Skip to content

Explain SCS DigiSov and Certs. How to get into compliance.#381

Draft
garloff wants to merge 2 commits into
mainfrom
feat/add-digisov-and-cert
Draft

Explain SCS DigiSov and Certs. How to get into compliance.#381
garloff wants to merge 2 commits into
mainfrom
feat/add-digisov-and-cert

Conversation

@garloff

@garloff garloff commented Jul 9, 2026

Copy link
Copy Markdown
Member
  • Explain the motivation for the SCS certification levels rooted in the levels of digital sovereignty.
  • Give a practical example how to achieve the SCS certification by running the tests.
  • Hints on how to get listed, why we have the HM there and how to react to failed runs.

Editorial note:

  • This was written up in January 2025
  • It was not merged, as the description how to get certified is better done separately, elsewhere
  • Resurrect it, as the explanation of digital sovereigtny relative to SCS certification is useful
  • ToDo: Drop the duplicate pieces on testing and certification process

- Explain the motivation for the SCS certification levels rooted in
  the levels of digital sovereignty.
- Give a practical example how to achieve the SCS certification by
  running the tests.
- Hints on how to get listed, why we have the HM there and how to
  react to failed runs.

Editorial note:
- This was written up in January 2025
- It was not merged, as the description how to get certified is better
  done separately, elsewhere
- Resurrect it, as the explanation of digital sovereigtny relative to
  SCS certification is useful
- ToDo: Drop the duplicate pieces on testing and certification process

Signed-off-by: Kurt Garloff <kurt@garloff.de>
@garloff garloff self-assigned this Jul 9, 2026
@garloff garloff added documentation Improvements or additions to documentation standards Issues / ADR / pull requests relevant for standardization & certification labels Jul 9, 2026
@garloff garloff marked this pull request as draft July 9, 2026 23:01
@garloff

garloff commented Jul 9, 2026

Copy link
Copy Markdown
Member Author

This is what we talked about today, @depressiveRobot
I did not find the original pull request for this :-O

It needs cleaning up:

  • We should not duplicate the testing and certification process descriptions, so drop it
  • Yet the digisov-and-cert.md looks useful (and even largely still valid) to me

Signed-off-by: Kurt Garloff <kurt@garloff.de>
@garloff

garloff commented Jul 9, 2026

Copy link
Copy Markdown
Member Author

Drop the pieces that are extra ...

Comment thread standards/certification/digisov-and-cert.md
@gerbsen

gerbsen commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

FYI in context of the new proposed Cloud and AI Development Act by the EU KOM they define it like this. Also see Articles §16 to §28.

Defining cloud and AI sovereignty

The Cloud and AI Development Act defines cloud and AI sovereignty comprising four assurance levels, to be used by public sector bodies based on their risk assessments. Cloud service providers can be recognised under this framework by Member States, after undergoing an audit.

The four levels are:

Level 1: where data is processed and stored in infrastructure located in the Union;
Level 2: where providers must demonstrate independence from third countries and transparency over their software supply chain;
Level 3: where providers must be owned and controlled from the EU and meet additional criteria, such as personnel citizenship. The Commission can recognise third-country providers;
Level 4: where providers have full transparency and control over their software supply chain and no interference from a third country.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation standards Issues / ADR / pull requests relevant for standardization & certification

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants