Digital sovereignty according to the new BSI standard How Knodge already complies with the C3A catalog today Berlin, 27.04.2026A bombshell for the German cloud landscape: The German Federal Office for Information Security (BSI) has today published the eagerly awaited "Criteria enabling Cloud Computing Autonomy (C3A) " catalog.'https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2026/260427_C3A.html'This is the first time that tangible technical criteria have been defined for Germany as to what digital sovereignty in the cloud really means. For companies, this is a decisive compass when choosing their partners. We show what is in the C3A catalog and how Knodge, as a European knowledge infrastructure, not only meets these requirements, but was designed from the ground up according to these principles. What is the C3A criteria catalog? The C3A catalog is a framework designed to help cloud customers assess the autonomy and transparency of cloud services. It is about being able to make a risk-based decision and not being dependent on providers that operate outside the European legal and value system. The criteria are divided into six central areas: Strategic sovereignty2 Legal & jurisdictional sovereignty Data sovereignty4 Operational Sovereignty5 Supply chain sovereignty Technological sovereignty Knodge & C3A: A checklist of sovereignty For Knodge, the C3A catalog is not a surprise, but a confirmation of its own founding principles. Here's how Knodge meets the key BSI requirements: ✅ Legal & Jurisdictional Sovereignty The BSI requires that the service is subject to European jurisdiction.Knodge fulfills this through: European hosting: All data is processed exclusively in European data centers. GDPR & GoBD compliance:** The entire architecture is designed to comply with the strictest German and European data protection and financial regulations. ✅ Data sovereignty Control over your own data is at the heart of sovereignty. The BSI requires encryption and full control by the user.Knodge fulfills this through:Zero Training Policy: Your data is never used to train our AI models. Your knowledge remains your knowledge. Cryptographic integrity: When exporting archives, a SHA-256 hash value is generated. This tamper-proof certificate proves the immutability of your data, exactly as required by the GoBD and the BSI. Two-factor authentication (2FA):** Knodge relies on a secure, passwordless login using a one-time code and thus fulfills a core requirement of the BSI for secure cloud use. ✅ Operational sovereignty Transparency and traceability are crucial in order to have confidence in a service.Knodge fulfills this through:** The knowledge master sheet: A key innovation from Knodge. This PDF certificate documents the underlying database, quality index and access methods for each AI analysis in an audit-proof manner. It was specially developed for audits and scientific traceability. ✅ Technology sovereignty The BSI warns against "vendor lock-in", i.e. technological dependence on one provider.Knodge fulfills this through:** Intelligent exports: You can export your data at any time in a ZIP archive. This contains not only the original files, but also all the data extracted by the AI in a machine-readable JSON format. This guarantees you the freedom to migrate your data to another system at any time. Conclusion: Sovereignty by design The BSI's new C3A catalog is an important step towards a secure and self-determined digital future in Germany and Europe. It creates a clear standard that companies can use as a guide. For Knodge, this standard is a welcome confirmation of its own DNA. We built Knodge as a sovereign knowledge infrastructure from the outset - not as a feature, but as a foundation.