How Scoring Works
Understanding Azulado's digital sovereignty assessment methodology
Automated Heuristics — Not a Professional Audit
Azulado scores are generated by automated heuristics using publicly available data sources, DNS analysis, and AI-assisted classification. They represent analytical opinions, not professional audits, legal assessments, or compliance certifications. See our Terms of Service for full details on data accuracy and limitations.
The Sovereignty Score
Every company receives a sovereignty score from 0-100 based on how well they protect European data interests. The score combines multiple factors across two pillars: Operational Sovereignty (Follow the data) and Corporate Sovereignty (Follow the money).
The Sovereignty Quadrant
Where companies fall based on Follow the Data (X) vs Follow the Money (Y). Hover over points to see company names and total score.
Low Data + High Money
High Data + High Money
Low Data + Low Money
High Data + Low Money
Score Distribution
How 435 companies distribute across the sovereignty spectrum.
The Hosting Reality
Where EU companies actually host their data.
Ownership Breakdown
Who owns the companies in our index - EU vs Non-EU headquarters distribution.
Top EU Jurisdictions
Top Non-EU Jurisdictions
Sovereignty Trend
Average sovereignty score over the past 6 months. Is Europe gaining or losing digital sovereignty?
The Four Tiers
Yes (80-100)
EU-headquartered, EU data residency, majority EU ownership. Your data stays in Europe.
Almost (60-79)
EU-headquartered with strong privacy commitments, but may process some data externally.
Partial (40-59)
Non-EU headquarters but with EU presence or data centers. Mixed data protection.
Not (0-39)
Non-EU jurisdiction with data privacy concerns. Consider EU alternatives.
Scoring Factors
Data Sovereignty (60 points) (Follow the data)
Where data is physically stored and processed - physical residency is key
Which laws govern the company's operations
Functional Penalties (Shield Cracks)
These penalties catch "wrapper" companies that appear EU-sovereign but functionally leak data to non-EU processors.
Critical reliance on non-sovereign AI/cloud processors (e.g., OpenAI, AWS)
High-severity trackers sending data abroad (e.g., Google Analytics, Meta Pixel)
Economic Sovereignty (40 points) (Follow the money)
Share of company owned by EU entities
100% EU ownership with no external investors
Additional Penalties
EU-HQ companies owned through tax haven entities
Systemically important non-EU infrastructure (critical: -15, high: -10)
Community Verification
Our data comes from multiple sources and is continuously verified:
- 1. Automated Analysis - AI-powered investigation of public records, DNS, and infrastructure
- 2. Company Claims - Verified company representatives can update their profiles
- 3. Community Corrections - Users can submit corrections that are reviewed by our team
- 4. Consensus Protocol - Multiple independent verifications increase confidence scores
Note: We're actively growing our database. If a company shows as "Unknown" or has incomplete data, you can help by submitting corrections. Our team reviews all submissions within 24-48 hours.
Unknown Data: The "Suspicious Pessimist"
When data is missing, we apply pessimistic defaults rather than giving the benefit of the doubt:
This "guilty until proven innocent" approach incentivizes companies to be transparent about their infrastructure. Companies can improve their scores by claiming and verifying their profiles.
Ready to see sovereignty scores in action?