SovereigntyGap.
SovereigntyGap.sovereignty-gap.eu

Assumed limits of the system.

What the system does not measure, does not guarantee, the manifesto/tool gap, acknowledged argumentative limits.
Estimated read: ~6 minutes. The project applies to itself the grammar it asks of publishers. A living page, open to reasoned contestation.

Assumed limits of the device#

The manifesto asks providers for a domain 7 — “commitments and assumed limits” — that makes their own weaknesses explicit. This page applies the same requirement to the project: what we ask of providers, we apply to ourselves.

What the device does not measure#

The device is deliberately narrow. The Sovereignty Profile makes a provider’s software chain readable — its production, its governance, its hosting, its capital, its continuity. It says nothing about other essential dimensions, which are not negligible for that reason: they simply belong to other devices.

  • Code quality and technical architecture. A clean product can be sovereign; a poorly written product can be too. Mastery of the chain does not guarantee the quality of the software produced. That is the business of technical audit, not of the Profile.
  • Operational security in the cyber sense. Vulnerabilities, configuration, incident handling: these subjects belong to dedicated qualifications (HDS, SecNumCloud, ISO 27001, CSPN audits, ANSSI certifications). A Profile says nothing about the level of security operated by the provider.
  • Prices, contracts, commercial terms. Predatory pricing, abusive clauses, economic dependency: out of scope. The Profile speaks of contractual reversibility and continuity — not of fair pricing or asymmetries of negotiation.
  • User experience, ergonomics, productivity. The use-virtues of a product are not sovereignty virtues. A sovereign software can be unusable, an ergonomic software can be captive.
  • Social conditions of maintainers’ work. An open source project can be sovereign and exploit its contributors; a proprietary publisher can be sovereign and precarise its teams. These dimensions deserve their own devices — labour law, collective agreements, salary transparency — not a checkbox in a chain file.
  • Ethical quality of uses. The Profile does not judge whether the software serves a legitimate use. A sovereign provider of surveillance remains a provider of surveillance. European technological sovereignty does not prejudge the ethics of the products it makes possible.

What it assumes but does not guarantee#

The device works through public self-declaration. It only holds through external conditions outside its perimeter, but without which it collapses.

  • That buyers will use it. Without demand from CIOs, CISOs, public and private buyers, the format has no market — and therefore no pressure on providers to fill it in honestly. The manifesto explicitly calls on buyers to mobilise the device; its real rigour depends on that mobilisation.
  • That the community will contest deceptive declarations. Rigour does not come from a regulator that sanctions — it comes from the public possibility of contesting with evidence. A device without active contesters drifts toward self-celebration. The manifesto’s moderation withdraws declarations whose falsity is demonstrated, but it cannot audit every declaration submitted: it is up to peers, journalists, and researchers to point out the gaps.
  • That the moderation will hold. The moderation team is light and funded on a voluntary basis. A simultaneous wave of fraudulent declarations may saturate the device. If the ecosystem develops without the moderation capacity following, the format loses reliability.
  • That declarants will not lie in unverifiable fields. The jurisdiction of a capital can be cross-checked against public registers. The location of servers can be tested. But a publisher’s commitment to release the code in case of bankruptcy cannot be verified before the event. What the device protects then is traceability: a publisher who has lied will have publicly signed their lie.
  • That the format will remain adapted to emerging risks. The annual evolution procedure assumes a community that proposes, debates, and decides. Without it, the format freezes and progressively becomes inadapted to new risks (offensive AI capabilities, foreign legal instruments to come, novel capital recompositions).

The gap between the manifesto and the tool#

The manifesto sets out four programmatic axes. The device fully operationalises only one of them. This asymmetry is assumed — it could not be otherwise — but it must be named for what it is.

Axis 1 — Invest in the foundations of autonomy (funding). The manifesto calls for a lasting European fund for the maintainers of critical bricks, for making public procurement conditional on chain-sovereignty criteria, for recognising the maintenance of software infrastructure as a mission of general interest. The site operationalises none of this. It is a political call addressed to European and national public decision-makers, and to user enterprises. The Profile device does not fulfil this axis; it documents its necessity.

Axis 2 — Build the European infrastructure of the chain. The manifesto calls for European registries for packages, containers, and artefacts, for a European forge of significant scale, for European open source foundations supported by stable funding mechanisms. The site operationalises none of this either — it is up to public actors, industrial consortia, existing foundations (Eclipse, NLnet), and European open source communities to do it. The instrument the manifesto proposes does not substitute for these structural investments.

Axis 3 — Measure to steer. This axis is partially operationalised. The Profile embodies the multi-dimensional methodology called for by the manifesto: it distinguishes the code, the governance, the funding, the distribution, the skills, and refuses any score that would aggregate these dimensions to the point of masking their weaknesses. But the collective mapping of dependencies through aggregation of indexed declarations — the gaps observatory — only exists in principle so far. As long as the volume of declarations does not cross a critical threshold, the aggregation remains inoperative.

Axis 4 — Guarantee continuity through transparency. This is the axis the site renders fully actionable. The Sovereignty Profile and the commitments declaration are its instrument. The conditions of equivalence for proprietary — escrow, release-on-trigger, reversibility clause, notice period, operational continuity, anti-acquisition statutes, audit right — are the seven contractual mechanisms the device renders declarable and publishable.

A programmatic manifesto always exceeds the instrument it proposes. The instrument is the actionable share now; the positive programme remains a collective horizon the manifesto calls upon to be built.

Argumentative limits acknowledged within the corpus#

The manifesto and the documentary annexes themselves acknowledge several argumentative limits. This section gathers them for the reader who wants to judge without having to explore several files.

  • EU/USA scale asymmetry. The European counter-examples (the German Sovereign Tech Fund distributing 17 million euros per year, Codeberg hosting about 117,000 projects, NLnet, Eclipse Foundation) are an order of magnitude below the American ecosystems they claim to substitute. Family 5 of the dossier acknowledges this asymmetry. The manifesto takes note of the gap and proposes the levers to close it; it does not claim that complete autonomy already exists.
  • Project Mythos (family 7) remains to be validated. The capabilities announced by Anthropic in November 2025 rely on 198 manual reviews whose full independence has not yet been confirmed. Part of the security community, notably the analysis published by Tom’s Hardware, considers that the claims are largely a commercial argument. Thesis 9 of the manifesto holds nonetheless, anchored by the documented fragility of the supply chain (XZ Utils, Heartbleed, Log4Shell, IngressNightmare) — it does not depend on Mythos.
  • Legal reach of OFAC sanctions. The strict legal necessity of the Linux Foundation’s decision to remove Russian maintainers in October 2024 was publicly contested by the maintainer Felipe Contreras and the Software Freedom Conservancy: approving a patch is not obviously a “transaction” in the sense of American sanctions. The manifesto retains the structural argument: whether the decision was compelled or merely defensive, its practical effect is the same for sovereignty.
  • Defence against offensive AI capabilities. Family 7 is by construction prospective. The defensive countermeasures at the scale of the new offensive capabilities (defensive AI audit, fund dedicated to upgrading critical projects, bug bounty programme matching the new capabilities) remain largely to be invented. The manifesto signals the turn; it does not claim to hold the operational solution.
  • Concentration of contributions to Linux and Chromium. The liberal objection — “Google contributes to 94% of Chromium because nobody else does, this is not capture but a market effect” — is descriptively valid and we mention it. The manifesto draws a political conclusion from it: if Europe wants to influence global technological standards, it must devote to it the contributory mass that does not exist today. Concentration is not a conspiracy, it is a state of affairs.

For factual detail and sources, see family 5, family 7, family 2 and the FAQ.

In conclusion#

This page is not a confession of weakness. It is the application to the project of the grammar it asks of its declarants: name what you guarantee, and name what you do not guarantee. A manifesto that acknowledges its own argumentative limits is more solid than a manifesto that masks them; a device that assumes its perimeter is more useful than a device that claims to cover everything.

This page is meant to evolve. Readers who identify missing limits — unlisted blind spots, unassumed gaps, unstated assumptions — are invited to point them out. Argued contestations will be cited and, when justified, integrated.

For the full philosophy of the device, see Philosophy of the device. For the concrete commitments the device renders declarable, see Commitments library.

Philosophy of the system →
Edition v.1 · April 2026Sovereignty Gap collectiveCC BY-SA 4.0