| SOV-1 Strategic Sovereignty | SEAL-1 | |
| SOV-2 Legal & Jurisdictional Sovereignty | SEAL-1 | |
| SOV-3 Data & AI Sovereignty | SEAL-1 | |
| SOV-4 Operational Sovereignty | SEAL-2 | |
| SOV-5 Supply Chain Sovereignty | SEAL-1 | |
| SOV-6 Technology Sovereignty | SEAL-2 | |
| SOV-7 Security & Compliance Sovereignty | SEAL-1 | |
| SOV-8 Environmental Sustainability | SEAL-2 |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-1.1 | EU/EEA legal entity control | 1. Entirely outside the EU | 0/125 | SEAL-1 | high | foreign_parent: Oracle Corporation is US-headquartered (Austin, TX). EU Sovereign Cloud is run by EU-incorporated entities but the ultimate controlling parent is entirely non-EU -> entity control entirely outside the EU (opt1). Normalised to opt1 across the US-hyperscaler cluster (US-parented; same as AWS/Azure/GCP/IBM). (src: https://investor.oracle.com/home/default.aspx) |
| SOV-1.2 | Change of control risk | 5. Very unlikely | 125/125 | SEAL-4 | medium | Oracle is a large, stable, publicly traded US corporation; takeover transferring control to another non-EU sovereign entity is very unlikely (kept at existing all-SEAL-4 choice). |
| SOV-1.3 | Control over roadmap | 2. Through 'voice of the customer' public channels | 42/125 | SEAL-2 | medium | OCI roadmap is set centrally by Oracle US; EU customers have only voice-of-the-customer channels, no EU governance body controls the roadmap -> opt2. |
| SOV-1.4 | Financial independence from non-EU capital | 1. Almost entirely relying on non-EU funding | 0/125 | SEAL-4 | high | Oracle is funded by US capital markets and a US parent; funding is almost entirely non-EU (opt1). |
| SOV-1.5 | EU economic contribution | 2. Some | 31/125 | SEAL-4 | medium | Substantial EU operations and the EU Sovereign Cloud entities exist, but the bulk of value capture, IP and revenue accrues to the US parent -> some EU contribution (opt2). |
| SOV-1.6 | Participation in EU strategic programs | 2. Limited participation | 31/125 | SEAL-4 | low | Oracle markets sovereignty offers aligned to EU policy but has no documented Gaia-X / IPCEI-CIS role; participation in EU strategic programs is limited (opt2). |
| SOV-1.7 | Alignment with EU industrial strategies | 2. Existing action plan | 42/125 | SEAL-4 | low | Oracle has a published EU sovereign-cloud action plan and dedicated EU entities but no EU-governed measured achievement framework -> existing action plan (opt2). |
| SOV-1.8 | Resilience to cut-off | 3. Can continue temporarily per contractual agreement | 63/125 | SEAL-2 | medium | No own_stack (US-parent proprietary core software), so not full autonomy. But EU Sovereign Cloud entities own the EU hardware and data-centre leases and operate with EU-resident staff and processes separated from global Oracle, so the realm can continue temporarily per contractual agreement on a parent cut-off -> opt3 (seal 2). Not the PaaS-on-non-EU-hyperscaler halt case. (src: https://docs.oracle.com/en-us/iaas/Content/sovereign-cloud/eu-sovereign-cloud.htm) |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-2.1 | Primary legal jurisdiction | 2. Mixed EU/non-EU | 84/167 | SEAL-1 | high | foreign_parent: contracts/operations involve EU law (EU entities, GDPR) and US law via the parent; jurisdiction is mixed EU/non-EU (opt2). (src: https://www.oracle.com/cloud/eu-sovereign-cloud/faq/) |
| SOV-2.2 | Extraterritorial laws exposure | 3. EU subsidiary with contractual protections | 84/167 | SEAL-1 | high | No certified immunity: US-parented group with EU subsidiaries and contractual/operational protections, but not SecNumCloud/EUCS-High and compellable via the parent -> EU subsidiary with contractual protections (opt3, seal 1). Consistent with the cluster. (src: https://www.oracle.com/cloud/eu-sovereign-cloud/faq/) |
| SOV-2.3 | Data access pathways for non-EU authorities | 2. Can compel access without notification, specific cases | 42/167 | SEAL-1 | high | foreign_parent: as a US company Oracle is subject to CLOUD Act/FISA and could be compelled to provide access without notification in specific cases (opt2, seal 1) -> sets overall SEAL-1. (src: https://www.oracle.com/cloud/eu-sovereign-cloud/faq/) |
| SOV-2.4 | Export control restrictions | 3. Share of revenues >50% in the EU | 84/167 | SEAL-2 | medium | Subject to US export controls; very large EU revenue (>50% of EU-region business EU-derived) and no targeted restrictions against EU member states evident -> opt3. |
| SOV-2.5 | Origin of IP | 2. Mostly outside the EU | 42/167 | SEAL-4 | high | Core OCI and Oracle software IP is developed and owned in the US -> IP origin mostly outside the EU (opt2). |
| SOV-2.6 | IP holder jurisdiction | 1. Non-EU law, single country | 0/167 | SEAL-3 | high | IP held by Oracle under US law, single country (opt1). |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-3.1 | Customer control over encryption keys | 5. Customer exclusive control - provider cannot read data | 200/200 | SEAL-4 | high | OCI Vault customer-managed keys plus External Key Management (Thales HYOK) let customers hold keys/HSMs outside OCI so the provider cannot read data -> customer exclusive control (opt5). |
| SOV-3.2 | Transparent data flows & access logs | 4. Full customer-controlled visibility, not real-time | 150/200 | SEAL-3 | medium | OCI Audit/logging give customers full visibility over access and data flows, but logging is vendor-implemented and not independently real-time auditable -> full customer-controlled, not real-time (opt4). |
| SOV-3.3 | Secure deletion & proof of erasure | 3. Internal validation per policy, no proof | 100/200 | SEAL-1 | low | Deletion performed per documented policy/contract but no independently verified cryptographic proof of irreversible erasure -> internal validation per policy (opt3). |
| SOV-3.4 | Data location strictly in EU/EEA | 5. Exclusively EU, no third-country fallback | 200/200 | SEAL-4 | high | eu_exclusive: EU Sovereign Cloud keeps data exclusively in EU data centres (Frankfurt, Madrid) in a separate realm physically and logically isolated from all other Oracle realms, sharing no infrastructure and with no backbone network to other Oracle regions, no third-country fallback (opt5). Genuine differentiator vs Azure/GCP/IBM EU-by-default products. (src: https://docs.oracle.com/en-us/iaas/Content/sovereign-cloud/eu-sovereign-cloud.htm) |
| SOV-3.5 | AI services sovereignty | 2. Mostly non-EU: licensed AI, chip dependency | 50/200 | SEAL-2 | high | OCI AI runs on foreign accelerators (NVIDIA/AMD) with licensed/partner foundation models -> mostly non-EU, chip dependency (opt2). |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-4.1 | Portability & interoperability | 4. Formal migration services available | 125/167 | SEAL-4 | medium | OCI provides documented data export and formal migration services/tooling, though not deployed on independent sovereign infrastructure (opt4). |
| SOV-4.2 | Ability to operate without foreign dependencies | 4. Ops predominantly EU-based teams | 125/167 | SEAL-3 | high | eu_ops: EU Sovereign Cloud operations delivered predominantly by EU-based teams (dedicated EU entities, EU-resident staff), though the broader stack still depends on the US parent -> ops predominantly EU-based (opt4). |
| SOV-4.3 | Skill availability in the EU | 3. Majority EU, escalation abroad | 84/167 | SEAL-3 | high | EU Sovereign Cloud staffed by EU-resident personnel with engineering/escalation ultimately tied to global Oracle -> majority EU, escalation abroad (opt3). |
| SOV-4.4 | Support channels | 3. Majority in EU, non-EU escalations | 84/167 | SEAL-3 | medium | Support for EU Sovereign Cloud restricted to EU residents, with deeper escalations potentially handled by non-EU engineering -> majority in EU, non-EU escalations (opt3). |
| SOV-4.5 | Documentation & knowledge transfer | 2. EU optional, not enforced | 42/167 | SEAL-2 | low | Documentation/knowledge bases are global Oracle resources; EU-only handling not enforced for docs -> EU optional, not enforced (opt2). |
| SOV-4.6 | Subcontractor & supplier jurisdiction | 3. Continue temporarily per contractual agreement | 84/167 | SEAL-3 | low | EU Sovereign Cloud contracts restrict suppliers/operations to EU entities allowing temporary continuity under contract, but underlying hardware/chip suppliers remain non-EU -> continue temporarily per contract (opt3). |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-5.1 | Origin of components (physical parts) | 2. Partial disclosure | 36/143 | SEAL-1 | medium | Server hardware uses foreign components (US/Asian chips/parts); only partial public disclosure of physical component provenance (opt2). |
| SOV-5.2 | Manufacturing location | 2. Foreign origin, partial disclosure | 36/143 | SEAL-1 | medium | Hardware manufactured outside the EU with only partial disclosure of manufacturing locations (opt2). |
| SOV-5.3 | Embedded code/firmware provenance | 2. Partial disclosure | 36/143 | SEAL-4 | low | Firmware/embedded code (BMC, NIC, GPU firmware) from non-EU vendors with only partial disclosure of provenance (opt2). |
| SOV-5.4 | Origin of software | 2. Foreign origin, partial disclosure | 36/143 | SEAL-2 | high | foreign_core: core OCI software is Oracle US proprietary tech with partial disclosure, not EU-maintained -> foreign origin, partial disclosure (opt2, seal 2). |
| SOV-5.5 | Software build/release jurisdiction | 2. EU control, non-EU execution | 36/143 | SEAL-1 | medium | Core build/release authority and execution sit with the US organisation; EU entities govern only some deployment -> EU control with non-EU execution is the closest fit (opt2). |
| SOV-5.6 | Single point of dependency | 2. Mostly non-EU, undocumented | 36/143 | SEAL-1 | medium | Critical services depend on non-EU vendors (Oracle US software, NVIDIA/AMD chips) with limited documentation of these single points of dependency -> mostly non-EU, undocumented (opt2). |
| SOV-5.7 | Supply chain transparency | 2. Some suppliers auditable | 36/143 | SEAL-1 | low | Some suppliers auditable via Oracle attestations, but the full supply chain (chips/firmware) is not openly auditable by customers -> some suppliers auditable (opt2). |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-6.1 | Interoperability & open interfaces | 3. Mixed (partial openness) | 100/200 | SEAL-2 | medium | OCI exposes documented APIs and supports some open standards (Kubernetes, SQL) but much remains proprietary -> mixed/partial openness (opt3). |
| SOV-6.2 | Open standards compliance | 3. Partial core adoption | 100/200 | SEAL-2 | medium | OCI adopts open standards in parts of its core (Kubernetes, SQL, OCP hardware) but not as policy across all services -> partial core adoption (opt3). |
| SOV-6.3 | Open source availability | 2. Source available for review, strict rights | 50/200 | SEAL-2 | high | foreign_core: OCI control plane is closed-source US proprietary tech, though Oracle contributes/uses some open source (OpenJDK, Linux); source-available-with-strict-rights best fits -> opt2 (seal 2). Normalised to opt2 with AWS/Azure/GCP (same closed foreign-core profile). |
| SOV-6.4 | Service architecture transparency | 3. Some public insight | 100/200 | SEAL-3 | medium | Oracle publishes substantial architecture documentation and reference architectures -> some public insight without full openness (opt3). |
| SOV-6.5 | HPC sovereignty | 2. EU-hosted, foreign stack | 50/200 | SEAL-3 | medium | HPC/AI supercluster capacity in EU regions is EU-hosted but uses a foreign hardware and software stack (NVIDIA/AMD, Oracle US software) -> EU-hosted, foreign stack (opt2). |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-7.1 | Security certification (EAL) | 4. EAL3 | 107/143 | SEAL-3 | medium | Certs held: BSI C5 plus ISO 27001 + SOC 1/2/3; no SecNumCloud / EUCS-High. Per key, a high-assurance EU/national cloud certification (BSI C5) maps to EAL3 -> opt4 (seal 3). Normalised across the cluster (all five hold C5). (src: https://www.oracle.com/de/corporate/c5-attestation-for-oracle-cloud-applications-blog/) |
| SOV-7.2 | EU regulatory compliance (GDPR/NIS2/DORA) | 4. Partial compliance to most | 107/143 | SEAL-4 | high | Strong GDPR/NIS2/DORA alignment with many independent attestations (ISO 27001, SOC, C5), but not fully independently audited to every regime -> partial compliance to most (opt4). |
| SOV-7.3 | EU-based SOC & incident handling | 2. Hybrid EU/non-EU | 36/143 | SEAL-1 | medium | OCI security operations run on a global SOC model; even for EU Sovereign Cloud, incident handling can involve hybrid EU/non-EU teams and global threat intel -> hybrid EU/non-EU (opt2). |
| SOV-7.4 | Control over security monitoring/logging | 4. Full direct access, logs stored in EU | 107/143 | SEAL-3 | medium | Customers get full direct access to security logging via OCI Logging/Audit, and EU Sovereign Cloud stores logs in EU -> full direct access, logs stored in EU (opt4). |
| SOV-7.5 | Disclosure of incidents | 4. Partial compliance, monitored flow, SLAs | 107/143 | SEAL-3 | medium | GDPR/NIS2/DORA-aligned incident disclosure with contractual monitored notification SLAs, but not full real-time CSIRT sharing -> partial compliance, monitored flow, SLAs, opt4 (seal 3). Normalised across the cluster. |
| SOV-7.6 | Maintenance autonomy | 2. Limited autonomy (vendor schedules) | 36/143 | SEAL-1 | low | Maintenance/patching of the managed platform is controlled by Oracle; customers have limited autonomy over the platform maintenance window -> limited autonomy (opt2). |
| SOV-7.7 | Auditability | 2. Limited independent access | 36/143 | SEAL-1 | high | No audit_rights: independent audit limited to third-party certification bodies and access to attestation reports; customers cannot perform fully independent audits -> limited independent access (opt2, seal 1). |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-8.1 | Energy efficiency (PUE) | 3. PUE < 1.5 + roadmap | 125/250 | SEAL-4 | low | Oracle pursues PUE improvements (liquid cooling, OCP designs) with a sustainability roadmap, reporting PUE as low as ~1.15 at some sites; conservatively the 'PUE < 1.5 + roadmap' tier (opt3, seal 4). (src: https://www.oracle.com/sustainability/green-cloud/) |
| SOV-8.2 | Hardware reuse & recycling | 3. Documented program | 125/250 | SEAL-3 | low | Documented hardware reuse/recycling and circular practices program, but not an EU-certified lifecycle -> documented program (opt3). |
| SOV-8.3 | Environmental impact reporting | 3. Annual report | 125/250 | SEAL-2 | medium | Oracle publishes annual sustainability/citizenship reporting on emissions/energy, but not under an EU-specific audited methodology -> annual report (opt3). |
| SOV-8.4 | Energy supplies | 4. Only EU energy supplies (high renewable) | 188/250 | SEAL-4 | medium | Oracle reports 100% renewable energy across its European cloud regions -> only EU energy supplies (high renewable) (opt4) (kept at existing all-SEAL-4 choice). (src: https://www.oracle.com/sustainability/green-cloud/) |