Dimension 1: Strategic assets
Physical assets
Infrastructure determines how resilient operations are when conditions change. A concentration on a limited number of sites (production facilities, logistics sites, data centers, etc...) may appear efficient but creates fragility when disruption occurs. Companies with alternatives can swiftly adapt without losing control, especially when one site is shut down.
Guiding questions:
• How many independent sites support the majority of our critical operations (production sites, data centers, logistics sites, ...)?
• For how long, and to what extent, can operations continue if one site is shut down?
Dependency example:
Operations rely on a limited number of sites, systems, or pieces of equipment. The company's activity is economically dependent on a small number of regions or sub-regions around the world.
Sovereign practice:
Critical activities can be shifted to an alternative site or setup without disruption and in a limited timeframe.
Recommended actions:
Identify operations tied to a limited number of sites and build redundancy where needed. This can include contracted standby capacity or duplicated critical equipment.
Intangible assets
Technology and intellectual property form the quiet foundation of sovereignty. When ownership or key rights sit outside the company, strategy depends on others' priorities, constraints and timelines. Creating a dependency risk.
Guiding questions:
• Do we control the technologies that are essential to our activities?
• Could we continue to operate if access to technologies or licensing conditions were to change?
Dependency example:
Core technology is licensed; continuity depends on third-party decisions.
Sovereign practice:
The company owns or co-owns IP and can modify or replace components independently.
Recommended actions:
Clarify which technologies are owned and which are licensed. Regarding partnerships, secure documentation access. Establish a comprehensive audit of the intellectual property and technologies most frequently used by the company.
Human capital and skills
A company is the sum of its distributed capabilities, and it must ensure that they are properly allocated and secured. Critical expertise is sometimes concentrated in the hands of a limited number of individuals. When responsibility or know-how is centralized, the organization becomes vulnerable to shifts in priorities or unexpected departures.
Guiding questions:
• To what extent would we face difficulties if one or more key profiles were to leave the company?
• How do we ensure backup/succession for key people covering critical skills?
Dependency example:
A limited number of individuals hold skills or knowledge that are critical to the
continuation of operations.
Sovereign practice:
Knowledge is shared, documented, and transferable across the organization's various functions.
Recommended actions:
Identify expertise holders, document critical knowledge, and ensure its dissemination through structured responsibility sharing. Organize systematic succession planning and redundancy for key individuals.
Innovation and R&D
R&D defines what a company will be capable of tomorrow. When R&D depends on external partners or funding lines, priorities can shift toward others' agendas, generating a dependency risk. Control of R&D roadmap ensures that
innovation follows the company's strategic intent and safeguards
its competitive edge.
Guiding questions:
• How are innovation priorities defined? How is technology watch organized?
• Are the technologies developed contractually protected?
Dependency example:
R&D is partially subject to the priorities of external stakeholders (e.g., their research agendas).
Sovereign practice:
The company defines its research agenda and controls access to results and data.
Recommended actions:
Clarify ownership of R&D direction and secure IP rights to results and data upfront. Build dedicated internal expertise to strengthen market differentiation. Manage technology watch and R&D innovation internally and integrate them into Executive Committee priorities.
Data governance
Data sovereignty extends beyond storage location. Applicable jurisdiction, access
rights, encryption keys, and infrastructure control determine whether data can be
used freely or are subject to externally imposed rules.
Guiding questions:
• Which regulatory regimes apply to our critical data?
• Who controls physical access to the company's data?
Dependency example:
Sensitive data is stored under foreign jurisdiction with limited internal control (e.g., USA – Cloud Act).
Sovereign practice:
The company controls access, keys, and storage decisions, with full clarity on its exposure to non-European jurisdictions.
Recommended actions:
Map critical datasets and the legal frameworks that apply. Retain control of encryption keys and internal authorization. Assign clear responsibility for data decisions to avoid uncertainty during audits or customer requests. Have robust internal control over data governance, supported by tools, audits, and traceability.