EU Cloud Sovereignty Framework
EU-CSF v1.2.1 · European Commission · October 2025
The EU-CSF was first presented in October 2025 as part of the Cloud III DPS tender by the European Commission. It lays out criteria for evaluating the sovereignty of cloud providers across 8 objectives, and defines how SEAL 0–4 levels are calculated using a weakest-link gate model.
Scoring model
SEAL 0–4 (weakest-link gate). For each objective, the SEAL is the highest level where ALL criteria at that level and below are met. The global SEAL is the minimum across all 8 objectives. A weighted global score (%) reflects partial progress at each objective.
Objectives & weights (36 questions)
Designed for EU/EEA public procurement. The XLSX calculator (Cloud III DPS, October 2025) is the definitive scoring rubric. 43 questions across 8 objectives; the tool implements 35 with 8 intentionally excluded inferred/C3A-only questions (see decisions register).
| Objective | Weight | Questions |
|---|---|---|
| SOV-1 Strategic Sovereignty | 15% | 6 |
| SOV-2 Legal & Jurisdictional Sovereignty | 10% | 3 |
| SOV-3 Data & AI Sovereignty | 10% | 4 |
| SOV-4 Operational Sovereignty | 15% | 3 |
| SOV-5 Supply Chain Sovereignty | 20% | 4 |
| SOV-6 Technology Sovereignty | 15% | 4 |
| SOV-7 Security & Compliance Sovereignty | 10% | 8 |
| SOV-8 Environmental Sustainability | 5% | 4 |