Standard · Domains
Four domains.
Each domain answers one core question. Each domain is assessed independently.
Legal & organisational transparency
„Who controls the provider legally — and which jurisdiction is it subject to?"
Open domain D2Operational transparency & data control
„Who has operational access to data and keys — and how is that demonstrable?"
Open domain D3Technical sovereignty & interoperability
„Can the service be switched without prohibitive effort?"
Open domain D4Sustainability & supply-chain resilience
„How robust is the technical and geopolitical supply chain?"
Open domainWhy exactly four domains?§
The four domains are not arbitrary. They follow systematically from three dimensions of structural transparency — legal (D1), operational (D2) and technical (D3) — complemented by the connection to the outside world: the supply chain (D4). These four cuts cover the entire assessment space of digital sovereignty without overlap.
Three domains would be incomplete: they would hide supply-chain dependencies that in a crisis erode any legal or operational control. Five domains would create redundancy — any further category would be a subset of the four existing ones and therefore assessment work without analytical gain. The number four is the minimal complete model.