A Blueprint for Trusted European Digital Services

The European Commission’s Cloud Sovereignty Framework (Version 1.2.1, Oct. 2025) is a critical blueprint for defining, assessing, and ensuring the sovereignty of cloud services used within the European Union. Born from initiatives like Gaia-X, CIGREF's Trusted Cloud Referential, and EU legislation (NIS2, DORA), this framework supplements security requirements with sovereignty-specific safeguards to reduce dependency on non-EU actors and proprietary systems.

This session will dive into the technical and legal requirements of the framework, which uses a dual assessment approach: the Sovereignty Effective Assurance Level (SEAL) and a quantitative Sovereignty Score.

Key Components

In this talk Emiel will break down the framework's core pillars:

1. The 8 Sovereignty Objectives (SOVs)

The assessment is built around eight objectives that define what sovereignty means in a cloud context:

SOV-1: Strategic Sovereignty SOV-2: Legal & Jurisdictional Sovereignty SOV-3: Data & AI Sovereignty SOV-4: Operational Sovereignty SOV-5: Supply Chain Sovereignty SOV-6: Technology Sovereignty SOV-7: Security & Compliance Sovereignty SOV-8: Environmental Sustainability

1. The 5 Sovereignty Effectiveness Assurance Levels (SEALs)

The SEAL levels determine the minimum required level of assurance a cloud provider must meet for each objective:

SEAL-0: No Sovereignty SEAL-1: Jurisdictional Sovereignty SEAL-2: Data Sovereignty SEAL-3: Digital Resilience SEAL-4: Full Digital Sovereignty

This talk is crucial for open-source developers, EU-based cloud providers, and policymakers interested in contributing to or complying with the future of digital service procurement in Europe. We will discuss that digital sovereignty starts with open source and how open-source technology can directly contribute to achieving the highest SEAL levels and the maximum Sovereignty Score.

We will also dive into the EU first policy and how that helps EU organizations to be more sovereign.