SUSE rolls out APAC cloud sovereignty self-assessment

SUSE has launched a Cloud Sovereignty Self-Assessment tool aimed at organisations in the Asia-Pacific region that are facing tighter expectations over data control, cloud governance and the use of AI in regulated environments.

The web-based tool asks organisations to review their cloud and AI arrangements against the 2025 EU Cloud Sovereignty framework. It produces a results summary in about 20 minutes and is positioned as a way for companies to identify gaps that could affect eligibility for public sector work and other regulated contracts.

Policy and procurement discussions about digital sovereignty have moved into day-to-day compliance considerations for many organisations. In Australia, scrutiny has risen as the federal government and regulators put more emphasis on sovereign capability and local control across critical industries. That shift has proved complex for businesses that operate across borders or supply government agencies in both Europe and APAC.

The EU framework has become a reference point beyond Europe because it sets out common terms for sovereignty expectations. Buyers and regulators increasingly cite it when they set requirements for cloud services and the management of sensitive information.

Score and levels

SUSE's assessment generates what it calls a Sovereignty Effective Assurance Level score. The model assigns organisations to one of five levels, from SEAL 0 to SEAL 4. The tool frames the levels as a way for a business to compare its current position with the thresholds that may apply in particular tenders or jurisdictions.

The assessment also weighs performance across eight sovereignty objectives. The scoring model gives higher weight to supply chain security at 20% and operational autonomy at 15%, according to SUSE. The company said the structure reflects the attention that regulators and risk teams place on supplier concentration, software provenance, and the ability to keep operations running under local control.

For organisations that complete the questionnaire, the output includes a gap analysis and a downloadable PDF improvement plan. SUSE describes the document as a practical roadmap for future decisions about technology and investment. It focuses on where governance, architecture, or supplier arrangements may not align with external expectations.

Privacy approach

SUSE said the tool keeps results in the user's browser rather than storing them on a central platform. That design reduces the amount of information that leaves an organisation during an initial diagnostic exercise. It also addresses a common concern among security teams that early-stage assessments can create new exposure if they require uploading details about infrastructure or operational controls.

The company is pitching the tool at organisations that are building AI systems on top of cloud infrastructure and that need clarity on where control sits. It also targets groups that have to demonstrate compliance across different regimes. This includes firms with global supply chains and those that serve government customers.

"Organisations globally are facing a 'black box' problem when it comes to digital sovereignty, creating significant hidden risks," said Andreas Prins, Head of Global Sovereign Solutions, SUSE.

"Cloud Sovereignty is the essential foundation for Sovereign AI, as an AI model can only be truly autonomous if the underlying cloud infrastructure provides localised data residency and operational control. Without a sovereign cloud stack, organisations risk a 'black box' problem where their AI models and data remain subject to external jurisdictions, single vendors, and supply chain vulnerabilities. As governments and stakeholders reviewing Digital Sovereignty and Sovereign AI in APAC today, getting the right foundation now will empower enterprises to optimise their technology roadmaps to continue competing globally," said Prins.

Sovereignty requirements vary across markets. Many are not written as single laws and instead appear through procurement rules, sector regulators, and guidance on critical infrastructure. That has created pressure for internal teams to translate high-level expectations into technical and operational controls that can be audited.

In that environment, a structured questionnaire can serve as a starting point for governance discussions, particularly where multiple business units use different cloud providers or deploy AI services through third parties. It can also highlight areas where contractual commitments and operational reality diverge, such as where data may be processed, who can administer systems, and how incident response works across jurisdictions.

SUSE said the tool is part of its broader work on sovereign solutions in cloud and AI environments. The company operates in the open source infrastructure market, with products across Linux, container management and edge computing, and it has increased its focus on regulated industries where deployment models and operational control are central procurement criteria.

Interest in sovereignty has risen alongside forecasts of renewed growth in cloud spending. Forrester has predicted faster year-on-year growth in 2026, according to research cited by SUSE. Vendors and service providers have increasingly linked that projected growth to demand for more control over data location, supply chains, and operational autonomy.

SUSE said organisations in APAC can use the self-assessment to benchmark their current position against a framework that is being referenced by public sector buyers. The company is positioning the results as a basis for follow-on work where firms need a documented plan for closing gaps before tendering for contracts that specify sovereignty requirements.