Digital Sovereignty has to start with Open Source.pdf
Mindtrek
1 views
48 slides
Oct 10, 2025
Slide 1 of 48
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
About This Presentation
By: Emiel Brok, Open Source Ambassador, SUSE / DOSBA.
Slide Content
Open by Design,
Sovereign by Choice
Mindtrek
Tampere Finland 2025
1
Sovereign by Choice
Mindtrek
Tampere Finland 2025
1
Emiel Brok
Open Source Ambassador at SUSE
Co-Founder & Board Member DOSBA
Board Member APELL
2
Headshot
Open Source Ambassador at SUSE
Co-Founder & Board Member DOSBA
Board Member APELL
2
Headshot
3
Friday Ketchup
Friday Ketchup
4
Disclaimer:
I am not a
lawyer
Disclaimer:
I am not a
lawyer
5
Disclaimer:
I am not a
technician
Disclaimer:
I am not a
technician
1992 HQ 40 2,600$700m+10,000+
Founded in
Nuremberg
Luxembourg Offices Employees Revenue Enterprise
Customers
Developer contributions
measured every day →
Publicly ranked alongside the
largest technology companies
World-class
ecosystem of
partners
5 years in a row [5]
[1] SUSE Company Data [2] Gartner Magic Quadrant + Omdia [3] Common Criteria, SLSA [4] The UN Global Compact [5] suse.com/partners [6] SUSE Customer Data
Recognised leader in
Container Management
& Virtualization →
[2]
17% emissions
reduction since 2022
[4]
Top Supply Chain
Security Certifications
[3]
90%+
Of the world’s leading
companies rely on SUSE [6]
10/10 13/15
of the largest
Automotive
companies
of the largest
Pharmaceutical
companies
14/15 13/15
of the largest
Aerospace
companies
of the largest
FinServ
companies
Top 8 Top 5 Top 12
Consistently
SUSE at a glance
Founded in
Nuremberg
Luxembourg Offices Employees Revenue Enterprise
Customers
Developer contributions
measured every day →
Publicly ranked alongside the
largest technology companies
World-class
ecosystem of
partners
5 years in a row [5]
[1] SUSE Company Data [2] Gartner Magic Quadrant + Omdia [3] Common Criteria, SLSA [4] The UN Global Compact [5] suse.com/partners [6] SUSE Customer Data
Recognised leader in
Container Management
& Virtualization →
[2]
17% emissions
reduction since 2022
[4]
Top Supply Chain
Security Certifications
[3]
90%+
Of the world’s leading
companies rely on SUSE [6]
10/10 13/15
of the largest
Automotive
companies
of the largest
Pharmaceutical
companies
14/15 13/15
of the largest
Aerospace
companies
of the largest
FinServ
companies
Top 8 Top 5 Top 12
Consistently
SUSE at a glance
Open by Design
Sovereign by Choice
Sovereign by Choice
8
Open Source Business Alliances OSBA -
COSS - DOSBA - CNLL - OS Sweden - ESOP - RIOS
9
COSS - DOSBA - CNLL - OS Sweden - ESOP - RIOS
9
10
Digital Sovereign IT
=
ALWAYS
Open Source!?
Digital Sovereign IT
=
ALWAYS
Open Source!?
Digital Sovereignty
What is it?
Digital sovereignty refers to the ability of a nation,
organization or individual to control and govern their own
digital assets, infrastructure and data independently,
free from undue external influence or dependency.
Digital sovereignty refers to the ability of a nation,
organization or individual to control and govern their own
digital assets, infrastructure and data independently,
free from undue external influence or dependency.
13
14
cc picture by so me
cc picture by so me
Picture of dancefloor
17
Don’t fight, DANCE!
Don’t fight, DANCE!
Open by Design
Sovereign by Choice
Sovereign by Choice
Unpacking Digital Sovereignty
Digital Sovereignty
Data Sovereignty
Operational Sovereignty
Technological Sovereignty
Data Residency & Localization
Data Governance & Access Control
Regulatory Compliance & Privacy
Infrastructure & Hardware Control
Software Autonomy & Open Source
Secure & Independent Supply Chains
Autonomous Man. & Operations
Resilience & Business Continuity
Immunity from Foreign Legal Reach
Digital Sovereignty
Data Sovereignty
Operational Sovereignty
Technological Sovereignty
Data Residency & Localization
Data Governance & Access Control
Regulatory Compliance & Privacy
Infrastructure & Hardware Control
Software Autonomy & Open Source
Secure & Independent Supply Chains
Autonomous Man. & Operations
Resilience & Business Continuity
Immunity from Foreign Legal Reach
Runtime Sovereignty
Platform Sovereignty
Deconstructing Digital Sovereignty
Support &
Operational
Control
Governance
and policies
Supply
Chain &
Software
Provenance
Infrastructure Sovereignty
Monitoring and Logging
IAM
Platform Sovereignty
Deconstructing Digital Sovereignty
Support &
Operational
Control
Governance
and policies
Supply
Chain &
Software
Provenance
Infrastructure Sovereignty
Monitoring and Logging
IAM
22
Being sovereign is not
BLACK / WHITE
Being sovereign is not
BLACK / WHITE
Picture that shows without openness and
choice there is no sovereignty
choice there is no sovereignty
Do not replace proprietary Big Tech
For local proprietary solutions!
For local proprietary solutions!
25
Perfect Storm:
An extreme situation in
which many things
happen at
the same time.
Perfect Storm:
An extreme situation in
which many things
happen at
the same time.
26
Most Pressing Regulatories
28
Network and Information
Security Directive
NIS-2
● Okt. 18 2024
● Target Group Critical
Infrastructure
● CEO liable
● Risk based security
approach
● Responsibility for the
cybersecurity of the
supply chain
Cyber Resilience Act
CRA
● 2027
● Products with digital
elements
● SBOM
● Vulnerability reporting
● Vendor Declaration
Digital Operational
Resilience Act
DORA
● 2025
● Financial Sector
● Extensive Risk
Management
● ITK for financial sector
also affected
Payment Card Industry
Data Security Standard
PCI-DSS
● V 4.0.1 Spring 2024
● Credit Card Information
● Detailed Security
measures
28
Network and Information
Security Directive
NIS-2
● Okt. 18 2024
● Target Group Critical
Infrastructure
● CEO liable
● Risk based security
approach
● Responsibility for the
cybersecurity of the
supply chain
Cyber Resilience Act
CRA
● 2027
● Products with digital
elements
● SBOM
● Vulnerability reporting
● Vendor Declaration
Digital Operational
Resilience Act
DORA
● 2025
● Financial Sector
● Extensive Risk
Management
● ITK for financial sector
also affected
Payment Card Industry
Data Security Standard
PCI-DSS
● V 4.0.1 Spring 2024
● Credit Card Information
● Detailed Security
measures
Is this
relevant to
you?
29
relevant to
you?
29
30
Common Criteria Recognition
EAL 4 +
Common Criteria Recognition
EAL 4 +
Still not sure?!
31
31
1.Energy
a)Electricity
b)Distinct heating
and cooling
c)Oil
d)Gas
e)Hydrogen
2.Transport
a)Air
b)Rail
c)Water
d)Road
3.Banking
4.Financial market
infrastructures
Sectors of high criticality Other critical Sectors
5.Health
6.Drinking water
7.Waste water
8.Digital infrastructure
9.ICT service
management (business
to business)
10.Public Administration
11.Space
32
1.Postal courier services
2.Waste Management
3.Manufacture, production
and distribution of
chemicals
4.Production, processing
and distribution of food
5.Manufacturing
6.Digital Providers
7.Research
a)Electricity
b)Distinct heating
and cooling
c)Oil
d)Gas
e)Hydrogen
2.Transport
a)Air
b)Rail
c)Water
d)Road
3.Banking
4.Financial market
infrastructures
Sectors of high criticality Other critical Sectors
5.Health
6.Drinking water
7.Waste water
8.Digital infrastructure
9.ICT service
management (business
to business)
10.Public Administration
11.Space
32
1.Postal courier services
2.Waste Management
3.Manufacture, production
and distribution of
chemicals
4.Production, processing
and distribution of food
5.Manufacturing
6.Digital Providers
7.Research
1.Energy
a)Electricity
b)Distinct heating
and cooling
c)Oil
d)Gas
e)Hydrogen
2.Transport
a)Air
b)Rail
c)Water
d)Road
3.Banking
4.Financial market
infrastructures
Sectors of high criticality Other critical Sectors
5.Health
6.Drinking water
7.Waste water
8.Digital infrastructure
9.ICT service
management (business
to business)
10.Public Administration
11.Space
33
1.Postal courier services
2.Waste Management
3.Manufacture, production
and distribution of
chemicals
4.Production, processing
and distribution of food
5.Manufacturing
6.Digital Providers
7.Research
a)Electricity
b)Distinct heating
and cooling
c)Oil
d)Gas
e)Hydrogen
2.Transport
a)Air
b)Rail
c)Water
d)Road
3.Banking
4.Financial market
infrastructures
Sectors of high criticality Other critical Sectors
5.Health
6.Drinking water
7.Waste water
8.Digital infrastructure
9.ICT service
management (business
to business)
10.Public Administration
11.Space
33
1.Postal courier services
2.Waste Management
3.Manufacture, production
and distribution of
chemicals
4.Production, processing
and distribution of food
5.Manufacturing
6.Digital Providers
7.Research
34
35
36
Is ISO 27001 sufficient?
Is ISO 27001 sufficient?
37
Common Criteria EAL 4 + Flaw
Remediation
—Product specific including organization
—Demanding full control and description
over all security aspects
—No compromise approach
transparent to the customer
—Suitable to highest security standards
—Fully comparable
ISO 27001
—Organizational, excluding product
features
—Delegation possible so delegated areas
are blind spots
—Balancing risk with investment
unknown to customer
—Good enough security for unknown level
—Not comparable depending on risk
analysis
38
Common Criteria EAL 4+ vs ISO 27001
Some highlights
Remediation
—Product specific including organization
—Demanding full control and description
over all security aspects
—No compromise approach
transparent to the customer
—Suitable to highest security standards
—Fully comparable
ISO 27001
—Organizational, excluding product
features
—Delegation possible so delegated areas
are blind spots
—Balancing risk with investment
unknown to customer
—Good enough security for unknown level
—Not comparable depending on risk
analysis
38
Common Criteria EAL 4+ vs ISO 27001
Some highlights
EAL = Evaluation Assurance Level =
How deep is the evaluator looking
into your supply chain.
39
Common Criteria EAL 4+
How deep is the evaluator looking
into your supply chain.
39
Common Criteria EAL 4+
EAL Certification Scope
40
Product Product
Company
Production
Security Updates
EAL 1EAL 4+
Product
Features
Supply
Chain
SUSE is the Only General Purpose OS that did both
Security
Certification
Gap
Red Hat, Microsoft, SUSE
EAL = Evaluation Assurance Level (how much has been checked)
SUSE Linux Enterprise
40
Product Product
Company
Production
Security Updates
EAL 1EAL 4+
Product
Features
Supply
Chain
SUSE is the Only General Purpose OS that did both
Security
Certification
Gap
Red Hat, Microsoft, SUSE
EAL = Evaluation Assurance Level (how much has been checked)
SUSE Linux Enterprise
43
How does the Open
Source Industry
protect us from this
storm?
How does the Open
Source Industry
protect us from this
storm?
44
46
47
48
Thank
you
Thank
you
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1
- Slides 48
- Age 54 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
48 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
47 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
21
Know for Certain
DaveSinNM
22 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views