Standard · Interface
EDSO complements — does not replace.
Which existing standards cover which domains — and where EDSO adds the structural Sovereignty assessment.
Introduction§
Existing standards measure security, resilience and compliance. They are necessary and sound within their respective scope. None of these standards, however, measures the structural controllability of a service by the customer and by Europe.
EDSO fills this gap and is combinable with each of these standards. The following matrix shows, for each standard and per domain, whether it covers the respective sovereignty dimension, touches on it partially or leaves it structurally open.
The central matrix§
| Standard | D1 | D2 | D3 | D4 |
|---|---|---|---|---|
| NIS2 | ◐ | ◐ | ○ | ◐ |
| DORA | ◐ | ◐ | ◐ | ○ |
| EU AI Act | ○ | ○ | ○ | ○ |
| EUCS | ◐ | ◐ | ◐ | ○ |
| BSI C5 | ◐ | ✓ | ○ | ○ |
| ISO/IEC 27001 | ◐ | ✓ | ○ | ○ |
| SOC 2 Type II | ○ | ✓ | ○ | ○ |
| TISAX | ◐ | ◐ | ○ | ○ |
- covered
- partial
- gap — EDSO complements
Notes per standard§
Closing§
Holding ISO 27001 does not yet mean sovereignty. Holding EDSO Level 2 does not yet mean security. Only the combination yields procurement-robust, regulatory-grade evidence.