Schwarz Digits introduces standard for digital sovereignty

The IT division of the Schwarz Group presents its European Sovereign Stack Standard (ES³) at the Hannover Messe. The framework is intended to provide companies from industry, SMEs, and regulated sectors with an objective basis for assessing the digital sovereignty of cloud services and IT services. It is based on the EU Cloud Sovereignty Framework (CSF) from the European Commission and makes it measurable through a concrete maturity model and external audits.

The maturity model of ES³ defines four stages of sovereignty maturity. At the “Initial” stage, there is a strong dependence on external providers, processes are reactive, and the corporate strategy has no standardized understanding of digital sovereignty. At the “Managed” stage, digital dependencies are documented and initial emergency plans exist. At the “Advanced” stage, sovereignty is anchored as a strategic goal within the company, and tested alternatives or clear migration paths are available for all critical services. At the highest stage, “Future-proof,” there is extensive digital autonomy, core processes utilize a securely controlled infrastructure, open standards, and open-source components. There is genuine immunity against external access, for example, through the US CLOUD Act.

Dimensions of digital sovereignty

The model examines the eight dimensions of the EU Cloud Sovereignty Framework: strategic sovereignty, legal and jurisdictional aspects, data and AI, operational independence, supply chain, technology, security and compliance, and ecological sustainability. Artificial intelligence is added as a ninth dimension. Each dimension is assessed on three levels: regulatory (contracts and SLAs), organizational (processes), and technological (concrete implementation).

A central principle of the standard is the minimum principle: the overall rating always corresponds to the lowest achieved level across all dimensions – the weakest link determines the rating. The auditing firm BDO is to independently verify the results. Its CEO Parwäz Rafiqpoor described the model as an “independent, practical basis for strengthening digital sovereignty in Europe”.

Extension of the EU Framework

Compared to the EU Cloud Sovereignty Framework (CSF), which defines eight sovereignty goals with SEAL levels from 0 to 4, ES³ goes further in several aspects. In addition to the additional AI dimension, the model offers greater detail with the three assessment levels per dimension. While the CSF primarily targets public tenders and provides for a weighted Sovereignty Score, Schwarz Digits aims to appeal to industrial companies and SMEs with ES³.

The standard also includes a presales tool called ES³ Lens, which analyzes the maturity level. Based on this, STACKIT, the cloud provider from Schwarz Digits, recommends suitable solutions. Partner services can also receive sovereignty badges, which are intended to make their verified sovereignty level visible. Co-CEO Rolf Schumann explained: “We are translating the need for digital sovereignty into measurable standards for companies in industry, SMEs, and regulated sectors.”

Digital sovereignty and methods for measuring it are also a topic at this year's IT Summit. For this, we are looking for case studies from companies that have embarked on the path towards greater digital sovereignty.

(odi)