With a new digital sovereignty assessment and an open framework, Red Hat is courting Europe’s policymakers and CIOs — but homegrown EU rivals and U.S. politics make it an uphill climb.
In a move aimed squarely at the European market — although without a mention of Europe — Red Hat has made another digital sovereignty play. Yesterday, the company announced it’s released a Digital Sovereignty Readiness Assessment tool, which offers a web-based, self-service assessment to help organizations determine what the company is calling “their sovereignty baseline.”
Not only that, it’s releasing the whole kit and caboodle under the Apache 2.0 open source license, with both the source and criteria available on a GitHub repository.
“This means that anyone, from other vendors to Red Hat partners to end users, can objectively determine if this framework applies to them and modify it to best meet their specific needs,” a Red Hat spokesperson told FOSS Force in an email.
Digital Sovereignty’s Evolution
Digital Sovereignty has become the catchphrase of the decade when it comes to Euro tech. It actually started last decade, alongside the EU’s GDPR, as data collection regulations that mandated that data collected in an EU country needs to remain in that country, whether at rest or in transit. More recently, it has increasingly attempted to keep data in the hands of local companies that aren’t subject to laws (or subpoenas) from countries outside the US.
This decade, especially since 2025 as the EU’s relationship with the US has deteriorated, the definition of the phrase has evolved to not only include privacy issues associated with data, but to entire IT infrastructures, as the EU becomes increasingly concerned that large-scale reliance on hardware and software from suppliers based in the US, China, and elsewhere could produce security and operational issues should relations with those countries sour.
This has led to a large-scale move to build a more “made-in-the-EU” infrastructure that includes EU-based clouds, software developers, and equipment manufacturers. This move has seen push-back from the Trump administration, which has threatened retaliation that seems to have only strengthened European resolve.
My Digital Sovereignty Readiness Assessment
There’s not a lot of “there there” in Red Hat’s new tool, which looks to me to be mostly a handy way for Red Hat to sell products. It’s certainly not a way to assess whether a company’s infrastructure and data handling meets regulations, whether in the EU, US, or anywhere else, a point that Red Hat itself makes in a disclaimer.
Accessed online, the tool takes you through 21 questions, all multiple choice with yes, no, and I don’t know answers. When completed, it grades the results to provide a “readiness score” and offers “recommend next steps.”
Questions are along the lines of “Do you have disaster recovery plans that account for geopolitical scenarios?”; “Do you control and manage your encryption keys exclusively (not shared with cloud providers)?”; “Can you prevent sensitive data from crossing specific geographic borders?”; and “Does your organization currently comply with all data residency requirements or regulations relevant to your country/region/vertical?”
I took the test and gave random answers, making sure to pick plenty of “no” and “I don’t know” answers. When finished, I received a score of 62, which the tool indicated was pretty good, but left room for improvement. There was also a “Domain Analysis,” and a “learn more” link that led to a page where I could request a consultation with Red Hat.
Red Hat’s Uphill Battle
Earlier this year, the company launched Red Hat Confirmed Sovereign Support. This seems to indicate that Digital Sovereignty Readiness Assessment is mainly a tool to help Red Hat consultants get (or perhaps more precisely, keep) a foot in the door.
This might have sufficed if it had happened before Trump’s second occupation of the White House and all that’s followed since. These days, US-headquartered companies are finding it increasingly difficult to get around EU regulations. Clouds are finding that promises to protect data no longer satisfies European regulators, who are wary of a US legal system that claims to have the right to subpoena EU data being held in EU-located data centers owned by US-based cloud companies.
In addition, EU businesses are actively seeking to buy European when it comes to software and hardware. Although primarily a software company, Red Hat is vulnerable in both areas, since part of its mandate is to sell hardware for its sole shareholder, IBM, and nothing says US-made hardware more than Big Blue. Red Hat also faces considerable competition from companies that don’t carry the baggage of US roots. Most directly, there’s Germany-based SUSE, that’s been developing and selling a Linux-centered server stack for even longer than Red Hat.
It’s also been marketing Digital Sovereignty as a product longer than Red Hat, having launched Sovereign Premium Support in July, 2025. Similar to Red Hat’s offering, it helps customers address regulatory requirements and meet digital sovereignty needs — but coming from a company born and bred in the EU.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
Be First to Comment