In April 2026, Schwarz Digits introduced the European Sovereign Stack Standard, or ES³ for short, a practical industry standard for assessing the digital sovereignty of cloud solutions and IT services. As an independent audit firm, BDO supported the development of the underlying Sovereignty Maturity Level (SML) framework to be able to conduct compliance audits on this basis in future. This collaboration provides decision-makers in industry, SMEs and regulated sectors with a robust basis for selecting sovereign IT solutions. 

 

What is ES³?

  • ES³ is a four-level maturity model (Initial, Managed, Advanced, Future‑Proof) for the objective and auditable assessment of the digital sovereignty of IT services.
  • It creates transparency and comparability across the entire value chain for the first time – from infrastructure through platforms to software and data.
  • The aim is to turn digital sovereignty from an abstract concept into a measurable and controllable decision parameter for management and IT.
  • ES³ is based on an extensive, EU‑oriented catalogue of criteria and specifically addresses regulatory requirements as well as risks arising from dependencies on third‑party providers.
  • The model serves as a decision‑making and governance tool for companies to deliberately assess, select and further develop sovereign IT architectures.
  • In addition to assessment, ES³ also includes concrete derivations for target architectures and the classification of services, e.g., in the context of marketplaces.
  • ES³ positions itself as a future European industry standard for digital sovereignty and strengthens independence from non‑European technologies.

 

Support from BDO: neutrality, comparability, regulatory requirements

BDO’s support for the development of the SML framework ensures that the ES³ standard can be applied in a neutral, transparent and objective manner and that this is open to audit.

  1. Reliable comparability of IT services: Organisations can evaluate and compare offerings based on uniform criteria.
  2. Regulatory requirements: The model creates transparent decision-making bases that also address regulatory requirements.
  3. Lower investment risk: Objective evaluation reduces uncertainty in procurement decisions and strengthens investment security.

 

Significance for European sovereignty

The transparent maturity model strengthens Europe’s digital autonomy by enabling companies and public bodies to specifically select solutions that ensure data sovereignty, control options and legally compliant processing. By defining concrete criteria, the ES³ standard simultaneously promotes the development of a European ecosystem: providers of sovereign cloud solutions receive clear market incentives, enabling European technology partners to position themselves more effectively in the competitive landscape. Finally, the model supports the political agenda, as its alignment with existing EU frameworks facilitates the implementation of regulatory requirements and makes cloud sovereignty goals practically achievable.

Learn more about the new ES³ standardOpens in a new window/tab

This article was written by

Markus Sell
Markus Sell
Chief Executive Officer, BDO DIGITAL GmbH, Partner
Andreas Stemick
Andreas Stemick
Managing Director BDO DIGITAL GmbH & BDO Cyber Security GmbH