European digital sovereignty. Measured.

Methodology

250 Services
8,000 Datapoints
90% Top score
43.4% Avg. score
Methodology →
Methodology →
Sovereignty Index Methodology
Methodology

How the Sovereignty Index is assessed

The Sovereignty Index evaluates digital services against eight sovereignty objectives using a staircase model. Each objective is assessed progressively from SEAL-1 to SEAL-4, then combined into a weighted total score. The result is a method that is transparent, structured and easy to compare across services.

8 sovereignty objectives 32 core criteria Weighted score out of 100

Overview

The index is built to answer a more useful question than whether a service is simply “European”. It evaluates how deeply a service is anchored in the European legal, operational, technological and supply-chain environment.

Structured

Every service is assessed against the same eight objectives and the same progressive SEAL logic, making outcomes consistent and reproducible.

Progressive

A service can only move upward by meeting stronger requirements. Higher assurance cannot be claimed when a lower foundational step fails.

Comparable

Objective-level results remain visible alongside the final score, so strong overall performance cannot hide a meaningful sovereignty weakness.

The staircase model

Each sovereignty objective is assessed as a staircase. A provider climbs from lower to higher assurance only when the required criteria are met at each step.

SEAL-0
No sovereigntyExclusive control remains outside the EU and the service is governed entirely in non-EU jurisdictions.
SEAL-1
Foundational presenceEU law may formally apply, but practical sovereignty remains limited and non-EU control can still dominate.
SEAL-2
Baseline sovereigntyCore EU anchoring exists, but material non-EU dependencies still remain in governance, stack or operations.
SEAL-3
High sovereignty resilienceEU actors exercise meaningful control and the service is resilient, but not yet free of all critical external dependence.
SEAL-4
Full digital sovereigntyTechnology, operations and control are fully anchored in the EU, with no critical non-EU dependency left.

The staircase logic is based on the European Commission’s Cloud Sovereignty Framework, which defines eight sovereignty objectives, sovereignty effectiveness assurance levels (SEALs), and a weighted score structure. The Sovereignty Index adapts that model into a concise public-facing assessment method.

1

Collect evidence

Public documentation, technical documentation, provider disclosures, legal terms and independent evidence are reviewed per criterion.

2

Test each step

For every SOV, the service is checked from lower to higher assurance using the staircase criteria.

3

Assign the achieved SEAL

The achieved level is the highest step for which all required lower conditions are satisfied.

4

Calculate the total

Objective-level performance is normalized and weighted, then combined into a final Sovereignty Score.

How weighted scoring works

The final score combines performance across all eight objectives. Each objective contributes according to its assigned weight.

Expand section
Sovereignty Score = Σ [(Score of SOVn ÷ Maximum score of SOVn) × Weight of SOVn]
  • Each SOV is first assessed against its own criteria.
  • The achieved result is normalized against the maximum possible score for that SOV.
  • The normalized result is multiplied by the SOV weight.
  • All weighted SOV results are added to produce a final score out of 100.
SOV-1 Strategic Sovereignty
15%
SOV-2 Legal Sovereignty
10%
SOV-3 Data & AI Sovereignty
10%
SOV-4 Operational Sovereignty
15%
SOV-5 Supply Chain Sovereignty
20%
SOV-6 Technology Sovereignty
15%
SOV-7 Security & Compliance
10%
SOV-8 Environmental Sustainability
5%

How the weighted score is shown

The weighted score reflects the share of weighted requirements counted as satisfied. At this stage, requirements assessed as fully met and partially met contribute equally to the weighted score. To make this more transparent, the service detail page separately shows which part of the score comes from requirements that were fully met and which part comes from requirements only partially met.

This visual improves transparency, but it does not change the current score calculation itself.

How the confidence score should be read

The confidence score does not measure service quality. It reflects evidence strength: how firmly an assessment rests on public proof. Explicit facts score highest, strict deduction from explicit facts lower, indirect proxy evidence lower still, and missing evidence lowest.

Score Meaning
1 Fact-based, directly evidenced.
0.5 Deduced from explicit facts, or no evidence found after thorough search.
0.25 Inference from indirect proxy evidence.
0 No reliable basis; cannot assess.
Interpretation: a strong overall score does not erase weaknesses in a specific objective. That is why the index shows both the weighted total and the achieved SEAL per SOV.

The eight sovereignty objectives

Each objective has its own four-step progression. The cards below summarize the core criterion that defines the move from one SEAL to the next.

Expand section
SOV-1

Strategic Sovereignty

15% weight

Assesses where decisive ownership, governance, financing and strategic control sit.

SEAL-1Legal contracting entity and headquarters are publicly identified.
SEAL-2Contracting entity is headquartered or incorporated in EU+.
SEAL-3No non-EU controlling parent or decisive controlling shareholder remains.
SEAL-4Ultimate parent, decisive governance, majority financing and core R&D are anchored in EU27.
SOV-2

Legal & Jurisdictional Sovereignty

10% weight

Assesses whether the provider remains subject to foreign legal reach outside the EU.

SEAL-1Legal contracting entity and headquarters are publicly identified.
SEAL-2Contracting entity is incorporated in EU+ and subject to EU or EU-aligned courts.
SEAL-3No indirect exposure remains via a non-EU parent or controlling entity.
SEAL-4Exclusive EU27 legal anchoring with no residual foreign legal exposure.
SOV-3

Data & AI Sovereignty

10% weight

Assesses where data and AI processing take place and whether third-country fallback remains.

SEAL-1GDPR DPA or equivalent privacy terms are publicly available for EU customers.
SEAL-2Data storage and processing are contractually confined to EU+ with no default third-country transfer.
SEAL-3All data and AI processing, including admin and support access, occurs only in EU+.
SEAL-4All storage and processing are exclusively in EU27 with no fallback outside EU27.
SOV-4

Operational Sovereignty

15% weight

Assesses whether operations can be run and sustained from within Europe without non-EU dependency.

SEAL-1At least one EU+ data region or EU+ hosting option is publicly stated.
SEAL-2EU+ based operations or support capability is publicly evidenced.
SEAL-3Operational autonomy exists in EU+ and day-2 operations do not require non-EU vendor involvement.
SEAL-4All operations and support are exclusively under EU27 jurisdiction with no non-EU vendor required for continuity.
SOV-5

Supply Chain Sovereignty

20% weight

Assesses exposure to external hyperscalers, opaque infrastructure dependencies and software supply-chain control.

SEAL-1Primary hosting and infrastructure dependency are publicly disclosed.
SEAL-2Core service delivery does not run on a non-EU+ hyperscaler layer.
SEAL-3Software packaging and updates are governed in EU+ with no single-source proprietary non-EU critical dependency.
SEAL-4The software supply chain is fully under EU27 control and independently verified.
SOV-6

Technology Sovereignty

15% weight

Assesses openness, auditability and control over the core technology stack.

SEAL-1Documented interoperability exists through open standards or non-proprietary protocols.
SEAL-2The core platform is open source or independently auditable and architecture documentation is published.
SEAL-3Customer rights exist to audit, modify and redistribute the core platform under an open licence.
SEAL-4Technology governance and the release pipeline for the core stack are controlled in EU27.
SOV-7

Security & Compliance Sovereignty

10% weight

Assesses whether security operations and patch autonomy remain under European control.

SEAL-1Public security documentation is available.
SEAL-2SOC and SIEM operations are located in EU+ and subject to EU jurisdiction.
SEAL-3Patching and maintenance are not exclusively dependent on a proprietary non-EU vendor.
SEAL-4Security operations are exclusively under EU27 jurisdiction and full patch autonomy exists from non-EU vendors.
SOV-8

Environmental Sustainability

5% weight

Assesses how credible and resilient the environmental sustainability foundation of the service is.

SEAL-1A public sustainability statement exists with targets or baseline metrics.
SEAL-2Renewable or low-carbon energy sourcing is in place for operations.
SEAL-3Targets are externally validated and sustainability reporting is assured.
SEAL-4A long-term resilience plan exists for energy and material scarcity risk.
Reading tip: the staircase is cumulative. Higher steps build on lower ones. A provider that fails a foundational condition does not qualify for the higher level above it.

How this methodology is applied in practice

The related research process explains how services are selected, how evidence is gathered, what source standard applies, and how corrections or challenges are handled.

Expand section
Assessment practice

How this methodology is applied in practice

The methodology above explains how the Sovereignty Index works. The related research process explains how services are selected, how evidence is gathered, what source standard applies, and how corrections or challenges are handled.

1

Service selection

Services are selected for relevance, category coverage, comparative value and research priority, rather than only through published editorial coverage.

2

Assessment workflow

Research is AI-assisted, evidence-based and supported by manual sample checking and occasional corrections.

3

Evidence standard

Only public, verifiable and reliable evidence is used. Unsupported claims do not justify a score adjustment.

4

Corrections and reuse

Providers can submit better evidence for review. All rights are reserved, and any commercial, promotional or marketing use requires prior written approval from the Sovereignty Index.

For the full editorial and research policy, including source hierarchy, dispute handling and assessment workflow, see the dedicated research policy page.

Read the research policy

Methodology version management

The methodology may evolve over time. This section explains how changes are versioned and how readers should interpret scorecards issued under different versions.

Expand section

The Sovereignty Index methodology may be updated over time through refinements, additions, removals or clarifications to the criteria and assessment logic. Each scorecard is issued under a specific methodology version and should be read in that context.

What defines a version

A methodology version is defined by the reference framework in use, the active criteria set, and the assessment logic used to determine whether criteria are not met, partially met or met.

What appears on scorecards

Newly issued scorecards should display the applicable methodology version together with the assessment date, so readers can understand the scoring context at the time of issue.

Why versioning matters

When criteria or assessment logic change, weighted scores and SEAL outcomes may also change. Versioning helps distinguish between changes in provider performance and changes in the methodology itself.

How version numbers are structured

n.0.0 Major version — a substantial methodology update, such as broader restructuring of criteria, changes to sovereignty objectives, or material changes to the way assessment outcomes are determined and compared.

x.n.0 Minor version — a limited methodology update, such as a small number of added, removed or materially revised criteria, or a limited refinement to assessment logic, with some impact possible across the index.

x.x.n Patch version — a small clarification or narrowly scoped refinement with no or very limited expected impact on weighted scores or SEAL outcomes.

Comparability over time: scores issued under different methodology versions may not always be directly comparable. Where a methodology change is expected to affect weighted scores or SEAL outcomes materially, that change should be understood as part of the published version context.

Scope note: methodology version management is applied prospectively. Historical scorecards issued before formal version management may not display an explicit methodology version.

Reference framework

This methodology is based on the European Commission’s Cloud Sovereignty Framework, which defines the eight sovereignty objectives, the SEAL model and the weighted score structure.

The Sovereignty Index presents the model in an accessible public format while preserving the core logic: progressive assurance, objective-level transparency and weighted overall comparison.

Important note on the red flag

A service that does not reach SEAL-2 for SOV-2 receives a red flag for legal sovereignty. This indicates the provider remains subject to foreign legal authority outside the EU legal sphere. Even when the weighted total score is relatively strong, that exposure remains significant enough to be called out separately.

Important note on SOV-8

The generic SEAL staircase is less natural for SOV-8: Environmental Sustainability than for the other objectives. The Sovereignty Index therefore defines distinct maturity criteria for SOV-8 that better reflect the sustainability performance of the specific solution being assessed, while still fitting into the overall index structure.