"Choose your technologies and retain the ability to switch: infrastructure sovereignty ensures the organization maintains control over its technical foundation, can evolve it, and can exit without excessive damage."
Infrastructure dependency mapping, cloud/on-premise/edge decision criteria, operational DORA, resilience planning and exit strategy.
CIO, enterprise architects, infrastructure & cloud managers, CISO, resilience and continuity teams, CDO office.
DORA Art. 28-30 (ICT concentration), NIS 2 Art. 21 (technical measures), Data Act Art. 23-35 (portability), BCBS 239 (continuity).
Half day (3h30) — 2 theoretical sessions + 1 dependency mapping workshop.
Infrastructure sovereignty relies on the ability to precisely map dependencies, classify them by DORA criticality, and maintain a continuity strategy without excessive reliance on any single third party.
Own infrastructure, internal or co-located datacenter. Full control. High CAPEX investment.
SecNumCloud or HDS-certified cloud, EU operator, no foreign jurisdiction exposure.
International public cloud. Maximum agility. Cloud Act exposure depending on provider. DORA concentration risk.
| Workload | DORA Criticality | Data Classification | Recommended Tier | Required Certification |
|---|---|---|---|---|
| Core banking & payments | ● Critical | Critical | On-premise / Tier 1 | PCI-DSS, ISO 27001 |
| Data platform & BCBS reporting | ● Critical | Critical | On-premise or SecNumCloud | HDS if healthcare, ISO 27001 |
| High-risk AI systems (scoring) | ● Critical | Confidential | Sovereign cloud / Tier 1 | SecNumCloud or equiv. |
| Fraud detection & AML | ● Important | Confidential | EU sovereign cloud | ISO 27001, SOC2 |
| Internal analytics & BI | ● Standard | Internal | EU cloud (hyperscaler) | GDPR + DPA |
| Collaboration & productivity tools | ● Low | Internal | International cloud | Internal security policy |
You have viewed the preview of this module (first 2 pages).
To access the full content, enter your access code or request access.