The Digital Sovereignty Heatmap helps organisations gain insight into their dependency on non-European technology providers. By analysing your software stack across five dimensions — jurisdiction, data residency, cryptographic keys, platform lock-in and source code sovereignty — you get a clear risk profile.
The tool is built on the conviction that digital sovereignty is not an abstract policy concept, but a concrete operational challenge. Every organisation that uses software makes choices that affect its autonomy, compliance and continuity.
The scoring is based on five dimensions, each scored from 0 (sovereign) to 100 (high risk):
The total score is an equally weighted average of all dimensions. Context such as sector, data classification and criticality level will be included in future versions.
Your assessment data never leaves your browser. All calculations are performed client-side. The optional telemetry collects only aggregated, anonymised counters — no personal data, no raw scores, no IP addresses. Telemetry is disabled by default and requires explicit opt-in.
This tool was developed by Ric van Westhreenen — a hands-on interim manager specialising in IAM, digital transformation, governance and compliance. With experience at organisations such as Ahold Delhaize, T-Mobile, Vattenfall and EP NL, and as a supervisory board member at TYPO3 GmbH, he combines strategic insight with pragmatic execution.
The Digital Sovereignty Heatmap is part of the ACCANS. product portfolio — tools that help organisations get a grip on complex IT challenges.
Digital sovereignty is the degree to which an organisation retains control over its data, software choices and operational continuity. Concretely: does your data sit under EU jurisdiction, can you manage your own encryption keys, and can you switch vendors without prohibitive cost? The more 'yes' answers to those questions, the more sovereign you are.
Each selected vendor is scored across five dimensions (JES, DRS, CKS, PLS, SRS) from 0 (sovereign) to 100 (high risk). The total is an equally weighted average. Future versions will also factor in context like sector, data classification and criticality.
No personal data. The assessment runs entirely in your browser; calculations never leave your device. You can optionally share anonymous, aggregated counters for the community trends — telemetry is off by default and requires explicit opt-in. No IP addresses, no session IDs, no cookies beyond your language preference.
JES = Jurisdictional Exposure (where the vendor is incorporated). DRS = Data Residency (where your data is actually hosted). CKS = Cryptographic Key Sovereignty (who controls the encryption keys). PLS = Platform Lock-in (how easily you can switch). SRS = Source & Runtime Sovereignty (source code availability and runtime location). Each dimension measures a different risk facet.
A vendor whose headquarters is in an EU country and that offers the option to host data inside the EU. We also distinguish between product (software you deploy or consume) and service (consultancy, MSSP, training). Products are only ever recommended as replacements for other products — an MSSP is never suggested in place of a SaaS product, and vice versa.
No. The Digital Sovereignty Heatmap is an exploratory instrument for surfacing risks; it is not legal advice and not a compliance attestation for GDPR, NIS2, DORA or similar regulation. Use it to start conversations, identify gaps and set priorities — leave the legal evaluation to your own counsel.
Ric van Westhreenen, a hands-on interim manager specialising in IAM, digital transformation, governance and compliance. With experience at organisations such as Ahold Delhaize, T-Mobile, Vattenfall and EP NL, and as a supervisory board member at TYPO3 GmbH. The tool is part of the Accans product portfolio.
The vendor catalogue counts over 1,700 vendors and is updated periodically based on market developments, user feedback and new EU entrants. The most recent changes are always visible on the changelog page.
No. All product and company names on this site — Microsoft, Google, AWS, Salesforce, Slack and every other vendor referenced — are trademarks™ or registered® trademarks of their respective holders. Mention on this site does not imply affiliation, sponsorship or endorsement. This Heatmap is an independent information resource, produced without any commercial relationship with any party referenced. No rights can be derived from the classifications shown; for formal legal or compliance assessments, please consult your own counsel.