Digital Sovereignty as a Quality Attribute for Software Architectures

· Source: cs.SE updates on arXiv.org · Field: Technology & Digital — Software Development & Engineering, Cloud Computing & IT Infrastructure, Emerging Technologies & Innovation · Depth: Expert, extended

Summary

The paper analyzes digital sovereignty (DS) as a quality attribute (QA) for software architectures (SAs) in cloud computing (CC), focusing on the European Union's policy frameworks. It argues that DS can be analytically refined as a QA, exhibiting properties like measurability, validation, trade-offs, and scenario-based analysis. A key contribution is a risk metric σ=α×β×ζ, where α quantifies semantic dependence on a cloud vendor, β represents vendor lock-in strength (analytically fixed at >0.9 for US hyperscalers in Europe), and ζ denotes the applicability of foreign jurisdictions over EU law. This extends to an overall risk equation φ=σ×ρ×ℹ, incorporating occurrence probability (ρ) and impact (ℹ). The EU's 2025 Cloud Sovereignty Framework (CSF) establishes a five-fold effectiveness scale and eight dimensions for DS, including a comparison formula. Furthermore, the proposed Cloud and AI Development Act (CADA) from June 2026 mandates risk assessments for public sector CC services, emphasizing data sensitivity, unlawful access, and service disruption, while promoting multi-vendor and multi-cloud strategies to mitigate risks.

Key takeaway

For public sector IT leads evaluating cloud deployments for critical services, recognize digital sovereignty as a quantifiable quality attribute. Your risk assessments should integrate metrics for vendor lock-in, semantic dependencies, and foreign legal jurisdiction, as outlined by the EU's Cloud Sovereignty Framework. Actively pursue multi-vendor or multi-cloud strategies and ensure architectural decomposition supports migration within mandated timelines, like the 12 months specified in the CADA proposal, to mitigate geopolitical and vendor-specific risks.

Key insights

Digital sovereignty can be formalized as a measurable quality attribute for software architectures in cloud computing.

Principles

Method

The paper proposes conceptualizing DS as a QA using a scenario-based methodology. It introduces metrics like α (semantic dependence), β (lock-in strength), and ζ (foreign jurisdiction) to quantify risk σ, further extended to φ=σ×ρ×ℹ for overall risk analysis.

In practice

Topics

Best for: CTO, Executive, VP of Engineering/Data, AI Architect, Policy Maker, Director of AI/ML

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by cs.SE updates on arXiv.org.