https://sovereignshift.eu/tags/digital-sovereignty/ Recent content in Digital Sovereignty on Sovereign Shift Hugo en Wed, 18 Feb 2026 00:00:00 +0000 https://sovereignshift.eu/blog/eu-us-vendor-exposure-checklist/ Wed, 18 Feb 2026 00:00:00 +0000 https://sovereignshift.eu/blog/eu-us-vendor-exposure-checklist/ <p>European organisations tend to think about US vendor exposure in binary terms: either you use US cloud providers or you do not. The reality is more layered. Two organisations can both run on Microsoft 365 and have very different levels of exposure, depending on how identity is configured, who holds the encryption keys, where backups sit, and what integrations exist.</p> <p>This post provides a structured checklist for scoring your organisation&rsquo;s actual US vendor exposure. It is not a compliance form. It is a practical tool for understanding where your sovereignty risk concentrates and which areas you can address without a full migration.</p> https://sovereignshift.eu/blog/data-driven-decision-making/ Thu, 15 Jan 2026 00:00:00 +0000 https://sovereignshift.eu/blog/data-driven-decision-making/ <p>European organisations that choose EU data centres for their Microsoft 365 or Google Workspace deployments often believe they have addressed their sovereignty exposure. The data is in the EU. The box is ticked.</p> <p>But data location is only one of many control points a cloud provider holds over your organisation. Even with EU-hosted data, a US provider retains administrative access, controls the encryption keys, operates the identity layer, and can push updates or policy changes without your consent. The CLOUD Act (18 U.S.C. §2713) gives US law enforcement the legal authority to compel data disclosure regardless of where the data is physically stored.</p>