In today'sdigital world, the cloud is essential. But with reliance comes questions ofcontrol, security, and independence. The European Commission has addressedthese concerns head-on with its new Cloud Sovereignty Framework, a pivotaldocument designed to define, measure, and enforce digital sovereignty for cloudservices within the EU.
In today'sdigital world, the cloud is essential. But with reliance comes questions ofcontrol, security, and independence. The European Commission has addressedthese concerns head-on with its new Cloud Sovereignty Framework, a pivotaldocument designed to define, measure, and enforce digital sovereignty for cloudservices within the EU.
At itscore, the framework is a tool for public procurement. It provides contractingauthorities with a clear and standardized methodology to assess the sovereigntyof cloud services. The goal is to ensure that the services the public sectorrelies on are anchored within the European Union's legal, industrial, andstrategic ecosystem.
1. SovereigntyEffectiveness Assurance Levels (SEAL): This sets the minimum bar. A cloudservice must meet a predefined minimum SEAL for every sovereignty objective.Failure to do so results in rejection. The levels range from SEAL-0 (NoSovereignty) to SEAL-4 (Full Digital Sovereignty).
2. SovereigntyScore: For tenders that pass the minimum requirements, a weighted score iscalculated to rank them based on their respective sovereignty features. Thisscore then contributes to the overall quality assessment of the tender.
Theframework breaks down the complex concept of sovereignty into eight distinct,measurable objectives:
1. StrategicSovereignty: Alignment with EU strategic priorities and governance.
2. Legal& Jurisdictional Sovereignty: Insulation from non-EU laws and legal claims.
3. Data& AI Sovereignty: Customer control over data, processing locations, and AImodels.
4. OperationalSovereignty: The ability to run and support the technology independently offoreign control.
5. SupplyChain Sovereignty: EU control over critical hardware and software components.
6. TechnologySovereignty: Openness and interoperability to avoid vendor lock-in .
7. Security& Compliance Sovereignty: Security operations and compliance managedexclusively under EU jurisdiction.
8. EnvironmentalSustainability: Long-term resilience related to energy and resource usage.
Thisframework transforms "sovereignty" from an abstract concept into aconcrete, auditable set of criteria.
· ForPublic Authorities: It provides a robust tool to mitigate risks associated withforeign dependencies and make informed procurement decisions that align withlong-term EU strategy.
· ForCloud Providers: It offers a clear roadmap on how to align their services withEU expectations, enhancing their competitiveness in the public sector market.
· ForEurope: It is a significant step towards building a resilient, secure, andautonomous digital single market, ensuring the EU's technological future is inits own hands.
Byimplementing this framework, the EU is not just buying cloud services; it isinvesting in a trusted and sovereign digital future.
We are pleased to share some highlights from our most recent event.
In today'sdigital world, the cloud is essential. But with reliance comes questions ofcontrol, security, and independence. The European Commission has addressedthese concerns head-on with its new Cloud Sovereignty Framework, a pivotaldocument designed to define, measure, and enforce digital sovereignty for cloudservices within the EU.
In today’s interconnected world, the NIS 2 Directive sets out unambiguous obligations for executive management: it makes clear that ultimate accountability for an organisation’s cybersecurity cannot be outsourced to IT teams alone and must remain firmly with the board. Among other things, NIS 2 requires that board members undertake regular, targeted training so they acquire the necessary knowledge and skills to fulfil these duties.
How to enforce effective controls and compliance therewith: