” 

Because it serves real needs, the agency keeps a close watch over what its funded teams are building. It checks in with them online once a month, and has face-to-face meetings every quarter. If progress isn’t adequate, the project gets cut. 

Unlike Horizon Europe, the Cyberagentur tries to keep teams small, says Hummert, who as an academic once had to coordinate 18 partners across 11 countries for an EU-funded consortium. “Too much money goes into project management,” he says of the EU model. “I hate really really large consortia.” 

Hackers and art historians

The agency’s definition of cybersecurity is expansive, and it funds some topics of wider social interest, such as disinformation in virtual reality, for example. “We see cybersecurity rather broadly,” said Hummert. Some projects, meanwhile, are so sensitive they are not publicly disclosed.

The agency doesn’t just employ cybersecurity specialists. Physicists, biologists, war studies experts, and even an art historian are on its payroll.

“I think the best ideas happens if you have the different people drinking coffee together,” said Hummert. A historian can draw on the past to anticipate how technological breakthroughs might impact geopolitics, for example. 

Bigger budgets

The budgets for the Cyberagentur’s competitions are normally much bigger than Sprind’s challenges, in the region of €20-€50 million, and often last longer, perhaps five years. This is because Sprind aims to seed successful start-ups, whereas Hummert’s agency wants to create useable prototypes for Germany’s security services. 

While competitive projects take up 80% of the agency’s budget, it also offers annual idea competitions, where anyone can send in a two-page solution to a challenge the agency sets, with the winner given €100,000 to develop their thoughts further.

A recent competition on drone swarms attracted ideas from a 16-year-old hacker and an independent inventor, not just the usual suspects in the academic or start-up world. “This is something we would have never read if you had these large contracts and funding schemes,” says Hummert. 

The Cyberagentur’s headquarters in Halle. Source: Cyberagentur

Geographically open

Despite the agency’s security focus, it’s calls are pretty open geographically. Teams from the EU, Switzerland, NATO countries, and South Korea, Japan, Australia and New Zealand can all normally apply. However, if teams come from outside Europe, the agency keeps stricter control of any resulting intellectual property, Hummert says. 

One difference to Sprind is that, because of the sensitive nature of its projects, the Cyberagentur retains a partial ownership of any intellectual property generated by its funded teams, so retaining a veto on its use abroad. “This allows us better to protect the results,” Hummert says. 

Teams sometimes worry this limitation will make them less attractive to venture capital investors, but for start-ups, the prospect of German state procurement contracts “is more important than venture capital,” says Hummert. 

Pre-commercial procurement

Like Sprind, the Cyberagentur uses a special EU instrument, created in 2017, called pre-commercial procurement. 

This permits the agency to procure the same thing from two different sources, which allows it to set up competitions. The tool also allows the agency to issue tenders without giving very tight specifications, meaning teams can improvise their way towards their goal. “It allows this agile approach,” Hummert says. 

Germany’s infamously rigid military procurer initially told the agency using this approach would be illegal, says Hummert. Now it’s asking for training sessions. “Now, at least in Germany, many agencies think about how to do it,” he added. Austrian, Swedish and French sister agencies have also visited the Cyberagentur to learn more. 

Not quite DARPA

Although the agency has been likened to the famous US Defense Advance Research Projects Agency (DARPA), its approach to topic selection is very different, Hummert says.

DARPA, and similar agencies such as the UK’s Advanced Research and Invention Agency, have a “person-centric approach,” which gives “brilliant” programme managers money and freedom to explore their individual technological visions. 

“If you have the right person, it’s going to maybe be very successful, but you have the wrong person, you failed before you started,” Hummert says. 

Process-orientated

The Cyberagentur, by contrast, is “process-oriented.” harvesting ideas by embedding experts in the security services, then whittling them down through a series of workshops and discussions by a scientific council. 

“It's a bunch of work, more costly, slower,” Hummert says. But hopefully, the end result of this community decision is more successful projects. “Maybe it's just a trust issue,” he says. “And I'm not as trusting a person as other people are”.

Related articles

• How Germany’s innovation agency wants to set up a military offshoot
• Germany’s pacifist universities pose obstacle to militarisation of EU R&D
• Germany’s Sprind innovation agency: what works, what does not

This doesn’t mean that the agency obediently researches what the military wants. The whole point is to anticipate needs 10-15 years down the line, rather than solve the Bundeswehr’s problems right now. “To be honest, the ideas we get from the Bundeswehr, they are often not feasible,” he says. 

Signs of success? 

As with Sprind, it’s still a little too early, after just five years, to judge whether the Cyberagentur is working or not. Perhaps in keeping with the agency’s under-the-radar ethos, funded teams contacted by Science|Business did not divulge how they had found the process. 

After all, the agency’s projects normally run for five years, and it normally takes another five to get to a working project. The point is to develop new ideas for the “day after the day after tomorrow,” as the agency puts it. 

Pressed for tangible results, Hummert points to Zander Labs, a Cyberagentur-funded start-up that developed a lightweight, easy to wear EEG headband that’s currently being tested in hospitals. 

Zeitenwende

Nonetheless, the agency is part of a broader shift in German academia. Many universities still have so-called civil clauses, which prevent them from working on military-related research, but Hummert says that following Russia’s invasion of Ukraine, this squeamishness about working in defence is beginning to break down.

“Four years ago, most academics said, no, we don’t take your money,” he says. But now, “the same people come to me and say, we want to do military research. The zeitgeist has really changed,” he continues, and with “big money” flowing to defence R&D, universities are suddenly keen to get involved. 

Increasing budget

Funded and owned by Germany’s federal ministries of defence and interior, this year the agency’s budget will rise to €109 million, its biggest ever. Since last year, it has nearly doubled staff numbers. 

It plans to continue growing, but slowly and steadily. “I think I could get as much money as I want from the military budget, but we cannot scale up this fast because of this close control of the projects, Hummert says.

“Many people believe that the more money and more personnel you have, the more successful you are. This is bullshit,” he says. The bottleneck is not money, but good ideas.