CSI Composite
CSI v3.0 · Cloud Sovereignty Index — Editorial framework · 2026
The CSI Composite is an editorial framework blending EU-CSF and C3A with adaptations for global use. It is not a source standard. For EU/EEA organisations it applies the same 0–4 weakest-link model as EU-CSF, expressed as CSL (Cloud Sovereignty Level). For non-EU organisations it uses Progressive Sovereignty Maturity tiers based on a weighted score percentage.
Scoring model
EU/EEA: CSL 0–4 weakest-link gate (same model as EU-CSF). Non-EU/Generalized: Progressive Sovereignty Maturity tiers — Dependent (0–40%), Managed Dependency (41–70%), Strategic Autonomy (71–90%), Sovereign (91–100%). Partial credit available via "planned" answers (25% of question points) in Generalized mode.
Objectives & weights (92 questions)
Covers all 8 objectives. Includes fallback criteria for providers unable to meet strict EU criteria (e.g. multi-homed BGP connectivity, security-cleared local residents). Not affiliated with or endorsed by BSI or the European Commission.
| Objective | Weight | Questions |
|---|---|---|
| SOV-1 Strategic Sovereignty | 15% | 9 |
| SOV-2 Legal & Jurisdictional Sovereignty | 10% | 8 |
| SOV-3 Data & AI Sovereignty | 10% | 19 |
| SOV-4 Operational Sovereignty | 15% | 24 |
| SOV-5 Supply Chain Sovereignty | 20% | 9 |
| SOV-6 Technology Sovereignty | 15% | 10 |
| SOV-7 Security & Compliance Sovereignty | 10% | 8 |
| SOV-8 Environmental Sustainability | 5% | 5 |