Motivation

Sovereignty and resilience

Society is being digitised at high speed. Laws, tax rules, eligibility criteria, operational procedures, and medical protocols are now encoded in software systems that shape how public decisions are made. This has altered how democratic mandates are exercised. When a parliament adopts a new rule, it may not take effect if the underlying systems cannot implement it safely, quickly, or accountably. A constraint that appears technical becomes a democratic one. Public-sector systems increasingly define what the state can do, and elected institutions can lose the capacity to govern effectively.

This raises a question that is both practical and constitutional: who really applies public rules in a digital state? If the answer depends too heavily on third-party vendors, especially foreign ones, then public authority is no longer exercised through institutions alone. It is mediated through contracts, platforms, proprietary code, and supplier priorities. That creates risks not only for agility, but for accountability, resilience, and sovereignty.

This article examines that risk in concrete terms. It looks at how dependence on external vendors can weaken public control over the rules that govern society, why that matters for democratic legitimacy, and how a more open and governable approach to rule logic can strengthen institutional resilience.

Digital sovereignty in practice

A public institution does not fully control its mandate if the systems that apply public rules are closed to scrutiny, hard to update, or dependent on external suppliers for every meaningful change. In such cases, democratic intent can be obstructed by technical complexity. A simple policy amendment may require changes across many systems, costing months to deploy. A legal reform can reveal how little visibility remains over the logic that actually governs public services.

That problem becomes more serious when the systems in question are owned, maintained, or materially controlled by third-party vendors. In many cases, public authorities do not just buy software. They rely on suppliers to interpret requirements, configure rule logic, manage updates, maintain integrations, and safeguard continuity. The vendor does not formally make the law, but it may shape how quickly, faithfully, and transparently that law can be put into effect.

This creates a hidden transfer of power. Society places trust in public institutions to apply laws correctly and accountably. Yet in practice, that trust is often extended to private suppliers operating behind the scenes. Citizens usually do not see this dependence. They see a benefit decision, a tax assessment, a healthcare workflow, or a licensing outcome issued in the name of the state. They assume the rule has been applied by a system the state understands and controls. That assumption is not always justified.

Where vendor dependence is high, public institutions may be unable to verify how decisions are implemented without going through the supplier. They may struggle to inspect business logic, trace exceptions, or assess the wider impact of a legal change. If a dispute arises, accountability can become blurred. The institution remains answerable in public, but the operational knowledge may sit elsewhere. That is a fragile model for public service technology.

The problem is not just that software is complex. It is also that laws and policies are often translated into forms that separate them from the language in which they were originally written and debated. Natural language, legal interpretation, and administrative logic are gradually translated unidirectionally into application code and vendor-specific platforms. Over time, this creates legacy estates that are hard to inspect and difficult to change with confidence. Institutions may still operate these systems, yet no longer fully comprehend which rules are being applied, where exceptions exist, or how a change in law will affect the wider landscape.

Vendor dependence deepens this separation. When rule logic is embedded in proprietary architectures, change requests can become procurement events rather than normal acts of governance. A ministry or agency may know what it wants to change, but not how to change it without external help. Timelines are then shaped by supplier capacity, commercial incentives, and contractual scope rather than public need. This is especially risky when the supplier is based in another jurisdiction, subject to different legal frameworks, strategic interests, or geopolitical pressures.

Foreign vendor dependence also raises a sovereignty issue in a stricter sense. If critical public systems rely on platforms, tooling, or service models that cannot be independently governed, then the state does not fully control the means through which its own rules are executed. Even where vendors act in good faith, the dependency remains. Access, maintenance, pricing, auditability, and long-term continuity can all be affected by decisions made outside the public institution and, in some cases, outside the country itself.

This matters in ordinary administration, but also in moments of stress. During a crisis, governments may need to change eligibility rules, redirect public funds, introduce emergency measures, or coordinate across agencies at speed. If each change depends on a supplier queue, a proprietary stack, or a narrow set of specialists, resilience is weakened. Systems that should support public action instead become bottlenecks. Dependence that seemed manageable in calm periods can become a major institutional risk under pressure.

This creates a structural risk for democratic control. Public authority can begin to follow the limits of its systems rather than the decisions of its institutions. In that situation, the operational reality of the state is shaped less by public mandate than by technical debt, fragmented ownership, opaque implementation, and supplier dependence.

Public rules must be exact, stable, and explainable. They must be open to review, trace and test. Systems based on probability cannot substitute for the clear expression and reliable execution of law and policy. Nor can black-box dependency on outside vendors serve as a sound basis for public trust. Resilience does not come from adding another layer of software on top of opacity. It comes from restoring a clear and governable core that institutions can inspect, maintain, and change under public oversight.

Why public trust is at stake

The issue is not only administrative efficiency. It is also legitimacy. Citizens accept public decisions because they assume those decisions can be justified, challenged, and corrected through lawful processes. That depends on traceability. If neither the institution nor the public can clearly see how a rule is represented in the system, trust becomes harder to sustain.

This is why explainability matters so much in government systems. A person denied a benefit, flagged for a tax review, or routed into a medical process should be able to understand the basis for that outcome. The responsible institution should be able to explain it without relying on a vendor to interpret the system on its behalf. If that cannot happen, accountability is weakened at the point where it matters most.

Why open and governable systems matter

Open and governable systems do not remove all complexity. But they make public authority more durable. They reduce the risk that key knowledge is trapped inside a supplier relationship. They support compliance, oversight, and cross-agency interoperability. They also make it easier to test proposed legal changes before they are deployed in production systems.

For governments with budget constraints and long procurement cycles, this matters in practical terms. A clear, reusable approach to rule logic can lower the cost of change over time. More importantly, it helps preserve institutional capacity. Public bodies need systems they can understand well enough to govern, not just systems they can rent.

An open stack for public rules

Within this context, Lemma provides an open-source foundation for expressing rules and policies in a form that both people and machines can work with. It is designed to keep decision logic close to the structure of policy itself, rather than burying it inside general application code. That makes rules easier to read, inspect, and govern. It also allows more people across policy, legal, and technical teams to work from the same source of truth.

This matters directly in environments where vendor dependence has become a structural concern. If rule logic is expressed in an open, legible form, institutions are less reliant on a specific supplier to explain what the system does. They can review logic internally, involve independent experts where needed, and reduce the risk that core public knowledge is locked inside proprietary tools or service contracts. That supports a more secure by design model of governance, where transparency and control are built into the foundation rather than added later.

LemmaBase builds on that foundation as a platform to publish, organise, and query Lemma rules. In institutional terms, this addresses a second part of the sovereignty problem: not only how rules are expressed, but how they are managed across services and over time. When policy logic is published clearly, kept organised, and made queryable, it becomes easier to review, reuse, and adapt. This reduces fragmentation and improves oversight. More importantly, it supports a model in which the logic behind public decisions remains legible to the institutions responsible for them.

It also improves continuity across agencies and suppliers. Public institutions will still work with vendors in many areas, and that is not in itself a problem. The issue is whether those relationships support public control or replace it. By making rule logic portable, inspectable, and interoperable, an open language and an open registry help ensure that suppliers can contribute without becoming the sole custodians of how public rules are implemented. That is a healthier basis for procurement, integration, and long-term stewardship.

The wider significance is not commercial but civic. If societies want democratic decisions to remain effective in a digital age, they need public systems whose rule logic can be understood, governed, and changed under public oversight. They also need to avoid placing excessive trust in external vendors to carry constitutional functions that should remain visible and accountable within public institutions. That is a question of institutional capacity. It is also a question of sovereignty.

Lemma

Open-source language for expressing rules and policies in a form that both people and machines can work with.

Read the docs

LemmaBase

Platform to publish, organise, and query Lemma rules across services and over time.

About LemmaBase

A resilient society

The question is not whether governments should work with technology suppliers. They will, and they should. The question is whether public institutions retain control over the rules those systems apply. When core legal and administrative logic is hidden inside proprietary platforms or managed mainly by third parties, the state becomes less agile, less accountable, and less resilient. If those dependencies are foreign as well as proprietary, the sovereignty risk becomes sharper.

A resilient digital society needs more than functioning software. It needs public systems that are open to scrutiny, explainable in operation, and governable without constant dependence on outside actors. That is how trust is maintained when law is executed through code.

This approach — legible rules in Lemma, published on LemmaBase — points toward that model. By keeping rule logic legible, portable, and open to review, it helps institutions strengthen transparency, interoperability, and democratic control. In a period of growing concern about vendor lock-in, foreign dependency, and the integrity of public digital infrastructure, that is not a minor technical benefit. It is part of the foundation of sovereign government.