Skip to main content

Sovereignty Needs Calculator



Data volume and usage

Data volume:

  •  
  •  
  •  

Number of affected natural persons:

  •  
  •  

Do you assume that it is possible to link the processed data with other datasets in order to filter for information?

  •  
  •  

Is the data end-to-end encrypted before it leaves your device and enters the IT infrastructure?

  •  
  •  

Personal data & data type

Normal protection requirements

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

High protection requirement

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

High protection needs (continued)

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Access & Confidentiality

Professional confidentiality or very high protection requirements

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Confidential business information

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Authorization: Has the data subject given voluntary and fully informed consent?

  •  
  •  
  •  
  •  
  •  

Significance of the affected processes ... 

How does it impact your business?

IT/OT outage or short-term service disruptions (e.g., due to sabotage or political blockade)?

  •  
  •  
  •  
  •  

Change/cancellation of used services (SaaS, PaaS, IaaS), e.g., due to massive price increases?

  •  
  •  
  •  
  •  

 Data leak (exfiltration of your business data or that of your customers) or data manipulation, e.g., by cybercriminals, competitors, or geopolitical adversaries?

  •  
  •  
  •  

Loss of data, e.g., data is no longer provided by the service provider, or backup decryption keys are unavailable?

  •  
  •  
  •  

Non-EU legal system

N/A
Compliance is only possible in exceptional cases
Sovereignty is determined on a case‑by‑case basis

EU legal system

I
Compliance achieved by meeting statutory requirements
Baseline sovereignty for non-critical applications
II
Enhanced control & transparency
Control ensured through transparency, audits, certifications, and attestations
III
Control ensured through own technology or remote attestation
High level of technical sovereignty. Ideal for mission-critical workloads.
III+S
Sovereignty enabled by portability and sovereignty anchors.
Maximum security and sovereignty level.

The Sovereignty Calculator presented here is based on the data protection requirement classes of the AUDITOR/TCDP certification process. In addition to data protection aspects, it also considers the importance of information technology for a company’s operations and organizational processes. The recommendations corresponding to the identified protection level are aligned with the AUDITOR/TCDP requirements catalogue, which is itself based on the relevant ISO/IEC standards and reflects the current state of the art, particularly in areas such as “Confidential Computing.”