Law 1: Define Sovereignty

Sole jurisdictional control with no foreign legal compulsion. Binary test.

Maps to Manifesto Demand 1.

Principle

Sovereignty is sole jurisdictional control over a sovereignty-critical asset, with no foreign legal compulsion.

The test is binary. Every entity that operates the asset is non-compellable under foreign law, or the asset is not sovereign. No scoring system grades partial foreign exposure as sovereignty.

The definition follows from law Europe has already written. The Court of Justice of the European Union under Schrems I and II established that jurisdictions with extraterritorial executive authority over European data are not adequate. The European Data Protection Board’s European Essential Guarantees define the standard.

The eight laws of this series turn that standard into infrastructure.

Mechanism

The principle operates through two tests applied together.

The compellability test. An entity is sovereign if it cannot be compelled to act against European interests by any non-European legal order. Compellability is the test, not residence, branding, or contractual representation.

An entity passes only if it is incorporated under EU or EEA law with no Delaware shell, Cayman holding, or equivalent structure; has its legal seat and operational headquarters in the EU or EEA; is majority-owned by European entities; has a board majority of European citizens or long-term residents; has key technical and security personnel who are European citizens or long-term residents; has its operational infrastructure physically located in the EU or EEA; and is not subject to any foreign legal order with extraterritorial reach.

The instruments tested against include the CLOUD Act, FISA Section 702, the Patriot Act, ITAR, EAR, the UK Investigatory Powers Act, the Chinese National Intelligence Law, and their equivalents.

The stack contamination principle. Sovereignty is a property of every layer of an asset’s sovereignty stack. A stack’s effective sovereignty position is determined by its least sovereign layer. If any single layer sits at Position 4 or 5, the whole stack is contaminated.

The two tests run together. An entity that passes the compellability test at the top layer but depends on a non-sovereign component underneath is not sovereign at the stack level. An entity that passes at every layer except one is not sovereign at all.

The Five-Position Framework

This law uses the framework from Paper 1. The full case sits there.

Position 1. National sovereignty. One state has jurisdiction; no other has reach. The strongest position, because it carries the narrowest trust dependency.

Position 2. EU sovereignty. Twenty-seven states share jurisdiction; no entity in the chain is reachable by non-EU law.

Position 3. Distributed sovereignty. No single entity holds the whole, so no single entity can be compelled to surrender it. Trust shifts from institutions choosing well to mathematics that institutions cannot reverse.

Position 4. Shared with a foreign state. A provider may be European in name, staff and marketing; if foreign law can compel it, the data sits under foreign jurisdiction. The compliance illusion.

Position 5. Decentralisation theatre. Foreign control delivered through nominally distributed architecture.

An offering passes the law’s test when it sits at Position 1, 2 or 3 across every layer of its stack. The required position by workload class is set out in the operational specifications below.

Outcomes

What this law produces in practice.

A binary conformance test. Procurement officers, regulators, and standards bodies have a yes/no answer for any candidate offering. The test runs the same across cloud, payments, identity, healthcare, communications, military, and every other stack. The test does not change with marketing.

The Five-Position Framework as legibility instrument. Positions 1, 2 and 3 deliver sovereignty under the test. Positions 4 and 5 do not. The five positions make the test legible across different threat models without softening the binary nature of the conformance test.

Refusal of sovereignty washing. Offerings that depend on operational arrangements (data residency, EU staffing, contractual safeguards, EU-incorporated subsidiaries with non-EU parents) to claim sovereignty fail the compellability test at the entity level. They are refused. The redefinition project documented in Paper 3 stops at the framework boundary.

Architectural compatibility with European law. The test is the operational form of standards European courts have already established. Schrems II, the European Essential Guarantees, the GDPR adequacy framework, and DORA jurisdictional concentration analysis all run against the same definition. The law makes the definition explicit.

Operational specifications

The test applies layer by layer across all twelve sovereignty stacks. Each stack page on the site names the layers, identifies the European candidates at each layer, and applies this law’s test layer by layer.

For each layer:

The operating entity is named and tested for compellability.
The supply chain into the layer is traced. Any foreign-jurisdictional dependency in the supply chain contaminates the layer.
The layer’s effective position is recorded (1, 2, 3, 4, or 5).
The stack position is the minimum of the layer positions.

For an offering to qualify as sovereign for a given workload class, the stack must be at Position 1, 2 or 3 across every layer required by that class.

The required position varies by threat model. Position 1 applies to workloads requiring trust in a single European state. Position 2 applies to workloads requiring trust in the EU collectively. Position 3 applies to workloads where no state-level actor (European or otherwise) is permitted in the threat model.

Where layers aren’t yet sovereign

Europe does not have the tech for every layer of every stack today. Silicon design and fabrication at the leading edge, certain cryptographic primitives, frontier AI compute. Some layers will take years to build.

The law accepts that path.

A data centre operated under European jurisdiction with chips fabricated in Taiwan sits at Position 4 at the chip layer. The stack score is Position 4 because of that layer. The next move is to bring the chip layer toward Position 1 or 2 as European fabrication grows.

We do not refuse the data centre because the chips aren’t there yet. We record the gap and we close it.

Phased compliance under Law 2 ramps the requirement at each layer as European supply at that layer matures. The law is binary at every measurement. The path to Position 1, 2 or 3 across the full stack is iterative.

Where this sits in the series

Paper 1: The Sovereignty Illusion. The Five-Position Framework, the compellability case, the test applied to the European cloud reality.
Paper 2: The Sovereignty Stack. The software-stack layer-by-layer assessment using this law as the test.
Paper 3: Sovereignty Washing. The redefinition project this law refuses.
Paper 12: The Stablecoin Stack. Stack contamination stated explicitly.
Paper 16: The Submarine Cable Question. Stack principle extended: a stack’s sovereignty position is inherited from its least sovereign component.
Paper 20: The AI Europe Rents. The Mistral analysis: Position 2 at upper layers, Position 4 at silicon and firmware. The stack composes to the weaker position.
Paper 24: The Open Source Sovereignty Gap. Component 2 of the prescription: the fully-European compellability test.

Law 2 (Mandate Compliance) is this law operationalised as a requirement. Law 1 supplies the test; Law 2 specifies what workloads must pass it.
Law 4 (Validate European Cryptography) applies this law to a layer that cannot be tested by inspection alone. The European cryptographic standards body and the Stack Compliance Body provide the operational verification authority.
Law 6 (Defend Against Acquisitions) protects sovereign entities from being moved out of the European perimeter through acquisition.
The Three-Outcomes Principle is the foundation. The compellability test exists because the alternative is outcome two: the European entity that looks sovereign on its marketing material remains compellable on its statute book.