1. Overview

1.1 Cloud Computing and digital sovereignty

Digital sovereignty describes the abilities and opportunities of individuals and institutions to perform their role(s) in the digital world independently, self-determinedly (autonomous) and securely. The decision to use cloud services is based on the shared responsibility model, which means that responsibility is shared between the cloud service provider and the cloud service customer. This model inherently limits the scope of decisions that the cloud service customer is able to take, including those that impact the customer's digital sovereignty. Cloud service providers can enable their cloud service customers to maintain the desired degree of self-determination in various ways — or not. To ensure transparency and enable cloud service customers to make risk-based decisions in this context, there is a need for generally recognized, objective, and verifiable criteria for self-determination i.e. autonomy. C3A - Criteria enabling Cloud Computing Autonomy provide a set of criteria for assessing whether a given set of cloud services allows for self-determined use within its respective risk context. C3A are a guiding framework and are intended to increase transparency. The C3A Framework is not binding in itself.

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

3. Related Regulations

• BSI C3A - Criteria enabling Cloud Computing Autonomy -

  Copyright by Bundesamt für Sicherheit in der Informationstechnik

  C3A - Criteria enabling Cloud Computing Autonomy

  Published under Creative-Commons-License CC-BY-ND 4.0 International.