TL;DR: German companies risk uncontrolled access to sensitive email data through US cloud services. Automated email encryption with a gateway like Conbool SecureMail creates digital sovereignty -- GDPR-compliant, Cloud Act-independent, and without manual effort for end users.
In a connected world, data control is the most valuable asset. Yet for many companies, this control ends with the click on "Send." Are your emails routed through US-based servers? Are your keys accessible to third parties? Anyone striving for true digital sovereignty must rethink the topic of email security.
Why Is Convenience a Compliance Trap?
Many companies rely on integrated solutions from major cloud providers. The problem: Laws like the US Cloud Act theoretically enable access to data, even when stored on European servers. True sovereignty means keeping encryption authority physically and legally within your own domain.
What Does the US Cloud Act Say?
The Clarifying Lawful Overseas Use of Data Act (CLOUD Act) was passed by the US Congress in 2018. It obligates US companies -- including Microsoft, Google, and Amazon -- to hand over data upon request by US authorities, regardless of which country the data is stored in.
For German companies, this means: If you use Microsoft 365 or Google Workspace and the encryption keys are held by the provider, US authorities theoretically have access to your email content. According to a Bitkom survey (2024), 68% of German companies view their dependence on US cloud services as a risk to their IT security strategy.
This is precisely where the vision of Conbool GmbH comes in. As an innovative startup at CyberLab Karlsruhe, Conbool develops solutions that don't just promise security, but guarantee it through local infrastructure and automated processes.
How Does SecureMail Automate Email Encryption?
Email encryption often fails in practice due to its complexity for end users. S/MIME certificates must be requested, PGP keys exchanged. Conbool solves this problem with the SecureMail Gateway, which fully automates cryptography.
As the trade portal Security Insider reports, Conbool uses modern approaches (including AI-powered analyses) to massively reduce the administrative burden on IT departments. The result:
- Central Certificate Management: No more manual updates. Certificates are automatically requested, renewed, and revoked.
- Interoperability: Seamless switching between S/MIME and PGP -- the gateway automatically detects which protocol the recipient supports.
- Keyless Delivery: Communication with partners who lack their own encryption infrastructure via a secure web portal.
S/MIME vs. PGP: Which Method for Which Use Case?
| Criterion | S/MIME | PGP |
|---|
| Certificate Source | Certificate Authority (CA) | Web of Trust or Keyserver |
| Adoption | Standard in enterprises | More common in the open-source community |
| Outlook Integration | Natively supported | Plugin required |
| Automation Potential | High (via gateway) | Medium |
| Identity Verification | Verified by CA | Self-certified or community-verified |
With the Conbool SecureMail Gateway, you don't have to choose between S/MIME and PGP. The system automatically uses the method supported by the recipient -- and offers the secure web portal as a fallback for recipients without encryption infrastructure.
Why Is IT Security "Made in Germany" a Strategic Advantage?
That Conbool is considered one of the most promising startups for email security is also highlighted in the analysis by IT-Boltwise. Particular emphasis is placed on the Germany location. In times of geopolitical uncertainty, the legal certainty of a German provider is an invaluable locational advantage for mid-market enterprises.
Concrete Benefits of a German Provider
- German Data Protection Law: No obligation to hand over data to foreign authorities. The operator is exclusively subject to GDPR and BDSG.
- Data Centers in Germany: Data never leaves the German legal jurisdiction. No routing through third countries.
- BSI Ecosystem: As a member of the BSI Alliance for Cyber Security, Conbool benefits from current threat analyses and recommendations.
- NIS2 Compliance: The gateway supports the requirements of the NIS2 Directive for encryption and incident documentation.
What Does a Typical Integration Look Like?
The integration of SecureMail into existing infrastructures is intentionally kept simple:
- DNS Configuration: MX records are redirected to the SecureMail Gateway. The gateway forwards emails to the actual mail server after encryption.
- Certificate Import: Existing S/MIME certificates can be imported. New certificates are automatically requested.
- Rule Configuration: In the dashboard, you define which domains, senders, or recipient groups should communicate with encryption.
- Go-Live: The entire setup typically takes less than one business day for Microsoft 365 or Exchange Online.
Frequently Asked Questions
Is email encryption mandatory under GDPR?
Art. 32 GDPR requires "appropriate technical and organizational measures" to protect personal data. The German Data Protection Conference (DSK) has explicitly recommended transport encryption (TLS) since 2021 and classifies end-to-end encryption as "state of the art" when sensitive data is transmitted.
What happens if the recipient does not support S/MIME or PGP?
The SecureMail Gateway provides a secure web portal as a fallback. The recipient receives a notification by email and can access the encrypted message through a protected browser interface.
How does a gateway differ from an Outlook plugin?
A gateway encrypts at the server level -- independent of the email client. It works equally with Outlook, Thunderbird, Apple Mail, webmail, and mobile clients. A plugin, on the other hand, is tied to a specific client and must be installed and maintained on every device.
Does SecureMail support NIS2 requirements?
Yes. The NIS2 Directive requires the use of cryptography under Section 30 para. 2 no. 8 BSIG. SecureMail meets this requirement through automated S/MIME and PGP encryption with comprehensive logging.
Conclusion: Act Sovereignly
Digital sovereignty is not a state you buy once, but an ongoing process. By deploying a sovereign mail gateway, you decouple your sensitive business data from the legal uncertainty of global platforms.
Want to know how to integrate SecureMail into your existing infrastructure?
Contact us -- we're happy to help. Also read how Conbool as a startup at CyberLab Karlsruhe is setting new standards for email security, or learn more about our Email Disclaimer Management for Microsoft 365.
