| SOV-1 Strategic Sovereignty | SEAL-2 | |
| SOV-2 Legal & Jurisdictional Sovereignty | SEAL-2 | |
| SOV-3 Data & AI Sovereignty | SEAL-1 | |
| SOV-4 Operational Sovereignty | SEAL-2 | |
| SOV-5 Supply Chain Sovereignty | SEAL-1 | |
| SOV-6 Technology Sovereignty | SEAL-3 | |
| SOV-7 Security & Compliance Sovereignty | SEAL-1 | |
| SOV-8 Environmental Sustainability | SEAL-0 |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-1.1 | EU/EEA legal entity control | 4. Entirely within the EU | 125/125 | SEAL-4 | high | Legal entity is BIRDSIGHT SAS, a French simplified joint-stock company (RCS 852 571 108) headquartered at 128 rue de la Boetie, Paris; entirely EU-incorporated and EU-controlled (src: https://www.qovery.com/sovereignty). |
| SOV-1.2 | Change of control risk | 3. Somewhat likely takeover/transfer to non-EU sovereign entity | 63/125 | SEAL-4 | medium | Founder-led French startup but VC-backed and actively expanding into the US with $13M Series A including US investors/angels; an acquisition by a non-EU acquirer is plausible for a growth-stage company though not imminent. |
| SOV-1.3 | Control over roadmap | 3. Governance bodies exist with EU actors participation | 83/125 | SEAL-3 | medium | EU-controlled French company with its own R&D; the engine is open-source so EU actors can influence the roadmap via public issues/PRs, giving EU-actor participation in governance (key 1.3: EU governance with some external influence -> opt3). |
| SOV-1.4 | Financial independence from non-EU capital | 4. Majority of funding is EU-based | 94/125 | SEAL-4 | medium | Series A was led by IRIS Capital (France) with Speedinvest (Austria) and Crane (UK), plus US participants (Techstars, US angels); the majority/lead funding is EU-based. |
| SOV-1.5 | EU economic contribution | 4. Majority in the EU | 94/125 | SEAL-4 | medium | Company is incorporated, headquartered and primarily staffed/engineered in Paris, so the majority of economic value-add is in the EU despite a nascent US sales push. |
| SOV-1.6 | Participation in EU strategic programs | 1. No clear participation | 0/125 | SEAL-4 | medium | No evidence of participation in EU strategic programs such as Gaia-X or IPCEI-CIS; Qovery markets sovereignty independently. |
| SOV-1.7 | Alignment with EU industrial strategies | 2. Existing action plan | 42/125 | SEAL-4 | low | Has an explicit sovereignty positioning/action plan (dedicated sovereignty page, EU-law-by-default, self-hostable control plane) but no measured governance or dedicated EU-industrial-strategy means. |
| SOV-1.8 | Resilience to cut-off | 4. Ability to source alternatives or internalise key functions | 94/125 | SEAL-2 | high | Not own_stack (SaaS control plane runs on AWS and customer workloads typically on non-EU hyperscalers), but the open-source GPL engine + air-gapped self-hosting genuinely let customers source alternatives/internalise; key 1.8: real non-EU operational dependency with internalisation path -> opt4 (seal 2), not full autonomy. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-2.1 | Primary legal jurisdiction | 3. Exclusively EU law | 167/167 | SEAL-4 | high | Qovery (BIRDSIGHT SAS) operates under EU law by default as a French entity; its terms and processing are governed by French/EU law (src: https://www.qovery.com/sovereignty). |
| SOV-2.2 | Extraterritorial laws exposure | 4. Legal structures shielding from foreign law | 125/167 | SEAL-2 | medium | eu_entity (pure-FR SAS, no non-EU parent) gives legal structures shielding from foreign law, but with no SecNumCloud/EUCS-High certified immunity and a real AWS/US nexus for the control plane; key 2.2: EU entity, structural separation, no certified immunity -> opt4 (seal 2). |
| SOV-2.3 | Data access pathways for non-EU authorities | 5. Requests always rejected by the provider | 167/167 | SEAL-4 | medium | No foreign_parent (wholly French entity, not reachable by CLOUD Act/FISA) and by architecture Qovery never holds customer data, secrets or DB contents; key 2.3: not subject to non-EU compelled access and commits to refuse -> opt5 (seal 4) (src: https://www.qovery.com/sovereignty). |
| SOV-2.4 | Export control restrictions | 4. Part of offer shielded from restrictions towards EU MSs | 125/167 | SEAL-3 | low | As a French SAS the offer faces no export restrictions toward EU Member States and is structurally shielded toward EU MSs; intl-org shielding is not documented (key 2.4: part of offer shielded toward EU MSs -> opt4). |
| SOV-2.5 | Origin of IP | 5. Fully within the EU | 167/167 | SEAL-4 | high | Core IP (the deployment engine, control-plane API and platform) is designed and developed by the Paris-based team; the engine is published as Qovery's own open-source code. |
| SOV-2.6 | IP holder jurisdiction | 5. Fully under EU law | 167/167 | SEAL-4 | high | IP is held by the French entity BIRDSIGHT SAS and thus falls fully under EU law. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-3.1 | Customer control over encryption keys | 5. Customer exclusive control - provider cannot read data | 200/200 | SEAL-4 | high | Qovery explicitly never accesses application data, database contents or environment secrets; encryption keys and secrets remain entirely under the customer's control in their own cloud account, so the provider cannot read the data. Genuine customer-exclusive-key strength preserved (src: https://www.qovery.com/sovereignty). |
| SOV-3.2 | Transparent data flows & access logs | 4. Full customer-controlled visibility, not real-time | 150/200 | SEAL-3 | medium | Deployment events, audit logs and resource metrics are exposed to the customer via the platform, and customers run workloads in their own account with their own cloud-native logging, giving strong customer-controlled visibility though not independently real-time audited. |
| SOV-3.3 | Secure deletion & proof of erasure | 4. Deletion technically verified with access logs | 150/200 | SEAL-3 | low | Data lives in the customer's own cloud account and deletion is technically verifiable through the customer's own cloud-native deletion plus Qovery's audit logs of every change; key 3.3: deletion technically verified with access logs -> opt4. |
| SOV-3.4 | Data location strictly in EU/EEA | 4. EU by default, tightly controlled exceptions | 150/200 | SEAL-1 | medium | NOT eu_exclusive: workloads run in the customer's own cloud account (which may be a non-EU hyperscaler), EU residency is only 'available' not contractually exclusive, and the hosted control plane runs on AWS with US subprocessors; key 3.4: EU by default with opt-in non-EU -> opt4 (seal 1). Genuine SEAL-1 gate, not shared with the EU-exclusive members; not inflated per directive (src: https://www.qovery.com/sovereignty). |
| SOV-3.5 | AI services sovereignty | 4. EU-led AI, foreign accelerators | 150/200 | SEAL-3 | low | The core sovereign PaaS offer has no in-scope first-party AI service (any agentic features call customer-chosen LLMs in the customer's own environment, creating no Qovery-side foreign-AI dependency); key 3.5: no in-scope AI service -> opt4 (seal 3). |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-4.1 | Portability & interoperability | 5. Already deployed on sovereign infrastructure | 167/167 | SEAL-4 | high | Workloads already run on the customer's own sovereign-capable infrastructure using standard Kubernetes/Terraform/Helm/Docker, and the open-source engine plus air-gapped self-hosting mean there is no Qovery lock-in for the runtime. |
| SOV-4.2 | Ability to operate without foreign dependencies | 4. Ops predominantly EU-based teams | 125/167 | SEAL-3 | medium | eu_ops (partial): engineering/operations predominantly run by the Paris team, but the SaaS control plane depends on AWS infrastructure; not a fully EU stack, so key 4.2: ops predominantly EU-based -> opt4 (seal 3). |
| SOV-4.3 | Skill availability in the EU | 3. Majority EU, escalation abroad | 84/167 | SEAL-3 | medium | Core engineering is in France/EU with a growing US presence; skills are majority-EU with escalation/expansion abroad, no security-clearance regime documented. |
| SOV-4.4 | Support channels | 3. Majority in EU, non-EU escalations | 84/167 | SEAL-3 | low | Support is run from the Paris-based company (community forum, EU team) with US expansion; majority EU with possible non-EU escalation, though staffing geography is not formally published. |
| SOV-4.5 | Documentation & knowledge transfer | 2. EU optional, not enforced | 42/167 | SEAL-2 | low | Documentation (hub.qovery.com) and code are public on globally hosted platforms (GitHub) in English; EU-only handling is not enforced for knowledge repositories. |
| SOV-4.6 | Subcontractor & supplier jurisdiction | 4. Ability to source alternatives or internalise | 125/167 | SEAL-3 | medium | The control plane depends on AWS, but if Qovery or that dependency were lost the customer's infrastructure keeps running and the open-source engine/self-hosting let customers source alternatives or internalise the function. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-5.1 | Origin of components (physical parts) | 2. Partial disclosure | 36/143 | SEAL-1 | low | Qovery owns no physical hardware; the underlying servers belong to the customer's chosen IaaS (AWS/GCP/Azure/Scaleway) with only the cloud vendor's partial disclosure of component provenance. |
| SOV-5.2 | Manufacturing location | 2. Foreign origin, partial disclosure | 36/143 | SEAL-1 | low | Physical hardware is manufactured by the underlying hyperscaler/IaaS supply chain (foreign origin, partial disclosure); Qovery has no manufacturing control. |
| SOV-5.3 | Embedded code/firmware provenance | 2. Partial disclosure | 36/143 | SEAL-4 | low | Firmware provenance is inherited from the underlying cloud hardware with only partial disclosure by the IaaS provider; Qovery itself does not control or certify it. |
| SOV-5.4 | Origin of software | 5. Exclusively designed/maintained by EU teams | 143/143 | SEAL-4 | high | Qovery's own software (the Rust deployment engine and platform) is designed and maintained by the EU team and is partly open-sourced under GPL-3.0; the core product is EU-built rather than foreign black-box (src: https://github.com/Qovery/engine). |
| SOV-5.5 | Software build/release jurisdiction | 4. EU control & execution | 107/143 | SEAL-3 | medium | Build and release of Qovery's software is controlled by the French company and its EU engineering team, though CI likely executes on globally hosted runners; EU control with EU execution is the reasonable read. |
| SOV-5.6 | Single point of dependency | 3. Few non-EU in critical services / documented | 72/143 | SEAL-2 | medium | The hosted control plane has a documented critical dependency on AWS (a non-EU vendor) for the SaaS offering, though the dependency is documented and removable via self-hosting. |
| SOV-5.7 | Supply chain transparency | 3. Critical suppliers auditable | 72/143 | SEAL-2 | low | Subprocessors are listed in the privacy policy and DPAs are available on request, giving auditability of critical suppliers, but a full auditable supply-chain inventory is not published. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-6.1 | Interoperability & open interfaces | 5. Open-by-default with portability | 200/200 | SEAL-4 | high | Open-by-default: built on standard Kubernetes, Terraform, Helm and Docker with an open-source engine and full portability, since everything runs in the customer's own account. |
| SOV-6.2 | Open standards compliance | 4. Policy for most core services | 150/200 | SEAL-3 | medium | Core services adopt open standards (Kubernetes, OCI containers, Terraform, Helm) as a matter of architecture across most of the platform. |
| SOV-6.3 | Open source availability | 3. Open source, centralised governance | 100/200 | SEAL-3 | high | The deployment engine is genuinely open source (GPL-3.0 on GitHub) but the control plane/API remains proprietary and governance is centralised by the vendor, so open source with centralised governance (src: https://github.com/Qovery/engine). |
| SOV-6.4 | Service architecture transparency | 4. Large corpus of public insight | 150/200 | SEAL-3 | medium | Substantial public insight exists via open-source code, detailed engineering blog posts and public documentation describing the architecture. |
| SOV-6.5 | HPC sovereignty | 2. EU-hosted, foreign stack | 50/200 | SEAL-3 | low | Qovery offers no in-scope HPC service of its own, so there is no imported HPC dependency to penalise; key 6.5: no in-scope HPC -> opt2 (seal 3). |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-7.1 | Security certification (EAL) | 2. EAL1 | 36/143 | SEAL-1 | medium | Holds SOC 2 Type II (independently audited) but no SecNumCloud/EUCS/C5/ENS-High or Common Criteria EAL; SOC 2 alone sits below the ISO+SOC2+C5 (EAL2) tier, mapping to ~EAL1; key 7.1 -> opt2 (seal 1). SEAL-1 gate; no SecNumCloud basis so not inflated per directive (src: https://www.qovery.com/blog/qovery-achieves-soc-2-type-ii-compliance). |
| SOV-7.2 | EU regulatory compliance (GDPR/NIS2/DORA) | 4. Partial compliance to most | 107/143 | SEAL-4 | medium | Claims GDPR, HIPAA and DORA alignment and holds SOC 2 Type II, indicating partial compliance to most relevant EU regulatory frameworks; no NIS2/EUCS certification documented. |
| SOV-7.3 | EU-based SOC & incident handling | 2. Hybrid EU/non-EU | 36/143 | SEAL-1 | low | No dedicated EU-only SOC/incident-response function is documented; for a small EU startup expanding to the US, a hybrid EU/non-EU security operation is the realistic assumption. |
| SOV-7.4 | Control over security monitoring/logging | 4. Full direct access, logs stored in EU | 107/143 | SEAL-3 | medium | Customers run workloads in their own cloud account with full direct access to their own monitoring and logs, which can be stored in the chosen EU region, though tamper-proof immutability is not guaranteed by Qovery. |
| SOV-7.5 | Disclosure of incidents | 3. Moderate (GDPR/NIS2-aligned) | 72/143 | SEAL-2 | low | As a GDPR/DORA-aligned EU company it follows moderate, GDPR/NIS2-style breach-notification practice; real-time CSIRT sharing is not documented. |
| SOV-7.6 | Maintenance autonomy | 4. High autonomy (deploy independently, no checks) | 107/143 | SEAL-4 | medium | Qovery automates day-2 operations and customers can deploy, upgrade and patch independently on their own clusters at their own schedule, giving high maintenance autonomy. |
| SOV-7.7 | Auditability | 2. Limited independent access | 36/143 | SEAL-1 | low | No audit_rights: only SOC 2 Type II reports and a trust center provide assurance, no contractual full independent audit by the contracting authority or any EU body; key 7.7: audits only via certification bodies -> opt2 (seal 1). SEAL-1 gate. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-8.1 | Energy efficiency (PUE) | 1. PUE unmanaged/high | 0/250 | SEAL-1 | low | Qovery operates no data centres of its own and publishes no PUE; energy efficiency is entirely inherited from the customer's chosen IaaS and unmanaged by Qovery. |
| SOV-8.2 | Hardware reuse & recycling | 1. No policy | 0/250 | SEAL-0 | low | No hardware reuse or recycling policy is applicable or published since Qovery owns no physical hardware. |
| SOV-8.3 | Environmental impact reporting | 1. No reporting | 0/250 | SEAL-1 | low | No environmental impact reporting is published by Qovery. |
| SOV-8.4 | Energy supplies | 1. Non traceable | 0/250 | SEAL-4 | low | Energy supply is not traceable at the Qovery level; it depends entirely on the underlying cloud provider chosen by the customer and is not reported by Qovery. |