Glossary

Digital sovereignty
Digital sovereignty means that a country, an organisation or citizens can truly make decisions about their digital activity, data and technological solutions as well as execute said decisions without excessive dependence on external actors, platforms, countries or legislature. It includes data storing, processing, infrastructure and technological choices in a way that there is unobstructed access to the systems and true decision-making power in legislation and according to one’s own values. Digital sovereignty isn’t either on or off, instead it is a risk management based framework, where systems have been designed in a distributed way without critical singular dependencies. The objective is also to make sure that digital functions critical to society stay in one’s own control even in a crisis.

Data sovereignty
Data sovereignty means that data — such as personal information of citizens, public information or companies’ business data — is under the jurisdiction of one’s own country’s or organization’s laws, policies and oversight and those who have the right to access it are not restricted. It means the capability to decide where data is stored, how it is processed and who uses it, without decision-making power concentrating on singular foreign platforms or justice systems. Data sovereignty does not mean complete isolation, but a distributed and thought-out architecture where one avoids a single country, supplier or technology becoming a critical vulnerability.

Sovereign cloud
Sovereign cloud is a cloud service or cloud infrastructure that is designed in such a way that data, applications and services stay under the jurisdiction of local legislation, oversight and actual execution capability. The important element isn’t the physical location of data, but that the system is not vulnerable to the excessive power of a single country, platform or supplier. Sovereign cloud supports decentralization and risk management: it reduces situations with a single point of failure and enables service continuity even in a crisis. Solutions like this are vital to the governmental services, health care and other critical functions that enable society to work.

AI sovereignty
AI sovereignty means the capability to develop, train, use and regulate AI solutions by one’s own jurisdiction and according to the society’s values as well as execute them without a critical dependance on any single foreign supplier or platform. This encompasses the data used by the AI systems, the models, the infrastructure and control mechanisms. AI sovereignty isn’t an absolute state, but constant risk management, where you avoid situations where external decisions might jeopardize the functionality, availability, supervision or credibility of AI services. The goal is to ensure that AI supports democracy, security and basic human rights even in shifting geopolitical situations.

Critical digital infrastructure
Critical digital infrastructure means digital systems and services, that are critical to the functioning of the society, including security and basic human rights. These include government services, digital services in health care, payment and banking systems, communication networks and the control systems within the energy sector. These systems and solutions have to be exceptionally well covered, decentralised and governed in a way that no single supplier, country or platform can establish a critical weakness. It is important to maintain and control said systems independently even in times of crisis and changing international situations.

Digital security of supply
Digital security of supply means the society’s capability of maintaining and restoring essential digital services in all situations, including disruptions, crises and exceptional circumstances. Digital security of supply isn’t simply based on technology, but also skills, governance models and execution capability. It requires planned decentralisation, without critical dependencies on any single technical supplier, country or platform. It is important for the society to be capable of, by itself, controlling, maintaining and, when necessary, changing it’s digital systems without the objectives being blocked by external decisions or breaks.

Technological dependancy
Technological dependancy means a situation where the government, organisation or society is too bound to singular technology suppliers, platforms, countries or closed systems. This kind of dependancy can restrict decision making, weaken security and prevent the continuity of function, if circumstances change. Technological dependancy isn’t on or off but an accumulation of risks that can be managed by decentralising, open solutions and by maintaining alternative solutions and providers. From the viewpoint of digital independence, the goal is to recognise critical dependancies and ensure that no singular technical, commercial or geopolitical factor can turn into a decisive vulnerability.

Open source code
Open source code means software that has its source code openly available, observable and editable according to the rules of the selected license. Openness supports digital sovereignty, because it decreases the dependance on singular suppliers and enables true control and execution of systems. Open source code enables decentralisation, competitive bidding and risk management as well as decreases the situations associated with a single point of failure. In public and critical use openness also adds transparency and security. Open source code doesn’t mean free of charge, but the sharing of power and knowledge in a way that no single critical technology is built on closed control. Open source code doesn’t mean that an organisation has to maintain the code themselves. Open source based systems can be bought with a service model where a supplier or suppliers handle the maintenance.

---