What this domain covers#
The seventh domain is the domain of synthesis and honesty. It asks the declarant to distinguish clearly between what it explicitly guarantees (with the legal level of the guarantee: enforceable contractual commitment, unilateral public declaration, mere internal good practice), what it cannot guarantee and why, the upcoming changes that could modify the profile in the next 12 to 24 months (version change, infrastructure migration, fundraising with non-European investors in prospect, strategic repositioning), and the identified weaknesses with the actions undertaken to address them.
The domain is explicitly designed to resist the marketing temptation of “we guarantee everything”. The format on the contrary invites the formulation of blind spots, because a provider that assumes its weaknesses is more credible than one that pretends to have none.
Why this domain matters#
This is the most politically structuring domain of the Profile. It operates the tipping point of the exercise: from a potentially hollow communication document to an exercise in honesty that transforms the relationship between provider and buyer. The general thesis of the manifesto is embodied here more than in any other domain — sovereignty is not decreed in press releases, it is built line by line, foundation by foundation, maintainer by maintainer, and one assumed fragility after another.
For the provider, declaring a blind spot in domain 7 has a triple value. First, with regard to the client: if the client discovers on its own a blind spot you had not declared, your overall credibility collapses; if you have declared it, you keep control of the conversation. Second, with regard to your competitors: a Profile that assumes fragilities and describes the corrective actions under way is harder to attack than a Profile that claims perfection. Finally, with regard to your own teams: the exercise of filling in domain 7 forces collective awareness of the points to address and orients internal technical work.
At the aggregate scale, the reading of the domain 7s published by European providers reveals the fragilities most commonly identified and oriented towards resolution. The observatory of gaps can be enriched not only by absences (layers without a European alternative) but also by the dimensions where the community of providers collectively recognises that progress is to be made.
What is asked, by category of declarant#
For all categories. List of explicit commitments with their legal level. List of dimensions where the provider cannot guarantee, with a factual explanation (for example: “we cannot guarantee the absence of a CLOUD Act requisition because our transactional mailing service transits through an American provider currently being migrated”). List of changes anticipated in the next 12 to 24 months that will modify the profile (change of host, integration of a new strategic third-party component, fundraising under negotiation with mention of the expected nature of the investors). List of identified blind spots with the actions undertaken and the target horizons.
Specificity for publishers. Mention of anticipated license flips on the third-party components used and of the preventive actions undertaken. Mention of roadmap evolutions liable to modify substantially the sovereignty profile of the product (for example, planned integration of an AI service from an American provider).
Specificity for distributors and integrators. Mention of anticipated evolutions of the original publishers of the distributed solutions (known license changes, announced acquisitions, geographic restrictions under discussion).
An example of an honest, well-done answer#
A French SaaS publisher of 50 staff declares its domain 7 as follows. Explicit contractual commitments: hosting in France for European clients, minimum 12 months’ notice before cessation of service, active software escrow with a French legal escrow agent, annual update of the Sovereignty Profile. Unilateral public commitments: commitment to release the code under AGPL v3 in the event of cessation, annual contribution of 0.75% of software revenue to European open source foundations. Dimensions where the publisher cannot guarantee: absence of any foreign requisition (the transactional mailing service currently operated by SendGrid, an American provider, generates US transit of sending metadata — migration to Mailjet planned for October 2026), resistance to a possible expanded CLOUD Act (legal analysis under way). Anticipated changes: Series B fundraising under negotiation with two European funds and one post-Brexit British fund; the British scenario could modify the qualification of the shareholding under the manifesto’s criteria, which is anticipated and would be declared publicly should the case arise. Identified blind spots: absence of a local mirror of the npm registry for builds (action under way: setting up of Verdaccio by Q1 2027), reliance on Keycloak (Red Hat / IBM) without a tested alternative for identity (action under way: PoC of Authentik within 12 months).
An anti-pattern to avoid#
A domain 7 reduced to “we guarantee a service of the highest quality in line with the best practices of the industry” betrays the spirit of the Profile. It is precisely what the format is designed to make fail: if the first six domains are filled in seriously and the seventh is empty or rhetorical, the inconsistency is immediate to the reader. Conversely, a domain 7 that would exaggerate the fragilities beyond reality in an effort of displayed humility would also be barely credible. The tone to aim for: factual, precise, dated, with corrective actions where they exist.
Articulation with the other domains and commitments#
Domain 7 is the synthesis domain articulated with the six previous ones. Each declared blind spot typically refers to a particular domain (a blind spot on the supply chain refers to domain 3, a blind spot on continuity to domain 5, etc.). Domain 7 is also the natural bridge to the commitments: what is declared there as a blind spot under treatment often corresponds to a commitment formalised in the parallel commitments declaration (for example, a blind spot on the escrow refers to pub-005-establish-software-escrow, a blind spot on the list of components to pub-006-publish-component-jurisdiction-list).