Weighted Score:
78
High sovereignty due to EU-owned and EU-governed and EU law only.
Company name: STRATO GmbH
URL: https://www.strato.de
eurotechguide review(s): Strato Cloud Drive
Digital services offered: Cloud Infrastructure, Cloud drive
| Criterion | Score | Short Assessment | Long Rationale |
|---|---|---|---|
| SOV-1 (strategic) | 4 | EU-owned and EU-governed. | STRATO is headquartered in Berlin and is a subsidiary of United Internet (Germany). Under SOV-1, decisive authority is in EU jurisdiction, with EU anchoring of governance and value creation. Change-of-control risk exists for any corporate group, but the controlling structure is EU-based. This fits SEAL-4 for strategic sovereignty (complete EU control and anchoring). |
| SOV-2 (legal) | 4 | EU law only. | STRATO is governed under German/EU law. This aligns with “subject only to EU law” in the framework’s SEAL-4 definition for the legal/jurisdictional axis. |
| SOV-3 (data & AI) | 3 | EU hosting; global hardware. | STRATO’s servicers are hosted in Germany, but like most providers it still relies on global hardware/firmware supply chains. Without evidence of customer-held cryptographic control by default across all services and given standard hosting realities, SEAL-3 is appropriate: strong EU hosting posture but not full EU control over all critical dependencies. |
| SOV-4 (operational) | 4 | EU-operated; strong autonomy. | Infrastructure and operations are EU-based under United Internet. Service continuity does not depend on US hyperscaler support. → SEAL-4 |
| SOV-5 (supply chain) | 2 | Semiconductor dependency. | Semiconductor and firmware supply chains are global, representing a material non-EU dependency. → SEAL-2. |
| SOV-6 (technological) | 3 | Interoperable, not fully open. | Technology stack is largely proprietary hosting, but interoperability via common standards is strong. Still, not fully open/auditable end-to-end like an open-source platform. That’s meaningful EU control with some lock-in risk → SEAL-3. |
| SOV-7 (security) | 3 | Strong EU compliance baseline. | EU jurisdiction supports EU-based security operations and compliance, but without specific evidence here of EU-exclusive SOC/audit provisions comparable to sovereign public-sector offerings, SEAL-3 is a fair baseline. |
| SOV-8 (environmental) | 2 | Limited quantified reporting available | No clear, quantified public sustainability reporting specific to service operations. Environmental maturity not demonstrably evidenced. → SEAL-2 |