An open assessment

Cloud sovereignty is heavily marketed and rarely tested. This tool tests it.

Providers claim it. Procurement asks for it. Boards demand it. Almost no one checks whether the claims survive contact with evidence. Built on the European Commission's Cloud Sovereignty Framework v1.2.1, extended where the framework does not yet reach. Plain English questions. Open methodology. Contestable scores.

EU Cloud Sovereignty Framework v1.2.1 10 sovereignty objectives SEAL 0–4 assurance bands Open methodology No login, no telemetry

The framework

Five SEAL bands. Ten objectives. One open methodology.

No sovereignty

Service, technology and operations under exclusive non-EU control.

Jurisdictional

EU law applies but service remains under non-EU operational control.

Data sovereignty

EU law enforceable, with material non-EU dependencies remaining.

Digital resilience

EU actors exercising meaningful but not full control.

Full sovereignty

Technology and operations under complete EU control. No critical non-EU dependencies.

Why this exists

Cloud sovereignty is the most marketed and least proven category in enterprise IT today. Vendors describe themselves as sovereign. Sovereign branding is sold as a sovereign capability. Data residency is sold as data sovereignty. Customer-managed keys are sold as customer-controlled keys. None of those things are true on inspection, but they survive on the page because no one tests them.

This tool brings transparency to claims that are typically vague, often unproven, and sometimes wrong. The questions are evidence-led. The scoring is open. Every provider score is contestable, and the methodology is published in the same file.

How it works

Pick the kind of service you are assessing. Answer 30 to 60 plain English questions, each with a short list of options. Behind the scenes each option maps to a SEAL band — 0 is no sovereignty, 4 is full digital sovereignty as defined in the EU framework.

You get a weighted Sovereignty Score, a SEAL minimum across all objectives (a service can't be more sovereign than its weakest objective), critical findings written in language a board will read, and a list of marketing claims your answer pattern flags as misleading.

What this is not

It is not a regulatory test, not legal advice, and not a substitute for due diligence. SEAL bands are an assurance framing. The point is to make trade-offs visible, so buyers, regulators and providers can have a clearer conversation than the marketing allows.

Run an assessment

1. What are you assessing?

Different service types pull different questions. SaaS, for example, places more weight on sub-processors and the dependency graph than IaaS does.

Service or provider name Pre-fill from a known provider (optional)

Your result

You haven't run an assessment yet.

Compare providers

Pre-scored against the ten objectives using public evidence and the same SEAL bands as the assessment. Click any provider name for the full breakdown and evidence trail.

Filter by group Click any column header to sort.

Side-by-side

Pick up to four providers to compare across every objective with the supporting evidence.

Marketing claims register

Claims providers make that are technically true but commonly mistaken for sovereignty. Grouped by where they do the most damage. The assessment surfaces these automatically when your answer pattern matches them.

Methodology

Foundation

This tool uses the EU Cloud Sovereignty Framework v1.2.1 (October 2025), published by the European Commission's Directorate-General for Digital Services, as its structural spine. The eight Sovereignty Objectives (SOV-1 to SOV-8), the five Sovereignty Effectiveness Assurance Levels (SEAL-0 to SEAL-4), and the published 15/10/10/15/20/15/10/5 weightings are preserved.

Two extension objectives, SOV-9 and SOV-10, cover ground the framework does not yet reach: identity and root-of-trust, and the SaaS / network / dependency-graph layer. These extensions carry weight in the default ("Posetiv extended") scoring and zero weight in "EU framework strict" scoring. Both are shown on results.

The assessment also references the STEP Seal as a marker of EU strategic alignment, not as a sovereignty determination in itself.

The ten objectives

Plain English answers, SEAL bands underneath

Users do not need to know what SEAL-2 means to answer the questions. Each option is plain language. Behind the scenes, options map to a SEAL band 0 to 4. The total Sovereignty Score uses the framework's published formula: the weighted sum of (objective score divided by max objective score) multiplied by objective weight.

The "I don't know" rule

Every question allows "I don't know." This is deliberate. If a provider cannot answer a sovereignty question with evidence, that is a finding, not a missing data point. "I don't know" is treated as SEAL-1 for scoring and flagged separately as a transparency gap.

Pre-scored providers

The comparison view pre-scores 19 providers. Each cell carries an evidence note. Where a provider claims more than the evidence supports, the score reflects what is verifiable, not what is claimed. Scores are based on publicly available information at the version date below.

Open methodology, contestable scores

This methodology is open. The full question set, the SEAL mappings, the provider scores and the evidence references are all in this single file. If a provider believes a score is wrong, contact sovereignty@posetiv.co.uk with the contesting evidence. Corrections that hold up will be incorporated and credited.

This is maintained by Posetiv as an open methodology. It is not a commercial product. There is no telemetry. Nothing leaves your browser.

Methodology version 1.0 · last reviewed May 2026.