Glossary — European digital sovereignty
What is European digital sovereignty?
Ability to preserve and process data within a European legal framework, on infrastructure based in the EU, without exposure to non-European extraterritorial regimes (CLOUD Act, Investigatory Powers Act). For an organisation, it is reflected in the choice of a coherent hosting provider, jurisdiction and contractual framework.
What it is
European digital sovereignty designates, at the scale of an organisation, the effective control over its data: where it is stored, who can access it, which law governs it in a dispute.
Three concrete criteria define it in a client-vendor relationship:
- Data location in an EU member state — not just the promise of a 'European region' from a vendor whose parent company falls under foreign law.
- Applicable jurisdiction for the service contract — French or European law, European courts.
- Absence of extraterritoriality: the operator cannot be compelled, by a non-European authority, to hand over data against its client's will. The US CLOUD Act (2018) and the UK Investigatory Powers Act (2016) are the main threats here.
Why it matters
For archives linked to a company cessation, sovereignty is not a slogan: it is the guarantee that an estate, tax or succession dispute can be settled in France under known rules, without a US judge authorising remote access. It is also a factor of economic predictability: the bill does not depend on the exchange rate or a foreign political decision.
How Archivum approaches it
Archivum stores all client data in Europe, on French infrastructure Scaleway (French data centres, S3-compatible object storage). Public delivery of continuity sites runs through Cloudflare as the frontal CDN, with no primary storage: requests terminate in France. The legal framework claimed is GDPR and general French contract law. No client data is replicated to a US hyperscaler.