Skip to Content
ANALYSISMEMBER

EU debuts new digital sovereignty assessment tools

As Europe advances its digital sovereignty agenda, new assessment tools provide criteria organizations can use to benchmark cloud and AI providers.

Published
Subscribe to IAPP Newsletters

Contributors:

William Simpson

AIGP, CIPP/US

Westin Fellow

IAPP

In line with EU strategic objectives, the European Commission has repeatedly emphasized tech sovereignty, which it defines as "Europe's ability to act independently in the digital world by developing and controlling key technologies, data, and infrastructure, while reducing reliance on non-EU providers."

One pillar of tech sovereignty is the acquisition of sovereign cloud. Under the Cloud III Dynamic Purchasing System — a public procurement program for adopting cloud services — the Commission tendered a 180 million euro contract for sovereign cloud to four European providers: Post Telecom, STACKIT, Scaleway and Proximus. The award was based on a set of criteria identified in the Cloud Sovereignty Framework.

After questions arose over how the Commission applied the Cloud Sovereignty Framework in making its selection, the body released an explainer and implementation guidance to the public. These documents not only offer transparency into the evaluation process undertaken by the Commission, but they also allow cloud providers and organizations in general benchmark their own digital operations against the EU's standards for tech sovereignty. 

The EU's Cloud Sovereignty Framework

In designing the framework, the Commission drew upon European initiatives like Cigref's Trusted Cloud Referential v2 and the European Cybersecurity Certification Framework, national cloud sovereignty strategies and international practices in export controls, supply chain resilience and security auditability. 

The framework measures cloud sovereignty across eight objectives: strategic, legal and jurisdictional, data and AI, operational, supply chain, technology, security and compliance and environmental sustainability. As such, the Commission states that the framework provides "a clear and standardised method to assess cloud services, moving away from abstract principles to concrete sovereignty metrics."

Contributors:

William Simpson

AIGP, CIPP/US

Westin Fellow

IAPP

MEMBER

Unlock this exclusive content and more

Join the IAPPAlready a member? Sign in

Membership opens up a world of resources

In-depth knowledge

From original research reports and daily news coverage to legislative trackers and infographics, we have the information you need to stay ahead of change.

A global network

Make valuable professional connections through more than 160 local IAPP KnowledgeNet chapters in 70 countries.

Access to the experts

Connect with top thinkers in privacy, AI governance and cybersecurity for fresh ideas and insights.

Learn what you get from membership