Digital sovereignty. Measurable. Audit-ready. Actionable.

Data Sovereignty & Cloud Hosting

Data sovereignty means retaining full control over your data—especially when it is processed in cloud environments. This includes consciously choosing where data is stored (preferably within your own legal jurisdiction) and protecting it from external access (e.g., when cloud providers are subject to the U.S. CLOUD Act). This category assesses how well the organization is positioned regarding data storage, cloud selection, and control.

Vendor Lock-in & Open-Source Usage

Strong vendor lock-in jeopardizes sovereignty, so application portability and system interoperability are crucial to enable a switch if needed. Conversely, the use of open-source software and open standards can strengthen digital independence: open source code creates transparency about data processing and reduces reliance on individual vendors. The questions examine whether strategies exist to mitigate vendor dependencies and how your organization uses open source.

Regulatory Compliance

Compliance with legal requirements such as the GDPR is a core aspect of digital sovereignty, since violations entail significant legal and financial risks. Newer EU regulations—such as eIDAS 2.0 (for digital identities) or the Digital Markets Act (which primarily imposes obligations on very large platform operators as so-called gatekeepers)—also set frameworks that organizations must adapt to depending on their role and exposure. The questions evaluate to what extent organizations meet these compliance requirements.

IT Security

High IT security standards and relevant certifications are fundamental prerequisites for digital sovereignty. Recognized certifications such as ISO/IEC 27001 are important indicators of a solid security posture. Many of the minimum measures required by the NIS2 Directive can already be covered by an ISO 27001-compliant security management system. This section asks about implemented measures, processes, and existing certifications in the context of IT security.

Digital Identities & Interoperability

Digital identities and the ability to integrate with other systems (interoperability) are further key building blocks of digital sovereignty. The Digital Markets Act requires certain very large platform operators to provide greater interoperability and data portability. Regardless of that, organizations benefit overall from open standards and identity and interface architectures that are easy to integrate. The questions in this section examine how well the organization is positioned in terms of identity management and technical interoperability.

Artificial Intelligence

The use of artificial intelligence (AI)— especially generative AI—is transforming processes, products, and decision-making workflows. In this context, digital sovereignty covers not only data storage, but also legal jurisdiction, control over models and configurations, evidence and auditability, and protection against dependencies and unintended information leakage. This topic block assesses AI governance, compliance (including the EU AI Act and GDPR), data and model sovereignty, security, and portability when using AI.

about 15–60 minutes

Complete the assessment

Answer questions quickly and transparently across clear topics.

instantly

Get scoring & measures

Risk and maturity scoring plus concrete measures that are clearly described and can be tackled in priority order.

instantly

Share the report

Export reports in PDF and Word formats that structure the results instead of unstructured presentations.