| SOV-1 Strategic Sovereignty | SEAL-0 | |
| SOV-2 Legal & Jurisdictional Sovereignty | SEAL-1 | |
| SOV-3 Data & AI Sovereignty | SEAL-0 | |
| SOV-4 Operational Sovereignty | SEAL-0 | |
| SOV-5 Supply Chain Sovereignty | SEAL-1 | |
| SOV-6 Technology Sovereignty | SEAL-0 | |
| SOV-7 Security & Compliance Sovereignty | SEAL-1 | |
| SOV-8 Environmental Sustainability | SEAL-0 |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-1.1 | EU/EEA legal entity control | 1. Entirely outside the EU | 0/125 | SEAL-1 | high | foreign_parent (US Delaware corp, Chicago HQ, no EU entity) -> entity entirely outside the EU -> SOV-1.1 opt1 (src: https://fly.io/legal/). |
| SOV-1.2 | Change of control risk | 4. Unlikely takeover/transfer to non-EU sovereign entity | 94/125 | SEAL-4 | low | Privately held US company; a takeover transferring it to an EU sovereign entity is unlikely given US VC ownership; existing all-SEAL-4 factor choice kept. |
| SOV-1.3 | Control over roadmap | 2. Through 'voice of the customer' public channels | 42/125 | SEAL-2 | medium | Roadmap set internally by the US company; customers give feedback via community forum/public channels only; no EU governance body -> SOV-1.3 opt2. |
| SOV-1.4 | Financial independence from non-EU capital | 1. Almost entirely relying on non-EU funding | 0/125 | SEAL-4 | high | Funded almost entirely by US venture capital (a16z, Intel Capital, Dell Tech Capital, Accel, Bessemer); no material EU funding; all-SEAL-4 factor choice kept. |
| SOV-1.5 | EU economic contribution | 1. Minimal | 0/125 | SEAL-4 | medium | US company with globally distributed remote team; economic activity overwhelmingly outside the EU; all-SEAL-4 factor choice kept. |
| SOV-1.6 | Participation in EU strategic programs | 1. No clear participation | 0/125 | SEAL-4 | high | No participation in EU strategic programs (Gaia-X, IPCEI-CIS); all-SEAL-4 factor choice kept. |
| SOV-1.7 | Alignment with EU industrial strategies | 1. No evidence exists | 0/125 | SEAL-4 | medium | No evidence of alignment with EU industrial strategies; US commercial vendor; all-SEAL-4 factor choice kept. |
| SOV-1.8 | Resilience to cut-off | 2. Service would stop, with delay for customer reaction | 31/125 | SEAL-0 | low | No own_stack continuity: a US political cut-off/sanction would stop the platform; customers can migrate (standard containers) with reaction delay, not continuity -> SOV-1.8 opt2 (seal 0). |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-2.1 | Primary legal jurisdiction | 1. Non-EU only | 0/167 | SEAL-1 | high | Primary jurisdiction is US law (Delaware incorporation, US courts); not governed by EU law -> SOV-2.1 opt1 (src: https://fly.io/legal/). |
| SOV-2.2 | Extraterritorial laws exposure | 2. Mitigation clauses, exposure remains | 42/167 | SEAL-1 | high | consistency (cluster norm 2.2=opt2): US company exposed to US extraterritorial law (CLOUD Act, FISA 702); GDPR DPA/SCC + EU-US DPF mitigation clauses exist but residual exposure remains -> opt2 (seal 1) (src: https://fly.io/legal/data-privacy-framework/). |
| SOV-2.3 | Data access pathways for non-EU authorities | 2. Can compel access without notification, specific cases | 42/167 | SEAL-1 | high | foreign_parent (US CLOUD Act/FISA) -> Fly.io can be compelled to disclose data, without notification under gag orders in specific cases -> SOV-2.3 opt2 (seal 1). |
| SOV-2.4 | Export control restrictions | 2. Restrictions towards EU citizens or international orgs | 42/167 | SEAL-1 | low | US export-control regime could restrict service to certain EU persons/entities; no EU-shielded scoped offer -> SOV-2.4 opt2. |
| SOV-2.5 | Origin of IP | 1. Entirely outside the EU | 0/167 | SEAL-4 | high | Core IP (fly-proxy, Machines orchestration, flyctl) developed by the US company entirely outside the EU; all-SEAL-4 factor; choice kept (opt1). |
| SOV-2.6 | IP holder jurisdiction | 1. Non-EU law, single country | 0/167 | SEAL-3 | high | IP held by a single US legal entity (Fly.io Inc.) under Delaware law -> SOV-2.6 opt1. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-3.1 | Customer control over encryption keys | 1. Provider only | 0/200 | SEAL-0 | high | Volumes use AES-XTS/LUKS with keys managed entirely by Fly.io; no customer-managed key option, provider can read plaintext -> SOV-3.1 opt1 (seal 0). |
| SOV-3.2 | Transparent data flows & access logs | 2. Basic incomplete logs | 50/200 | SEAL-1 | low | Observability tooling exists but no independent real-time customer-controlled audit of provider data access; vendor-controlled, incomplete -> SOV-3.2 opt2. |
| SOV-3.3 | Secure deletion & proof of erasure | 3. Internal validation per policy, no proof | 100/200 | SEAL-1 | low | consistency (cluster norm 3.3=opt3): volume/data deletion follows documented internal policy/DPA commitments with no independently verified cryptographic proof-of-erasure -> opt3 (internal validation per policy, seal 1). |
| SOV-3.4 | Data location strictly in EU/EEA | 2. Partly EU, significant third-country reliance | 50/200 | SEAL-0 | medium | No eu_exclusive: EU regions exist but the platform is US-operated with global default behavior and no contractual no-third-country guarantee; significant third-country reliance -> SOV-3.4 opt2 (seal 0) (src: https://fly.io/docs/reference/regions/). |
| SOV-3.5 | AI services sovereignty | 2. Mostly non-EU: licensed AI, chip dependency | 50/200 | SEAL-2 | medium | AI offering is GPU machines on foreign (Nvidia) accelerators running customer-chosen models; no EU-origin AI stack; licensed/chip dependency -> SOV-3.5 opt2. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-4.1 | Portability & interoperability | 3. Standard documented data export methods | 84/167 | SEAL-4 | medium | Workloads are standard OCI containers/Firecracker microVMs with documented export and standard tooling -> standard documented data export -> SOV-4.1 opt3. |
| SOV-4.2 | Ability to operate without foreign dependencies | 1. Critical ops delivered by non-EU teams | 0/167 | SEAL-1 | high | No eu_ops: critical operations run by a US-HQ globally distributed, predominantly non-EU team -> SOV-4.2 opt1. |
| SOV-4.3 | Skill availability in the EU | 2. Mixed, majority outside EU | 42/167 | SEAL-1 | medium | Remote-first global workforce on US pay schedule; skills mixed but majority outside the EU (heavy North America) -> SOV-4.3 opt2. |
| SOV-4.4 | Support channels | 1. Global, majority outside EU | 0/167 | SEAL-1 | medium | Small remote support team staffed for North America and APAC timezones, i.e. majority outside the EU -> SOV-4.4 opt1. |
| SOV-4.5 | Documentation & knowledge transfer | 1. Global/non-EU exposure | 0/167 | SEAL-0 | low | Documentation/internal knowledge maintained globally with no EU-residency requirement; global/non-EU exposure -> SOV-4.5 opt1. |
| SOV-4.6 | Subcontractor & supplier jurisdiction | 2. Service would stop with delay | 42/167 | SEAL-2 | low | Relies on non-EU suppliers (US payment/build partners, Nvidia hardware); a disruption would stop parts of the service with delay, no continuity guarantee -> SOV-4.6 opt2. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-5.1 | Origin of components (physical parts) | 2. Partial disclosure | 36/143 | SEAL-1 | low | Fly.io runs its own bare-metal servers but provides only partial public disclosure of physical component provenance -> SOV-5.1 opt2. |
| SOV-5.2 | Manufacturing location | 2. Foreign origin, partial disclosure | 36/143 | SEAL-1 | medium | Server hardware and GPUs (Nvidia A100/L40S/A10) are foreign-manufactured (US/Asia) with partial disclosure; nothing EU-built -> SOV-5.2 opt2. |
| SOV-5.3 | Embedded code/firmware provenance | 2. Partial disclosure | 36/143 | SEAL-4 | low | Firmware/embedded code on foreign hardware (BIOS, GPU firmware, NICs) only partially disclosed; all-SEAL-4 factor; choice kept (opt2). |
| SOV-5.4 | Origin of software | 2. Foreign origin, partial disclosure | 36/143 | SEAL-2 | medium | Platform software is self-developed by the US company (not foreign_core/licensed Google-MS), with open-source components (Firecracker, WireGuard, Linux/LUKS) giving partial transparency, but core maintenance is non-EU -> SOV-5.4 opt2 (seal 2). |
| SOV-5.5 | Software build/release jurisdiction | 1. Non-EU control & execution | 0/143 | SEAL-1 | medium | Software built and released under US control and executed by non-EU engineering; no EU control or EU policy gates -> SOV-5.5 opt1. |
| SOV-5.6 | Single point of dependency | 2. Mostly non-EU, undocumented | 36/143 | SEAL-1 | low | Depends on non-EU vendors for critical inputs (Nvidia GPUs, US build/payment partners, US corporate control) with limited documentation of EU alternatives -> SOV-5.6 opt2. |
| SOV-5.7 | Supply chain transparency | 2. Some suppliers auditable | 36/143 | SEAL-1 | low | Some suppliers/components publicly described, but no comprehensive auditable supply-chain transparency program -> SOV-5.7 opt2. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-6.1 | Interoperability & open interfaces | 4. Standards-based and broadly compatible | 150/200 | SEAL-3 | medium | Standards-based and broadly compatible (OCI containers, standard Linux, public Machines REST API, WireGuard) -> SOV-6.1 opt4. |
| SOV-6.2 | Open standards compliance | 3. Partial core adoption | 100/200 | SEAL-2 | medium | Core services adopt open standards (OCI images, HTTP, WireGuard, TLS) but adoption is partial, not a comprehensive policy -> SOV-6.2 opt3. |
| SOV-6.3 | Open source availability | 3. Open source, centralised governance | 100/200 | SEAL-3 | medium | Key technology is open source (Firecracker, flyctl, WireGuard) but the orchestration platform is vendor-controlled under centralized governance -> open source, centralised governance -> SOV-6.3 opt3 (seal 3). Not foreign_core, so no opt2 cap. |
| SOV-6.4 | Service architecture transparency | 4. Large corpus of public insight | 150/200 | SEAL-3 | high | Large corpus of public architecture insight (detailed blog posts, public docs on fly-proxy, Firecracker, networking) -> SOV-6.4 opt4. |
| SOV-6.5 | HPC sovereignty | 1. Imported black-box HPC | 0/200 | SEAL-0 | low | GPU/HPC relies on imported black-box Nvidia accelerators; no EU HPC design or fabrication; GPU product being deprecated -> SOV-6.5 opt1 (seal 0). |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-7.1 | Security certification (EAL) | 2. EAL1 | 36/143 | SEAL-1 | high | certs: SOC 2 Type 2 only (no ISO 27001/SecNumCloud/EUCS/C5/ENS/Common Criteria EAL); per key SOC 2 without ISO 27001 maps to opt2 (EAL1-equiv, seal 1) (src: https://fly.io/docs/security/security-at-fly-io/). |
| SOV-7.2 | EU regulatory compliance (GDPR/NIS2/DORA) | 3. Moderate compliance | 72/143 | SEAL-4 | medium | Offers a GDPR DPA and participates in EU-US DPF (moderate compliance) but no NIS2/DORA certification or independent EU audit; all-SEAL-4 factor; choice kept (opt3). |
| SOV-7.3 | EU-based SOC & incident handling | 1. SOC/IR outside EU | 0/143 | SEAL-1 | medium | Security operations and incident handling run by the US-HQ global team, not an EU-based SOC -> SOV-7.3 opt1. |
| SOV-7.4 | Control over security monitoring/logging | 3. Basic monitoring portal | 72/143 | SEAL-1 | low | consistency (cluster norm 7.4=opt3): customers get an application logging/metrics monitoring portal but not full independent control of provider-side security monitoring with EU log residency -> opt3 (basic monitoring portal, seal 1). |
| SOV-7.5 | Disclosure of incidents | 3. Moderate (GDPR/NIS2-aligned) | 72/143 | SEAL-2 | low | Incident disclosure follows GDPR/DPA breach-notification (moderate, NIS2-aligned) without real-time CSIRT sharing -> SOV-7.5 opt3. |
| SOV-7.6 | Maintenance autonomy | 2. Limited autonomy (vendor schedules) | 36/143 | SEAL-1 | low | Customers control their own app deployments but platform/host maintenance is vendor-scheduled with limited customer autonomy over the underlying stack -> SOV-7.6 opt2. |
| SOV-7.7 | Auditability | 2. Limited independent access | 36/143 | SEAL-1 | medium | No audit_rights: independent assurance limited to SOC 2 reports shared under NDA; no provision for full independent audit by any entity -> SOV-7.7 opt2 (seal 1). |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-8.1 | Energy efficiency (PUE) | 1. PUE unmanaged/high | 0/250 | SEAL-1 | low | Fly.io runs its own servers in colocation but publishes no PUE figures or energy-efficiency roadmap -> SOV-8.1 opt1. |
| SOV-8.2 | Hardware reuse & recycling | 2. Basic circular practices | 63/250 | SEAL-0 | low | No documented hardware reuse/recycling program; at most basic circular practices implied by reusing bare-metal servers, no EU-aligned policy -> SOV-8.2 opt2 (seal 0). |
| SOV-8.3 | Environmental impact reporting | 1. No reporting | 0/250 | SEAL-1 | low | No published environmental-impact or sustainability report identified -> SOV-8.3 opt1. |
| SOV-8.4 | Energy supplies | 1. Non traceable | 0/250 | SEAL-4 | low | Energy sources not disclosed; relies on third-party colocation power with no traceable EU/green commitment; all-SEAL-4 factor; choice kept (opt1). |