Where the Independent Magazine «Republik» Depends on Big Tech

Olivier Baumann
Olivier Baumann
13 min read

Automated translation from German. Original Article

Monday, 5 December 2022, shortly after 5 in the afternoon. In the newsroom, the newsletters for the next morning are being planned - as on every day since Republik began publishing. Mailchimp, the service we use to send our mails, refuses. Republik's account has been suspended for a violation of Mailchimp's terms of use. No warning; support does not respond.

In the team chat on Slack, the duty producer posts a panic GIF.

[@portabletext/react] Unknown block type "image", specify a component for it in the `components.types` prop

The next morning, for the first time since Republik was founded, no newsletter was sent at 5 a.m.

Mailchimp, an American company belonging to the Intuit group, sends around a million emails a month on Republik's behalf: newsletters, payment confirmations, login codes. For a magazine that organises most of its relationships with its publishers via email, a suspended Mailchimp account is a worst-case scenario.

On Tuesday, Mailchimp finally gets in touch: the suspension was triggered because the newsletter «Propaganda ohne Bullshit», a piece on Russia's war of aggression against Ukraine, contained a link to a website called «signmyrocket». On that site you could have a message written on a Ukrainian rocket, for a small donation. The projectile was then fired towards Russia. We remove the link and request reactivation.

And, once again, hear nothing at all at first.

In parallel, the tech team sets up a new email service with the German provider Rapidmail, exports and imports email addresses daily, and sends the morning newsletter by hand for three days.

Internally, the team sets a deadline: if Mailchimp has not responded by 6 p.m. on 8 December, Republik migrates to the German provider. Everything. All the automations, the database links, the integration into the editorial system.

The unblocking comes on 8 December at 5.15 p.m.

It is now July 2026.

We are still on Mailchimp.

And at this point you may be asking yourself: how can that be? Or indeed: how did this relationship come about in the first place?

As guests

You could say that providers like Mailchimp are what made Republik's launch in 2018 possible at all. The money from the crowdfunding could go chiefly into building the online magazine, rather than first being sunk into building a digital infrastructure. Had Republik launched a few decades earlier, that would not have been possible.

Whoever bought software in the 1990s generally owned it. There was a CD from which it could be installed independently. A serial number that guaranteed support. The company that developed the programme could go bankrupt. The software kept running anyway.

Not a good business model for the providers. Around the turn of the millennium, Salesforce invented the solution: software no longer as a product but as a service, billed monthly.

The bet paid off. Soon all the big software firms had jumped on the subscription bandwagon. The days when a herd of IT engineers installed new software on site in the offices of corporate clients were abruptly over. Hardware and software literally dissolved into thin air: into the cloud.

Yet the services still have to run on servers. The online shop Amazon built a massive infrastructure for this early on and from 2006 rented it out as Amazon Web Services (AWS). Google and Microsoft followed suit. Together they dominate two-thirds of the global cloud market today.

Selling software as a service is not only lucrative for Big Tech corporations. It also gives small companies access to software they could never have afforded before.

Today a start-up books computing power on demand, pays only for what it uses, gets security updates automatically. All without its own data centre, without hardware costs, and without specialists for networks or cybersecurity. What once cost millions of francs in infrastructure and months of work is now done in an afternoon with a credit card.

That was true for Republik at its launch in 2018: Mailchimp for newsletters, Stripe for payments, Google Workspace for documents, Heroku for hosting. Some things we built ourselves - the editorial system (CMS), the crowdfunding platform, the website, the app - but the foundations belong to others.

But this ease has its price: dependency.

For with the changed model, the relationship between provider and user changes too: whoever bought a licence in the past owned something. The software, and the data processed with it. Whoever signs up for a software subscription today is a guest.

A guest in the United States, that is, where most of these providers are based. The US Cloud Act, passed in 2018 under President Donald Trump, allows US authorities to demand data from US companies. The customer's origin and the location of the servers are irrelevant.

What does that mean for our independence?

The dependencies

At the political level there is currently much discussion of digital sovereignty and of whether Europe is making itself open to blackmail by US Big Tech companies. The dependence on American tech infrastructure is real, structural, and politically relevant for Europe and Switzerland. And, as Republik tech reporter Adrienne Fichter reported in January, political calculation. The politician Sanija Ameti puts it like this: «The US security strategy pursues for Europe a status as a digital colony, by seeking to force the European states to use the digital infrastructures of US tech empires.»

Seen in this light, things look bad for Republik.

As of June 2026, almost 80 per cent of our software services come from US companies. Add to that our spending on digital advertising on social media and search engines, of which currently almost 100 per cent goes to US companies such as Google and Meta.

It becomes even starker when you look at where the infrastructure comes from: over 90 per cent of our tech budget flows to companies that host on so-called US hyperscalers - that is, on Amazon, Google, or Microsoft. Our payment provider Stripe uses Amazon Web Services. Mailchimp? Amazon too. Our synthetic voice is supplied by the Swiss company «Huebsch» which, alongside its own transformations, uses the US provider Eleven Labs for speech synthesis: a company originally Polish, but headquartered today in New York and hosting its services on Google Cloud.

Follow the entire chain of dependencies, the infrastructure of all our service providers, and you almost always end up at US hyperscalers.

We as a media company are certainly not alone in this. In the mid-2010s the majority of European media companies moved their infrastructure into the cloud, ending up, like us, almost inevitably with the three big US providers. According to a large survey, almost 80 per cent use Google Workspace or Microsoft Office, a third host on Amazon, a sixth on Google Cloud - and nearly all rely on newsletter providers.

For a long time this counted as a purely technical or business decision. It is now increasingly being discussed within the industry as what it is: a concentration risk.

The two Dutch media companies «Follow the Money» and «De Correspondent» declared in February 2026 that they are embarking on a phase-out of US tech. With one exception: US social media platforms. Understandably - it would be a death blow for any digital media outlet not to court its audience on Facebook, Instagram, and co.

We hear similar demands again and again from individual publishers: in the comment section, in our inbox, in conversation. But it would be naive to believe that the security of one's own data and sources is guaranteed simply by shifting one's services from one state to the next. Switzerland, too, is quietly building its own surveillance infrastructure, and in the EU the demand for chat control has kept resurfacing since 2020 - messengers are to screen private messages on the device itself, before they are encrypted and sent. Still, the criticism is justified: We currently see a significant operational risk in the dependence on certain US service providers.

It matters to us to reduce the existing dependence on US tech companies. A few months ago we moved our internal email accounts from Google to the Swiss provider Proton. Which is no liberating boon for data protection and the protection of sources. But unlike Google, Proton is not subject to the US Cloud Act, and it is majority-owned by a non-profit foundation legally obliged to defend the company's data-protection promise.

For Republik, the question of dependencies on US tech corporations is not only a moral or political one. It is always a weighing-up as well: what does our room for manoeuvre look like? Under what conditions, and at what cost, is a switch possible and necessary?

Risk assessment

Not every service Republik uses is equally problematic. Mailchimp has access to the email addresses of our subscribers - data our readers entrust to Republik. Github, by contrast, a cloud storage and collaboration tool for source code, stores our publicly accessible code, which anyone can read anyway.

A blanket «phase-out of US tech» would treat Github and Mailchimp as the same problem.

But they are two different things.

In practice, we orient our risk assessment around a grid of three questions:

How sensitive is the data? How much confidential information about our users a service holds determines how much is at stake if it fails, is hacked, or is searched by the authorities. The more sensitive the data, the less we may leave to chance.

How strong is the lock-in? A service you can no longer get away from is a service that can dictate the terms. Is there a standardised replacement? How many other systems hang off this one? How long would migration take? These costs are not only technical; they also have to do with habits: with routines the accounting department has internalised, with the familiarity of tools that authors open every day to finish writing a text.

How central is the service? The simplest question: what happens if it's gone? No payment system, no memberships. No email dispatch, no reader logins. The closer a service sits to this core, the less time there would be to replace it in an emergency — and the more expensive every minute of its absence.

For every service Republik uses, answers to these three questions can be formulated. Sometimes with the conclusion that the current provider is the best of bad options. Sometimes with the conclusion that the provider has to be replaced.

We carry out this risk assessment regularly. You can see the result in the graphic. The critical quadrant is the top right: that is the zone in which an account suspension, an outage, or terms of use changed overnight would be not merely annoying but existentially threatening. The payment provider Stripe marks the outermost corner.

There is a reason for that, and it is first of all a great advantage: Republik itself stores no credit-card information, but outsources that responsibility to Stripe. Raw card data never touches our systems. An attacker who gains unauthorised access to our database cannot skim credit-card information. Anything else would be negligent.

The price: the digital keys with which Stripe collects your membership fees do not lie with us. Almost as delicate in data terms is Mailchimp. What is sensitive here is that Mailchimp knows Republik's complete address list. That list, admittedly, is easy for us to export should anything ever go wrong. What is problematic about Mailchimp is how deeply it is anchored in our business logic: automations for login codes, payment reminders, links to our database, embeddings in the CMS.

So we know where the biggest risks lie. And now?

Resilience between aspiration and reality

We take stock of whether equivalent alternatives exist and what resources a switch would require. Sometimes it works, as recently with the move to Proton Mail. Sometimes it doesn't work (yet), as with the payment provider Stripe, or with Mailchimp.

In spring of 2024 we tried to switch to an alternative provider: Nexi, a European company. The switch never came about, because Nexi, which would have processed the payments with the card networks in the background, declined to work with Republik. For two reasons: because of reservations about our nested structure of Project R Genossenschaft and Republik AG. And because of the company's difficult financial situation at the time. For us that meant: at a time when we had to cut the budget radically, when employees were being laid off, we had poured energy and effort into a project that never came to anything.

And that is the greatest challenge: how do we deploy our scarce resources so as to keep the magazine running and make it resilient against external turbulence? When Mailchimp failed us in December 2022, an emergency operation with another provider was up within three days. But only an emergency operation, by hand, for a single newsletter. A full migration with all its interconnections is of a different order of magnitude altogether. And the reason we still rely on this provider.

Every additional franc of budget that flows into switching tech infrastructure is taken away from the core business of journalism.

What has cost the tech team a great deal of energy and working time in recent years is running our self-built editorial system. Of all things, the open-source software developed by the predecessors of today's team turned out to be a burden: the in-house development has aged. Unmaintained code does not fail at once — but the longer nobody tends to it, and the fewer new developers understand it, the more likely it becomes to fail, or do things it should not do. It happened with increasing frequency that the publication of articles failed overnight, and production could not be sure at weekends that scheduled articles would actually be published. The problem was found and fixed — but that it took several weeks can’t happen again.

The self-built system that was supposed to make Republik independent makes us dependent. Not on a corporation, but on a piece of code that hardly anyone still understands. What's more, an in-house development does not exist in a vacuum either — Republik's rests on more than 135 third-party open-source modules that the team neither controls nor maintains. «Our own» does not mean «independent». It means: we bear most of the risks alone.

That is why, here, in the name of resilience, we decided on a change. From the in-house development to an external provider: Sanity. A company originally Norwegian, but one that moved its headquarters to the USA in 2019. And is thus subject to the Cloud Act.

We made that decision using the grid. The CMS holds no sensitive data — only what is published anyway and is public. The content belongs to us, and we store it as back-ups on European servers we control ourselves. That way we guarantee that our journalism remains accessible should the provider fail.

By 2026, moreover, a CMS has become an interchangeable standard product. Over the course of the 2020s, several media companies gave up their in-house developments. Vox Media («The Verge», «New York Magazine»), for example, shut down its home-grown CMS Chorus in 2023 and moved to WordPress. Even big houses like the «Wall Street Journal» now build their CMS on a standard solution such as WordPress rather than on a system of their own. Paradoxically, this makes interchangeability greater: moving away from a standardised external system is easier than freeing yourself from a home-made code corpse.

That leaves centrality. And it is high. No CMS, no publication. But that alone is not enough to justify an in-house development.

Outlook

Top priority for Republik's tech team, then, is the question of resilience. The path there is not linear, and it does not necessarily lead through greater independence from US companies. But that too.

After the change of CMS, the work goes on: Heroku, the hosting provider owned by Salesforce, is on our hit list. The service runs on Amazon Web Services, and its costs are rising without proportional added value. While Heroku was a pioneer of simple application hosting when Republik was founded, there are European alternatives today offering much the same at lower prices. We are currently testing the French provider Scalingo for smaller internal applications. For the hosting of images and other larger files, too, we will be switching to a European alternative.

In the medium term we want to complete the migration from Google Workspace to Proton - not just for mail, but for drive and documents as well. Proton's office suite is, as things stand, not yet a fully fledged replacement. But most of what we need is on the roadmap for the coming year.

Stripe, after the experience of 2024, will only be evaluated again when we absolutely must.

And Mailchimp? It stays.

For now.