The European Commission has just published the Cloud Sovereignty Framework (CSF) — a reference framework designed to measure the level of digital sovereignty of cloud services operating in Europe.
This framework defines clear criteria for assessing how much a service is truly under European control — legally, operationally, and technologically.
The document itself is surprisingly short — just six pages — which is a real achievement considering how lengthy such frameworks usually are.
With Sweego, a French email and SMS delivery platform developed by Mindbaz, France already has a strong player aligned with the ambitions of this Framework — combining performance, local anchoring, and technological independence.
The Cloud Sovereignty Framework at a glance
The Cloud Sovereignty Framework is structured around eight sovereignty objectives (SOV-1 to SOV-8), each representing a key dimension of European digital sovereignty.
| Objective | Title | Weight in global score |
|---|---|---|
| SOV-1 | Strategic Sovereignty Control location, governance, and shareholder stability | 15% |
| SOV-2 | Legal Sovereignty Exposure to foreign laws and anchoring under EU jurisdiction | 10% |
| SOV-3 | Data & AI Sovereignty Control over data location, encryption, and processing | 10% |
| SOV-4 | Operational Sovereignty Ability to operate and maintain technology without external dependencies | 15% |
| SOV-5 | Supply Chain Sovereignty Transparency and European origin of hardware and software components | 20% |
| SOV-6 | Technological Sovereignty Openness, interoperability, and independence of software components | 15% |
| SOV-7 | Security & Compliance GDPR compliance, certifications, and security autonomy | 10% |
| SOV-8 | Environmental Sustainability Energy efficiency and controlled carbon footprint | 5% |
| Total | 100% |
Each objective is assessed according to an Sovereignty Effectiveness
Assurance Level (SEAL 0 to 4), ranging from full external control (SEAL 0) to full European sovereignty (SEAL 4).
The weighting gives major importance to supply chain sovereignty (20%), followed by strategic, operational, and technological sovereignty (15% each).
These priorities reflect the European ambition to reinforce control over infrastructures and industrial dependencies.
The Framework then defines a Sovereignty Score, a weighted global indicator allowing objective comparison between providers.
The official formula
In other words, the sovereignty score is the sum of the scores obtained for each objective, weighted by their respective importance in the European strategy.
Sweego’s assessment based on the Framework
Based on the European reference and publicly available information about its infrastructure, governance, and partners, Sweego achieves an estimated 4.7* / 5 sovereignty score, corresponding to a SEAL 4 level on most criteria.
(*Self-assessed score)
| Framework Objective | Description | Estimated Level | Justification |
|---|---|---|---|
| SOV-1: Strategic | Governance and capital under European control | SEAL 4 | Mindbaz is 100% French-owned, with decisions and capital based in France |
| SOV-2: Legal | Application of European law only | SEAL 4 | Hosting, contracts, and service providers fully within the EU |
| SOV-3: Data & AI | Data location and control | SEAL 4 | Data hosted in France, no access outside the EU |
| SOV-4: Operational | Ability to operate without non-EU dependencies | SEAL 4 | In-house development and maintenance, self-hosted open-source technologies |
| SOV-5: Supply Chain | Origin of providers and dependencies | SEAL 3+ | European suppliers (France, Netherlands, Hungary) |
| SOV-6: Technological | Openness and interoperability | SEAL 4 | Documented APIs, controlled and interoperable architecture |
| SOV-7: Security & Compliance | GDPR governance and security practices | SEAL 3 | GDPR compliant, no formal security certification yet |
| SOV-8: Environmental Sustainability | Energy efficiency and carbon footprint | SEAL 3+ | OVH (Gravelines) and Scaleway (DC5) data centers with strong energy performance |
This position confirms Sweego as a highly sovereign European solution, already meeting the key expectations of the new Framework.
A 100% European ecosystem
Sweego relies on an entirely European value chain:
- OVHcloud (France) and Scaleway (France) for hosting
- Meterly SAS / Hyperline.co (France) for billing
- Mollie B.V. (Netherlands) as Payment Service Provider
- CM.com (Netherlands) for SMS connectivity
- Chamaileon (Hungary) for email template design
This ecosystem guarantees transparency, traceability, and full compliance with EU regulations.
Sweego uses no critical service dependent on non-European jurisdictions.
Global Sovereignty Score
Sweego achieves an estimated 4.7 / 5 global score according to the European Commission’s Cloud Sovereignty Framework.
Overall assurance level: SEAL 4 (Full European Sovereignty)
Digital sovereignty as a strategic choice
For businesses and institutions sending transactional or relational emails and SMS, digital sovereignty is becoming as essential as performance.
Choosing a sovereign solution like Sweego means ensuring that data, communication flows, and tools remain under European control.
Sweego’s approach proves that true sovereignty is fully compatible with the agility of a modern API, the transparency of open technology, and the environmental responsibility of a local infrastructure.
If you want to read the Cloud Sovereignty Framework, you can find here.