Cloud Sovereignty Index

Cloud Sovereignty Assessment

Choose the assessment framework that applies to your context. Each framework has its own questionnaire, scoring model, and report.

European Commission

EU Cloud Sovereignty Framework

EU-CSF v1.2.1
EU/EEA

The official EU procurement framework used in the Cloud III DPS tender. Assesses 8 sovereignty objectives and outputs a SEAL 0–4 level per objective (weakest-link gate). Recommended for EU public sector procurement compliance.

Output: SEAL 0–4 (No Sovereignty → Full Digital Sovereignty)
Scope: SOV-1 through SOV-8 · 35 questions
Who it's for: EU/EEA public bodies, procurement authorities
Start EU-CSF assessment →
BSI — Bundesamt für Sicherheit in der Informationstechnik

Cloud Computing Autonomy Criteria

C3A v1.0
Germany

BSI criteria for cloud computing autonomy covering SOV-1 through SOV-6. Binary pass/fail model with base criteria and customer-selected additional criteria. Designed for German entities; adaptation needed for other jurisdictions.

Output: % base criteria met · % additional criteria met
Scope: SOV-1 through SOV-6 · Binary pass/fail
Who it's for: German entities, BSI-aligned assessments
Start C3A assessment →
European Commission

Cloud & AI Development Act

CADA · COM(2026) 502
Proposed

The proposed EU Regulation establishing legally binding Union Assurance Levels (UAL 1–4) for cloud sovereignty. Cumulative gate model. Use for future-readiness assessment — not yet adopted law.

Output: UAL 0–4 (Not Attained → Highest Assurance)
Scope: 22 CADA Annex II criteria · Cumulative gate
Who it's for: Future EU compliance preparation · UAL 2+ requires audit
Start CADA readiness assessment →
Editorial framework

CSI Composite

CSI · Blends EU-CSF + C3A
Global

An editorial blend of EU-CSF and C3A with global adaptations. For EU/EEA: CSL 0–4 weakest-link gate. For non-EU: Progressive Sovereignty Maturity tiers (Dependent → Sovereign). Recommended as a starting point for non-EU organisations.

Output: CSL 0–4 (EU) · Maturity tier (non-EU)
Scope: SOV-1 through SOV-8 · Full question set
Who it's for: Global organisations, non-EU public bodies
Start CSI Composite assessment →

Self-assessment only — not an official certification. All methodology is publicly documented.