Digital sovereignty according to the new BSI standard

By Knodge Team

Digital sovereignty according to the new BSI standard

How Knodge already complies with the C3A catalog today

Berlin, 27.04.2026
A bombshell for the German cloud landscape: The German Federal Office for Information Security (BSI) has today published the eagerly awaited "Criteria enabling Cloud Computing Autonomy (C3A) " catalog.
'https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2026/260427_C3A.html'
This is the first time that tangible technical criteria have been defined for Germany as to what digital sovereignty in the cloud really means. For companies, this is a decisive compass when choosing their partners.

We show what is in the C3A catalog and how Knodge, as a European knowledge infrastructure, not only meets these requirements, but was designed from the ground up according to these principles.

What is the C3A criteria catalog?

The C3A catalog is a framework designed to help cloud customers assess the autonomy and transparency of cloud services. It is about being able to make a risk-based decision and not being dependent on providers that operate outside the European legal and value system. The criteria are divided into six central areas:

  1. Strategic sovereignty
    2 Legal & jurisdictional sovereignty
  2. Data sovereignty
    4 Operational Sovereignty
    5 Supply chain sovereignty
  3. Technological sovereignty

Knodge & C3A: A checklist of sovereignty

For Knodge, the C3A catalog is not a surprise, but a confirmation of its own founding principles. Here's how Knodge meets the key BSI requirements:

✅ Legal & Jurisdictional Sovereignty

The BSI requires that the service is subject to European jurisdiction.
Knodge fulfills this through:

  • European hosting: All data is processed exclusively in European data centers.
  • GDPR & GoBD compliance:** The entire architecture is designed to comply with the strictest German and European data protection and financial regulations.

✅ Data sovereignty

Control over your own data is at the heart of sovereignty. The BSI requires encryption and full control by the user.
Knodge fulfills this through:
Zero Training Policy: Your data is never used to train our AI models. Your knowledge remains your knowledge.

  • Cryptographic integrity: When exporting archives, a SHA-256 hash value is generated. This tamper-proof certificate proves the immutability of your data, exactly as required by the GoBD and the BSI.
  • Two-factor authentication (2FA):** Knodge relies on a secure, passwordless login using a one-time code and thus fulfills a core requirement of the BSI for secure cloud use.

✅ Operational sovereignty

Transparency and traceability are crucial in order to have confidence in a service.
Knodge fulfills this through:
** The knowledge master sheet: A key innovation from Knodge. This PDF certificate documents the underlying database, quality index and access methods for each AI analysis in an audit-proof manner. It was specially developed for audits and scientific traceability.

✅ Technology sovereignty

The BSI warns against "vendor lock-in", i.e. technological dependence on one provider.
Knodge fulfills this through:
** Intelligent exports: You can export your data at any time in a ZIP archive. This contains not only the original files, but also all the data extracted by the AI in a machine-readable JSON format. This guarantees you the freedom to migrate your data to another system at any time.

Conclusion: Sovereignty by design

The BSI's new C3A catalog is an important step towards a secure and self-determined digital future in Germany and Europe. It creates a clear standard that companies can use as a guide.

For Knodge, this standard is a welcome confirmation of its own DNA. We built Knodge as a sovereign knowledge infrastructure from the outset - not as a feature, but as a foundation.