A comprehensive assessment tool for evaluating cloud services and infrastructure against the European Commission's Cloud Sovereignty Framework (v1.2.1, October 2025).
This web-based tool helps organizations assess their cloud infrastructure's compliance with EU sovereignty requirements through an interactive questionnaire covering 8 key sovereignty objectives. It generates a comprehensive SEAL (Sovereign European Assurance Level) score and provides actionable recommendations for improvement.
Cloud sovereignty refers to the ability of organizations and governments to maintain control over their data, infrastructure, and digital operations within their legal and jurisdictional boundaries. The EU Cloud Sovereignty Framework establishes criteria for assessing and ensuring that cloud services align with European values, laws, and strategic interests.
Access the online assessment tool:
No installation required - works in any modern web browser!
- Visit the web assessment tool
- Click "Begin Assessment"
- Answer all 54 questions across 8 sovereignty objectives
- Review your SEAL rating and detailed score breakdown
- Download your assessment report
- Estimated time: 10-15 minutes
- Total questions: 54
- Question types: Multiple choice and Yes/No/Partial
Each assessment generates a downloadable timestamped report with:
- Assessment date and timestamp
- Full score breakdown by objective
- Total score and SEAL level
- Personalized recommendations
- Reference to framework version
After completing your assessment, showcase your Cloud Sovereignty compliance with these badges in your repository:
[](https://github.com/flavienbwk/cloud-sovereignty-score)
[](https://github.com/flavienbwk/cloud-sovereignty-score)
[](https://github.com/flavienbwk/cloud-sovereignty-score)
[](https://github.com/flavienbwk/cloud-sovereignty-score)
[](https://github.com/flavienbwk/cloud-sovereignty-score)
- Cloud Migration Planning - Assess sovereignty implications before migrating to cloud providers
- Vendor Selection - Evaluate potential cloud vendors against EU sovereignty standards
- Compliance Audits - Document sovereignty compliance for regulators and stakeholders
- Risk Assessment - Identify sovereignty gaps and vulnerabilities
- Procurement Requirements - Generate requirements for RFPs and vendor contracts
- Self-Assessment - Evaluate your service's sovereignty posture
- Competitive Positioning - Demonstrate sovereignty compliance to EU customers
- Service Improvement - Identify areas for enhancing sovereignty features
- Marketing Materials - Generate objective sovereignty scores for customer communications
- Policy Compliance - Ensure adherence to EU digital sovereignty policies
- Procurement Decisions - Make informed decisions for government cloud services
- Strategic Planning - Align IT infrastructure with national sovereignty goals
- Web-Based Interface - Modern, responsive web application for easy assessment
- 54 Comprehensive Questions - Covering all 8 sovereignty objectives
- Weighted Scoring System - Aligned with official EU framework weights (1000 points total)
- SEAL Level Classification - 5-tier rating system (SEAL 1-5)
- Personalized Recommendations - Targeted advice for improving sovereignty posture
- Automated Reporting - Timestamped assessment reports in text format
- Framework Compliant - Based on EU Cloud Sovereignty Framework v1.2.1
| Objective | Weight | Points | Description |
|---|---|---|---|
| SOV-1 Strategic Sovereignty | 15% | 150 | Corporate control, governance, and EU independence |
| SOV-2 Legal & Jurisdictional Sovereignty | 10% | 100 | Legal protection, GDPR compliance, EU jurisdiction |
| SOV-3 Data & AI Sovereignty | 10% | 100 | Data location, processing control, encryption |
| SOV-4 Operational Sovereignty | 15% | 150 | Personnel control, access management, operations |
| SOV-5 Supply Chain Sovereignty | 20% | 200 | Hardware sourcing, vendor transparency, dependencies |
| SOV-6 Technology Sovereignty | 15% | 150 | Open standards, interoperability, vendor lock-in |
| SOV-7 Security & Compliance Sovereignty | 10% | 100 | Certifications, cybersecurity, incident response |
| SOV-8 Environmental Sustainability | 5% | 50 | Renewable energy, carbon neutrality, Green Deal |
Note: Supply Chain Sovereignty (SOV-5) carries the highest weight at 20%, reflecting its critical importance in the framework.
The tool assigns one of five Sovereign European Assurance Levels based on your total score:
| Level | Score Range | Description |
|---|---|---|
| SEAL 5 | 90-100% (900-1000 pts) | Maximum Sovereignty - Highest level of compliance |
| SEAL 4 | 75-89% (750-899 pts) | High Sovereignty - Strong compliance with minimal dependencies |
| SEAL 3 | 60-74% (600-749 pts) | Moderate Sovereignty - Adequate for many use cases |
| SEAL 2 | 40-59% (400-599 pts) | Limited Sovereignty - Basic measures in place |
| SEAL 1 | 0-39% (0-399 pts) | Minimal Sovereignty - Significant gaps exist |
The tool uses a data-driven approach with all questions defined in questions.js. To customize:
Edit questions.js to add new questions or modify existing ones. Each question follows this structure:
{
id: "q1.7",
text: "Your question text here?",
type: "yes_no", // or "multiple_choice"
multiplier: 1
}Modify the getSEALLevel() function in app.js to adjust threshold percentages.
- Gather Documentation - Collect information about infrastructure, vendors, and policies
- Involve Key Stakeholders - Include legal, IT, security, and procurement teams
- Review Contracts - Have cloud service agreements and SLAs available
- Understand Architecture - Document data flows, processing locations, and dependencies
- Be Honest - Accurate responses yield actionable results
- Use Partial - Select "Partial" if implementation is in progress
- Document Uncertainty - Note questions where information is incomplete
- Take Your Time - Don't rush through complex questions
- Review Recommendations - Prioritize improvements based on weight and gaps
- Create Action Plan - Develop roadmap for improving sovereignty posture
- Reassess Regularly - Run assessment quarterly or after major changes
- Track Progress - Compare scores over time to measure improvement
This tool is based on the official EU Cloud Sovereignty Framework v1.2.1 (October 2025) published by the European Commission.
- GDPR - General Data Protection Regulation
- NIS2 Directive - Network and Information Security
- Cyber Resilience Act - Cybersecurity requirements for digital products
- Data Governance Act - Framework for data sharing and reuse
- EU Green Deal - Environmental sustainability objectives
- JSON/CSV export for reports
- Multi-language support (FR, DE, ES, IT)
- PDF report generation with charts
- API for programmatic access
- Docker container version
- Save and resume assessments
- Comparison of multiple assessments over time
- v2.1.0 (Current) - Web-based interface with GitHub Pages deployment
- v2.0.0 - YAML-based configuration system for easy question management
- v1.0.0 - Initial release with all 8 sovereignty objectives
Contributions are welcome! Please read our contributing guidelines before submitting PRs.
- Fork the repository
- Create a feature branch (
git checkout -b feature/new-assessment-criteria) - Commit your changes (
git commit -m 'Add new sovereignty criteria') - Push to the branch (
git push origin feature/new-assessment-criteria) - Open a Pull Request
- Additional questions for existing objectives
- Translations to EU languages
- Output format improvements
- Integration with monitoring tools
- Documentation enhancements
- No Data Transmission - All assessment data stays local
- No Internet Required - Tool works completely offline
- No Logging - Responses are not logged or transmitted
- File Permissions - Report files are created with user-only read permissions
- Review generated reports before sharing with external parties
- Redact sensitive information from reports if needed
- Store reports in secure, encrypted locations
- Regularly delete old assessment reports
This project is licensed under the MIT License - see the LICENSE file for details.
This tool is provided for informational and self-assessment purposes only. It does not constitute:
- Legal advice or compliance certification
- Official EU endorsement or certification
- Guarantee of regulatory compliance
- Substitute for professional legal or technical consultation
Organizations should consult with legal and technical experts for official compliance verification.
- Issues: Report bugs or request features via GitHub Issues
- Discussions: Join community discussions in GitHub Discussions
- European Commission for the Cloud Sovereignty Framework
- Contributors to EU digital sovereignty initiatives
- Open source community for tools and libraries
For questions, suggestions, or collaboration opportunities, please open an issue or reach out to the maintainers.
╔══════════════════════════════════════════════════════════╗
║ SOVEREIGNTY SCORE QUICK REFERENCE ║
╠══════════════════════════════════════════════════════════╣
║ Total Points: 1000 ║
║ Questions: 54 ║
║ Duration: 10-15 minutes ║
╟──────────────────────────────────────────────────────────╢
║ TOP PRIORITIES (by weight): ║
║ 1. Supply Chain (20%) - Hardware & vendor transparency ║
║ 2. Strategic (15%) - Corporate control & governance ║
║ 3. Operational (15%) - Personnel & access control ║
║ 4. Technology (15%) - Open standards & interoperability ║
╟──────────────────────────────────────────────────────────╢
║ TARGET SEAL LEVELS: ║
║ • Public Sector: SEAL 4-5 (750+ points) ║
║ • Critical Infrastructure: SEAL 4-5 (750+ points) ║
║ • Financial Services: SEAL 3-4 (600+ points) ║
║ • General Business: SEAL 2-3 (400+ points) ║
╚══════════════════════════════════════════════════════════╝