Digital sovereignty now measurable – DICTU

The discussion regarding digital sovereignty has been ongoing for many months. In policy papers, European strategies, and countless panels at IT conferences. Yet one question often remained unanswered: how do you actually measure whether an IT environment is truly sovereign?

The Dienst ICT Uitvoering (DICTU) has now provided a concrete answer. With the new Sovereignty Assessment Tool for cloud services, organizations can systematically evaluate their digital dependencies. Not just legally, but also technically, operationally, and organizationally.

This is important. Because digital sovereignty has long been about more than just where data is located. The core question is, as we have been saying for many months: who ultimately has control?

Why this assessment was necessary

The reason is clear. A large part of the European cloud market is currently dominated by a small number of international hyperscalers. According to various analyses, that share is around seventy percent. This creates a dependency that goes beyond technology alone.

A major point of concern is the extraterritorial effect of legislation such as the US CLOUD Act. Because jurisdiction follows ownership for many technology companies, foreign authorities can demand access to data under certain circumstances, even when it is physically stored in Europe.

For government organizations and critical sectors, this raises a fundamental question: how much control do we actually still have over our own digital infrastructure?

The DICTU assessment tool attempts to provide an objective framework for this. Let’s take a look at what that looks like.

Five dimensions of digital autonomy

The tool does not look at a combination of just a few factors. In total, five dimensions are assessed:

  • Legal – which legislation applies to a service provider and where is the parent company located?
  • Data & AI – where is data stored, who has technical access to it, and how are algorithms managed?
  • Technology – to what extent are systems interoperable and how high is the risk of vendor lock-in?
  • Operational – how dependent is an organization on suppliers or external infrastructure?
  • Human – who manages the systems and how transparent are the support and management chains?

This broad approach immediately makes it clear that sovereignty is an architectural issue involving a wide range of factors.

From cloud strategy to data control

In many organizations, the issue starts with data. Where is it stored, and under what conditions?

A hybrid model is therefore emerging more and more frequently. Cloud remains an important part of the IT strategy, but for certain datasets, organizations consciously choose an environment where control remains entirely in their own hands. Sensitive data thus remains under their own management.

European on-prem storage is playing an increasingly significant role.

An example of this are the storage solutions from FAST LTA, a German manufacturer for which Comex is the exclusive distributor in the Benelux. The technology was specifically developed with a focus on data storage control and long-term availability. Let’s see how these systems can contribute to increasing the DICTU score.

Sovereignty starts with jurisdiction

One of the first questions in the DICTU assessment is legal in nature: which legislation applies to a supplier?

FAST LTA is based in Munich and operates entirely under European jurisdiction. This means that the infrastructure does not fall under extraterritorial legislation such as the US CLOUD Act. For organizations that want to maintain control over their data, this can make a significant difference.

Data that actually remains under your own management

In addition to legal control, the DICTU tool also looks at the technical protection of data.

FAST LTA’s storage architecture is designed to be entirely on-premises. Data is stored locally and thus remains physically within the organization’s infrastructure. This supports scenarios where data residency and direct control are hard requirements.

Furthermore, there are features such as hardware-based WORM sealing and physical air-gaps, ensuring data can no longer be modified or encrypted once it has been stored. Such mechanisms are increasingly used to protect backups against ransomware and tampering.

It is precisely these types of technical measures that contribute to a higher sovereignty score in the DICTU model.

Technology without lock-in

Another important criterion in the assessment tool is technological independence.

When data is only accessible via proprietary protocols, switching to another supplier often becomes complex and costly. Therefore, DICTU explicitly looks at support for open standards.

FAST LTA’s storage platforms support, among others, S3-compatible object storage, SMB/NFS, and VTL emulation. This makes it possible to integrate systems into existing environments while offering flexibility for future migrations.

Technology based on standards reduces the risk of vendor lock-in and increases strategic room for maneuver.

Continuity as part of sovereignty

An aspect that is often overlooked in discussions about sovereignty is operational continuity.

The DICTU model therefore also looks at factors such as system lifespan, supply chains, and maintenance contracts. Hardware designed for long-term use that can be maintained locally reduces dependence on global supply chains.

FAST LTA, for example, positions its systems with a lifespan of at least ten years and long-term service contracts. These kinds of choices can contribute to stability in environments where infrastructure must remain available for a long time. Additionally, this helps prevent unforeseen costs because the TCO is clear from the point of purchase.

Digital sovereignty as an architectural choice

Perhaps the most important insight from the DICTU tool is that digital sovereignty is not an all-or-nothing choice. It’s not about cloud versus on-premise. It’s about conscious architectural choices.

Many organizations will continue to use a hybrid model, in which different types of infrastructure coexist. But it is precisely within that architecture that it becomes important to think about where the core of your data foundation lies.

European storage solutions can play a role here as a kind of sovereign anchor point within the infrastructure.

From discussion to measurability

This is perhaps the greatest value of the new DICTU tool. It brings a discussion that often remained abstract back to something concrete: digital sovereignty becomes measurable.

And as soon as something becomes measurable, you can also manage it in a targeted way.

For IT architects and policymakers, this means that the question of how to realize digital sovereignty in practice has suddenly become tangible. Curious about how FAST LTA systems fit within your infrastructure? Take a look at our website or contact Axel Booltink or Roel Lenssen via LinkedIn.

Subscribe for tips and info

We regularly write blogs on current topics from the world of digital storage technology. Sign up here to be notified about new blogs.