How we assess digital sovereignty
The diagram above sets out the framework we apply to every sector and organisation we examine. We begin by breaking a technology stack into layers — work tools, cloud, business apps, AI services, data platforms, logins and payments — because each can be owned, hosted and replaced independently, so each earns its own verdict.
For every layer we ask seven questions: four scored measures of control — are there real alternatives, whose laws reach it, how hard is it to leave, and can you see inside? — weighed against three that shape the stakes: how sensitive the data is, how much breaks if the layer is cut off, and whether ownership might change.
From those answers we score two separate harms — the risk of being cut off, and the risk of someone else lawfully reading your data — then step back to review the whole stack for hidden concentration. The result is a ranked priority list, every score backed by an evidence ledger of public sources. These are our reasoned judgments, not measurements.
