×

Warning message

The installed version of the browser you are using is outdated and no longer supported by Konveio. Please upgrade your browser to the latest release.

CAN/DGSI 100-8, Data Governance – Part 8: Framework for Digital Sovereignty (Second Edition)

Technical Committee Review

This document specifies the minimum requirements and provides a framework for organizations to protect and assess their ability to control and govern its digital infrastructure, data, and technologies in their custody from jurisdictional risks, while taking advantage of the global technology ecosystem.

The document is not intended to prescribe how an organization should implement specific security controls. Instead, the Standard guides organizations using jurisdictional and technology-agnostic approaches that can be adapted to address specific business requirements.

Considerations are given to:

•              Identification and categorization of digital infrastructure, data, and technologies assets;

•              Development of an appropriate threat model;

•              Identification of potential risks, including from laws in foreign jurisdictions;

•              Options to mitigate associated risks; and

•              Adherence to data sovereignty due diligence and transfer requirements under applicable law and regulations.

DATED POSTED: 2025-11-04

DEADLINE FOR COMMENTS: 2025-11-14
File name:

-

File size:

-

Title:

-

Author:

-

Subject:

-

Keywords:

-

Creation Date:

-

Modification Date:

-

Creator:

-

PDF Producer:

-

PDF Version:

-

Page Count:

-

Page Size:

-

Fast Web View:

-
Choose an option Alt text (alternative text) helps when people can’t see the image or when it doesn’t load.
Aim for 1-2 sentences that describe the subject, setting, or actions.
This is used for ornamental images, like borders or watermarks.
Preparing document for printing…
0%
Comment Drag

Click anywhere in the document to add a comment. Select a bubble to view comments.
Document is loading Loading Glossary…
Powered by Konveio
View all

Comments

Close

Add comment

Mike Anderson Nov 5 2025 at 11:07AM on page 11

This comment may be more appropriate in the annex (geo-residency and digital sovereignty assessment)

Mike Anderson Nov 5 2025 at 11:02AM on page 13

Technological Sovereignty is a term used through the document and should have its own definition instead of a note - Alternatively, we could look at simplifying the standard by renaming the uses of technological sovereignty in the appendix to digital sovereignty
in reply to Jennifer Bartholomew's comment

Mike Anderson Nov 5 2025 at 10:56AM on page 23

Technical
@Jennifer Bartholomew - I think in this case the the framework is referring to the operational risk of access or interference with data at rest or the function or control of those cloud systems. Possible access of data in transit in my opinion starts to veer more into security and would be a discussion beyond a low sovereignty system.

Jennifer Bartholomew Nov 4 2025 at 3:22PM on page 23

Editorial
Capitalize first word

Jennifer Bartholomew Nov 4 2025 at 3:22PM on page 23

Technical
Specifying "foreign" makes this risk too narrow and specific for the low sovereignty use case. With cloud data, it's also about transmission of data through foreign networks where it can be intercepted.

Jennifer Bartholomew Nov 4 2025 at 3:17PM on page 15

Editorial
I think foreign interference should be added to the glossary of terms if we're going to use it to drive a principle.
View all