Updated EU Cloud Sovereignty Calculator, aligning to the European Commission's scoring
Following the European Commission's publication of its Cloud Sovereignty Framework Implementation Guidance, we've updated our free sovereignty assessment calculator to reflect the full 48-criterion scoring model used in the Commission's own EUR 180 million cloud procurement.
On 1 June 2026, the European Commission published a detailed explanation of its Cloud Sovereignty Framework — the tool it used to award a EUR 180 million contract to procure sovereign cloud infrastructure for EU institutions, bodies, offices, and agencies. In light of this, we've updated our free EU Cloud Sovereignty Calculator to align fully with the Commission's revised guidance and the accompanying assessment calculator.
What Changed at the Commission
In April 2026, the Commission completed a landmark sovereign cloud procurement under the Cloud III Dynamic Purchasing System, awarding contracts to four providers. Following significant interest from public administrations and IT companies across Europe, the Commission published implementation guidance that clarifies exactly how the framework operates in practice.
The guidance introduces two complementary sovereignty scores:
- SEAL (Sovereignty Effectiveness Assurance Level) — a threshold model where the overall SEAL is the lowest SEAL achieved across any individual criterion, assessing whether providers meet defined floors of sovereignty from SEAL-2 (Data Sovereignty) through SEAL-3 (Technological Sovereignty) to SEAL-4 (Full Digital Sovereignty).
- A weighted Sovereignty Score — an aggregate score calculated from 48 specific criteria across the eight Sovereignty Objectives, used to compare providers that have cleared the required SEAL threshold.
The Commission also published an Annex calculator in XLSX format giving full details of how each criterion is defined, scored, and mapped to a SEAL level.
What We've Updated
Our calculator previously covered the eight Sovereignty Objectives with two questions each — a total of 16 questions. We've now rebuilt it directly from the Commission's published criteria:
| Objective | Previous criteria | Updated criteria | Weight |
|---|---|---|---|
| SOV-1 Strategic Sovereignty | 2 | 8 | 20% |
| SOV-2 Legal & Jurisdictional Sovereignty | 2 | 6 | 10% |
| SOV-3 Data & AI Sovereignty | 2 | 5 | 10% |
| SOV-4 Operational Sovereignty | 2 | 6 | 15% |
| SOV-5 Supply Chain Sovereignty | 2 | 7 | 10% |
| SOV-6 Technology Sovereignty | 2 | 5 | 15% |
| SOV-7 Security & Compliance Sovereignty | 2 | 7 | 15% |
| SOV-8 Environmental Sustainability | 2 | 4 | 5% |
That's 48 criteria in total — matching the Commission's own assessment exactly.
The weight changes are significant. Strategic Sovereignty (SOV-1) increases from 15% to 20%, reflecting the Commission's emphasis on ownership structure, change-of-control risk, EU economic contribution, participation in EU strategic programmes, and resilience to cut-off. Supply Chain Sovereignty (SOV-5) decreases from 20% to 10%, while Security & Compliance Sovereignty (SOV-7) increases from 10% to 15%.
New questions across the objectives
SOV-1 now covers eight dimensions rather than two: EU/EEA legal entity control, change-of-control risk, roadmap influence, financial independence from non-EU capital, EU economic contribution, participation in EU strategic programmes (IPCEI-CIS, Gaia-X, Horizon Europe), alignment with EU industrial strategies, and resilience to cut-off.
SOV-2 expands to six criteria adding export control exposure (ITAR/EAR) and separate questions for IP origin and IP holder jurisdiction — reflecting the Commission's finding that these are distinct sovereignty risks.
SOV-3 adds questions on transparent data access logs and auditability, secure deletion with proof of erasure, and AI model sovereignty — specifically whether models, training pipelines, and inference infrastructure are under EU control.
SOV-4 adds portability and interoperability, skill availability, support channel jurisdiction, and subcontractor/supplier jurisdiction as separate scored criteria.
SOV-5 now assesses hardware component origin, manufacturing location, firmware jurisdiction, software origin, distribution pipeline control, single-point-of-dependency risk, and full supply chain auditability — each scored independently.
SOV-6 adds a new criterion for HPC (High-Performance Computing) sovereignty, covering European independence in processors, accelerators, and software ecosystems.
SOV-7 separates security certification from EU regulatory compliance, adds separate questions for log control, incident disclosure, patch autonomy, and independent auditability.
SOV-8 splits the previous two questions into four: energy efficiency (PUE targets), hardware circular economy, environmental impact reporting, and renewable energy sourcing.
Answer ordering aligned to SEAL levels
In the original calculator, answers were presented highest-to-lowest (SEAL 4 first). The updated calculator presents answers lowest-to-highest (SEAL 0 first) — matching the Commission's own scoring sheets and making it clearer that each answer directly corresponds to a SEAL level.
Why This Matters
The Commission's procurement was the first large-scale public application of a structured sovereignty scoring framework for cloud services. By publishing the full implementation guidance and calculator, the Commission is explicitly encouraging all organisations — public and private — to use this framework to strengthen their own digital sovereignty posture.
As the Commission put it: "By successfully introducing sovereignty in its cloud procurement, the Commission leads by example in advancing Europe's digital sovereignty, setting a benchmark for secure, compliant, and values-based cloud adoption across the public sector."
Our updated calculator makes these 48 criteria accessible for any organisation to self-assess in under ten minutes. You can share your results via a URL, use them as a starting point for procurement requirements, or benchmark your current provider against SEAL thresholds before renewing a contract.
Try the Updated Calculator
If your results reveal gaps — particularly in supply chain transparency, operational sovereignty, or legal jurisdictional risk — our team is happy to discuss what options exist.