Global

Gaia-X Level 3: The new standard for data sovereignty. Who made it to the CISPE list?

Natalia Zębacka

21 lis 2025 — 2 min read

For years, the discussion about European digital sovereignty was mainly based on political declarations. However, the Gaia-X 2025 summit in Porto saw a key shift towards hard market realities. Ulrich Ahle, CEO of the organisation, presented the first operational catalogue of cloud services, which allows business customers to verify providers for true independence from foreign jurisdictions.

The catalogue, developed by CISPE (the association of cloud infrastructure providers in Europe), introduces a three-tier rating scale that has the potential to become the new market standard for transparency. While Levels 1 and 2 focus on technical compliance and identity verification, Level 3 (Level 3) represents a fundamental shift in the balance of power in the IT market. This label is reserved exclusively for organisations based in the European Union, which guarantee immunity from extraterritorial third-country legislation – by implication, primarily the US CLOUD Act.

The first wave of certification included a small group of entities that managed to meet these stringent criteria. Among the pioneers were Cloud Temple, Thésée Datacenter, Opiquad, OVHcloud and Seeweb. A total of nine services provided by these companies have been officially recognised by CISPE – which acts as the clearing house – as fully sovereign. Francisco Mingorance, secretary general of CISPE, indicated that the list would soon grow, although the timeframe for implementing the standards was extremely tight.

The move is a clear signal to the market that ‘trust’ is becoming a measurable business parameter. Sebastien Lescop, CEO of Cloud Temple, points out that the industry has relied on vague assurances for too long, and that the Level 3 label is the ultimate ‘check’ for marketing declarations. Significantly, Gaia-X has managed to stay ahead of the bureaucratic machinery of Brussels. Although the European Union is still working on its own rating system, the Gaia-X standard is now available and, the organisation assures, will largely coincide with the definition of sovereignty pushed by the European Commission. For CIOs of large European companies, this means that for the first time they have been given a tool to instantly assess the legal risks of entrusting data to the public cloud.

Coming soon

This is The Kinetic Brief, a brand new site by Bartosz Martyka that's just getting started. Things will be up and running here shortly, but you can subscribe in the meantime if you'd like to stay up to date and receive emails when new content is

AI democratises cybercrime. Windows on target for hackers

Artificial intelligence, widely recognised as a driver of innovation in business, has become an equally powerful tool in the hands of criminals. The latest Elastic 2025 Global Threat Report, based on analysis of more than one billion data points, sheds light on a worrying trend: the barrier to entry into

AI demokratyzuje cyberprzestępczość. Windows na celowniku hakerów

Sztuczna inteligencja, powszechnie uznawana za motor napędowy innowacji w biznesie, stała się równie potężnym narzędziem w rękach przestępców. Najnowszy Elastic 2025 Global Threat Report, oparty na analizie ponad miliarda punktów danych, rzuca światło na niepokojący trend: bariera wejścia do świata cyberprzestępczości drastycznie maleje, a zautomatyzowane ataki stają się nowym standardem

The end of the 'lone wolf'. The future of cyber security is managed services

Statistics can be unforgiving, and in the case of cyber security, they shed new light on the state of modern business. It is estimated that just 0.009 per cent of the world’s one million companies have a chief information security officer, or CISO, on staff. For years, this

Read more

Coming soon

AI democratises cybercrime. Windows on target for hackers

AI demokratyzuje cyberprzestępczość. Windows na celowniku hakerów

The end of the 'lone wolf'. The future of cyber security is managed services