The CISPE Sovereign & Resilient Cloud Services Framework
A Practical Tool to Assess, Certify and Publicise Sovereign Cloud Services
- Certify individual cloud services as Sovereign or Resilient
- Provide Assurance of an organisation's control over its data and digital assets
- Transparent, Comprehensive, Practical
How Do I Know if My Cloud Service is Sovereign or Resilient?
- Customers can check the CISPE Cloud Services Catalogue to find sovereign and resilient services.
- CISPE has also developed an AI tool to provide a fast initial assessment of cloud services for Sovereign or Resilient status.
As a Vendor, How Do I Get a CISPE Badge to Certify My Services?
The CISPE Sovereign & Resilient Cloud Services Framework provides a detailed set of unique controls implemented through two certification paths. Read and comment on the full Framework here:
Vendors need to commission a formal audit from an accredited third-party to obtain certification and the right to declare a service as sovereign or resilient under the Framework. On receiving a report from the certification partner, CISPE will issue the relevant badge, or badges for specific jurisdictions. The CISPE Framework and badges accredit individual cloud services, so the process must be completed for each service seeking a badge.
Vendors should make an initial assessment using the CISPE Sovereignty Check AI tool. For an additional fee they can access enhanced information and suggested remediation needed to bring their service into compliance with either the Sovereign Cloud Service, or the Resilient Cloud Service Badge. This information can be used to inform legal counsel and technical experts advising on achieving compliance.
Compliant services awarded one of the CISPE badges will be listed in the CISPE Sovereign & Resilient Cloud Services Registry providing visibility for these services and an easy-to-use directory for customers seeking sovereign services.
Open and Green
In addition to mandatory controls for sovereignty and resilience, the CISPE Framework also includes optional measures to attest to the environmental sustainability of the service, and the use of open-source code. If met, these criteria are illustrated with a grey or green chevron added to the Badge.
Not Just for Europe
Sovereignty is inextricably linked to geography, and many organisations operate in more than one country.
The CISPE Sovereign & Resilient Cloud Service Framework is designed not only to recognise sovereign services in different nations, but to allow customers to select services that match the levels of control they need to meet the operational and technical demands of their business in multi-national
A cloud service, for example, hosted in Japan by a Japanese vendor, could qualify for a Sovereign in Japan label. It may also, with the right safeguards in place, qualify for a Resilient Badge in Europe – it cannot be sovereign, but it can show interoperability and availability of local resources to mitigate non-European data requests etc.commercial environments.
Frequently Asked Questions
What problem does this Framework solve?
The framework provides a clear, certifiable definition of control in cloud services, addressing dependency risks linked to foreign jurisdictional interference, service disruption, and vendor lock-in. It enables customers and public authorities to identify services that ensure effective control over their data, infrastructure, workloads and operations. Importantly, cybersecurity certification alone does not ensure sovereignty.
What is the difference between Sovereign and Resilient services?
The Framework offers two distinct but complementary paths to effective control of your workloads and data. Sovereign services ensure control by design: they are owned, governed and operated within the relevant jurisdiction, so foreign powers have no legal or technical means to access, interfere with or shut them down. On the other hand, Resilient services ensure control by capability: even where some non-sovereign elements exist, the customer retains effective control through strong technical and operational safeguards, including customer managed encryption, portability, independent back-up and the ability to switch provider or redeploy workloads.
In short, sovereignty prevents the risk; resilience ensures the customer can withstand it.
Is the Resilience framework a back door for legitimising non-sovereign offerings?
No. It imposes strict constraints such as portability, reversibility, and customer-controlled encryption, ensuring dependency is reduced rather than legitimised.
The CISPE Framework is designed to prevent “sovereignty washing” and to counter strategies that reinforce the dominance of non-European cloud providers claiming service sovereignty without meeting the Framework’s requirements.
Does the Framework ensure continuity of workloads if a service is shut down?
Yes. Resilient services must be portable and interoperable, avoid vendor lock-in, support migration and redeployment, and provide independent backup capabilities. This ensures that applications – not just data – remain usable. Using Resilient services requires the customer to take additional necessary steps to configure encryption, backups, and reserve capacity or an alternative provider. Since Sovereign services are structurally protected against shutdown risks, they are subject to fewer technical requirements and require customers to take fewer corresponding measures.
Does it ensure that data cannot be accessed or blocked by third parties?
Yes. Sovereign services prevent access structurally, while Resilient services prevent access technically through, encryption, customer-controlled keys, portability of workloads, and the ability to redeploy services to alternative providers.
Does the Framework only protect data through encryption?
No. Customer-managed encryption is only one element of the Resilience pathway. The Framework also ensures autonomous and secure access to data, portability of workloads, and the ability to redeploy services to alternative providers. This guarantees operational continuity, not just data confidentiality. Using Resilient services requires the customer to take additional necessary steps to configure encryption, backups, and reserve capacity or an alternative provider.
Does the Framework ensure switching and avoid lock-in?
Yes. In addition, Resilient services must enable migration, avoid lock-in, and provide reversible formats and independent backups. All services must comply with the EU Data Act or other similar applicable legislations.
Does the Framework recognise the importance of open-source software?
Yes. It encourages open-source and widely adopted solutions, promotes interoperability, and requires identification of alternative software where possible. Open source reduces dependency on foreign vendors, enables portability, lowers migration costs, and supports interoperability and autonomy. Use of open-source solutions is encouraged, not mandated.
What is the difference between Gaia-X Level 3 and the CISPE Framework?
CISPE Framework fully aligns with Gaia-X Level 3 but extends sovereignty beyond the EU through Defined Geographical Areas of Sovereignty and introduces a dual-path model (Sovereignty + Resilience).
How does this Framework support EU strategic objectives?
Both Sovereign and Resilient services under the Framework support strategic autonomy, competition, Data Act implementation, and build on recognized cybersecurity frameworks such as SecNumCloud, NIS2, IEO 27001 and DORA.