Common Framework
International Governance Model
Structure, leadership, accountability, and decision-making framework for multi-national sovereign cloud cooperation between EU, UK, Canada, and Australia.
1. Core Governance Principles
This is a coordination body, not a supranational authority.
Each jurisdiction retains full sovereignty over its own implementation.
Principle 1: National Sovereignty
- Each nation controls its own data and infrastructure
- No nation can compel another's participation
- Exit is always possible without penalty
- National law takes precedence over cooperation agreements
Principle 2: Consensus-Based
- Major decisions require unanimous consent
- Technical standards adopted by consensus
- Any nation can opt out of specific initiatives
- No binding obligations without explicit agreement
Principle 3: Transparency
- All standards and specifications published openly
- Meeting minutes available to participating governments
- No secret agreements between subsets of members
- Public reporting on progress and challenges
Principle 4: Open Source First
- Shared tooling released as open source
- Standards based on open specifications
- No proprietary lock-in to consortium itself
- Third parties can implement standards freely
2. Governance Structure
International Sovereign Cloud Governance Structure
SOVEREIGN CLOUD ARCHITECTURE BOARD (SCAB)
Strategic direction | Policy alignment | Dispute resolution
Meets: Quarterly | Members: Ministerial/Senior Official level▼
TECHNICAL STEERING COMMITTEE (TSC)
Standards approval | Architecture decisions | Roadmap
Meets: Monthly | Members: CTO/Chief Architect level▼
Working Groups
- Architecture
- Standards
- Interoperability
Working Groups
- Security
- Compliance
- Threat Intel
Working Groups
- Migration
- Operations
- Training
▼
SECRETARIAT
Coordination | Administration | Communications | Reporting
Rotating host nation (2-year terms) or permanent neutral location3. Sovereign Cloud Architecture Board (SCAB)
Composition
| Jurisdiction | Primary Nominee | Alternate | Nominating Body |
|---|---|---|---|
| United Kingdom | Government Chief Digital Officer or delegate | NCSC Technical Director | Cabinet Office / CDDO |
| European Union | Director-General DIGIT or delegate | ENISA Executive Director delegate | European Commission |
| Canada | Government of Canada CIO or delegate | CSE/CCCS representative | Treasury Board Secretariat |
| Australia | DTA CEO or delegate | ASD/ACSC representative | Department of Finance / PM&C |
Board Responsibilities
- Strategic direction: Set overall priorities and roadmap
- Policy alignment: Ensure national policies don't conflict
- Dispute resolution: Resolve disagreements between jurisdictions
- Resource allocation: Approve shared funding and staffing
- External relations: Engagement with other nations seeking to join
- Progress review: Quarterly assessment of initiative progress
Decision-Making
| Decision Type | Threshold | Examples |
|---|---|---|
| Constitutional (framework changes) | Unanimous | New members, governance changes, dissolution |
| Strategic (major initiatives) | Unanimous | New working groups, major standards, shared investments |
| Operational (implementation) | 3 of 4 (with opt-out) | Working group mandates, reporting requirements |
| Technical (standards adoption) | TSC recommendation + Board ratification | API specifications, security baselines |
Deadlock-Breaking Mechanism
"Consensus-based decision making = gridlock." This section defines binding mechanisms
to prevent paralysis while preserving sovereignty.
| Stage | Timeframe | Mechanism | Outcome |
|---|---|---|---|
| 1. Negotiation | 30 days | Bilateral discussions facilitated by Secretariat | Compromise sought |
| 2. Mediation | 30 days | Independent mediator (former judge/diplomat) appointed | Non-binding recommendation |
| 3. Qualified majority vote | 14 days | 3 of 4 vote with dissenting member opt-out right | Decision proceeds for participating members only |
| 4. Emergency override | Immediate | Board Chair + 2 members can invoke for security matters | Temporary measure (max 90 days) pending resolution |
Binding Enforcement Mechanisms
To address the concern that this "will devolve into 4 separate implementations that claim compatibility but aren't", the following binding mechanisms are established:
| Mechanism | Purpose | Enforcement |
|---|---|---|
| Interoperability certification | Ensure implementations actually work together | Annual third-party audit; failure = loss of "ISCC Certified" status |
| Conformance testing suite | Technical compliance verification | Automated test suite run quarterly; results published |
| Financial contribution conditions | Tie funding to compliance | Non-compliant implementations lose shared funding access |
| Data portability guarantee | Ensure genuine interoperability | Must demonstrate successful data migration test annually |
| Arbitration clause | Binding dispute resolution | PCA (The Hague) for unresolved compliance disputes |
Independent Secretariat with Executive Authority
The Secretariat is not merely administrative. It has delegated executive authority for:
- Conformance monitoring: Authority to commission audits and publish results
- Standards enforcement: Can issue compliance notices with binding deadlines
- Emergency coordination: Authority to convene emergency sessions within 24 hours
- Budget execution: Delegated authority to manage shared budget within approved parameters
- Supplier coordination: Authority to manage common supplier relationships
Brexit Lesson Applied: The UK-EU TCA negotiation showed coordination is difficult but achievable when mechanisms are clear. ISCC governance includes binding timelines, escalation paths, and neutral arbitration - the elements missing from purely political coordination.
4. Technical Steering Committee (TSC)
Composition
| Role | Number | Selection |
|---|---|---|
| National Technical Leads | 4 (one per jurisdiction) | Nominated by national government |
| Working Group Chairs | 6-8 | Elected by working group members |
| Security Representative | 4 (one per jurisdiction) | Nominated by national cyber security agency |
| TSC Chair | 1 | Rotating annually between jurisdictions |
TSC Responsibilities
- Standards development: Approve technical specifications
- Architecture decisions: Make binding technical choices
- Working group oversight: Create, merge, sunset working groups
- Roadmap management: Maintain technical roadmap
- Interoperability certification: Approve provider certifications
- Dispute escalation: Escalate unresolved technical disputes to Board
5. Working Groups
Standing Working Groups
| Working Group | Scope | Key Outputs | Meeting Cadence |
|---|---|---|---|
| WG-Architecture | Reference architecture, patterns, technology selection | Architecture Decision Records, reference designs | Fortnightly |
| WG-Security | Security baselines, compliance frameworks, threat intel | Security standards, shared threat intelligence | Weekly |
| WG-Interoperability | API standards, data portability, identity federation | API specifications, test suites | Fortnightly |
| WG-Migration | Migration patterns, tooling, playbooks | Migration tools, runbooks, training materials | Fortnightly |
| WG-Operations | Operational practices, SRE, incident response | Operational standards, shared runbooks | Fortnightly |
| WG-Procurement | Supplier criteria, framework alignment, contracts | Qualification criteria, contract templates | Monthly |
Working Group Membership
Each working group requires representation from all four jurisdictions:
- Minimum: 2 members per jurisdiction (8 total minimum)
- Chair: Elected by members; rotates annually between jurisdictions
- Vice-Chair: From different jurisdiction to Chair
- Observers: Supplier representatives may attend as non-voting observers
6. Leadership & Accountability
Accountability Framework
| Role | Accountable For | Reports To |
|---|---|---|
| Board Chair (rotating) | Overall initiative progress; external representation | National governments |
| National Board Member | National implementation; national policy alignment | Own government + Board |
| TSC Chair (rotating) | Technical delivery; standards quality | Board |
| National Technical Lead | National technical implementation | TSC + national government |
| Working Group Chair | Working group outputs and progress | TSC |
| Secretariat Director | Coordination, administration, communications | Board |
Performance Reporting
| Report | Frequency | Audience | Content |
|---|---|---|---|
| Working Group Status | Monthly | TSC | Progress, blockers, decisions needed |
| TSC Report | Quarterly | Board | Technical progress, standards status, risks |
| National Progress Report | Quarterly | Board | Migration progress, spend, challenges |
| Annual Review | Annual | National parliaments/cabinets | Full year review, next year priorities |
7. Risk Management
Risk Governance
Risk Escalation Path
Working Group identifies risk
▼
WG assesses impact & mitigation options
▼
TSC review (if cross-cutting or high impact)
▼
SCAB decision (if policy/political implications)
Risk Categories
| Category | Examples | Owner | Mitigation Approach |
|---|---|---|---|
| Technical | Interoperability failure, performance issues | TSC / WG-Architecture | Technical standards, testing, fallback options |
| Security | Breach, compromise, supply chain attack | WG-Security + national agencies | Security baselines, shared threat intel, incident response |
| Supplier | Provider failure, capacity shortage | WG-Procurement | Multi-supplier strategy, portability requirements |
| Geopolitical | US retaliation, trade disputes | Board + national governments | Diplomatic coordination, phased approach |
| Cooperation | Member withdrawal, disagreement | Board | Consensus process, exit provisions, bilateral fallbacks |
8. International Team Collaboration
Team Structure Models
Model A: Virtual Distributed Teams
How it works: Team members remain in their home jurisdictions, collaborating virtually.
- Regular video conferences (accommodating time zones)
- Shared collaboration platforms (sovereign-hosted)
- Asynchronous work with clear handoff protocols
- Quarterly in-person meetings rotating between jurisdictions
Best for: Most working group activities, ongoing coordination
Model B: Embedded Secondments
How it works: Staff seconded to partner jurisdiction for 6-24 months.
- UK engineer seconded to EU DIGIT for migration project
- Canadian architect embedded with Australian DTA
- Knowledge transfer and relationship building
- Security clearance reciprocity required
Best for: Deep collaboration, complex technical work, knowledge transfer
Model C: Sprint Teams
How it works: Time-boxed co-located work on specific deliverables.
- 2-4 week sprints at neutral or rotating location
- Mixed team from multiple jurisdictions
- Intensive focus on specific deliverable
- Output: Working code, specification, or decision
Best for: Standards development, prototype building, problem-solving
Collaboration Tools (Sovereign)
| Function | Sovereign Tool | Replaces | Hosting |
|---|---|---|---|
| Video conferencing | Jitsi, BigBlueButton | Zoom, Teams, Meet | EU or rotating |
| Chat / messaging | Element (Matrix), Mattermost | Slack, Teams | EU or rotating |
| Document collaboration | Nextcloud, CryptPad, Collabora | Google Docs, SharePoint | EU or rotating |
| Code repository | GitLab (self-hosted), Gitea | GitHub | EU or rotating |
| Project management | OpenProject, Taiga | Jira, Asana | EU or rotating |
| Wiki / knowledge base | BookStack, Wiki.js | Confluence, Notion | EU or rotating |
Time Zone Management
| Jurisdiction | Time Zone | Overlap with UTC |
|---|---|---|
| UK | UTC+0 / UTC+1 (summer) | Core hours |
| EU (Central) | UTC+1 / UTC+2 (summer) | Core hours |
| Canada (Ottawa) | UTC-5 / UTC-4 (summer) | Afternoon UK/EU = morning CA |
| Australia (Canberra) | UTC+10 / UTC+11 (summer) | Early morning UK/EU = evening AU |
Recommended meeting windows:
- UK/EU + Canada: 14:00-17:00 UTC (afternoon UK/EU, morning Canada)
- UK/EU + Australia: 07:00-09:00 UTC (morning UK/EU, evening Australia)
- All four: Rotating unfriendly slots or asynchronous with recorded sessions
9. Secretariat
Functions
- Coordination: Schedule meetings, manage agendas, track actions
- Administration: Budget management, contract administration
- Communications: Internal comms, public announcements, stakeholder engagement
- Documentation: Maintain standards repository, publish specifications
- Reporting: Compile progress reports, maintain dashboards
- Events: Organise conferences, workshops, training
Hosting Options
| Option | Pros | Cons |
|---|---|---|
| Rotating (2-year terms) | Shared ownership, knowledge distribution | Transition overhead, inconsistency |
| Permanent neutral location | Stability, perceived neutrality | Cost, finding suitable host |
| Virtual (distributed) | Low cost, no single location | Coordination challenges, time zones |
Recommendation: Start with rotating host (2-year terms), assess permanent location after first full rotation (8 years).
10. Funding Model
Contribution Formula
| Jurisdiction | GDP Share (approx) | Contribution % | Annual (est. €2M budget) |
|---|---|---|---|
| European Union | ~60% | 40% | €800,000 |
| United Kingdom | ~14% | 25% | €500,000 |
| Canada | ~10% | 20% | €400,000 |
| Australia | ~8% | 15% | €300,000 |
Note: Formula is illustrative; adjusted by negotiation. Equal voting rights regardless of contribution size.
Related Documents
Legal and Treaty Framework
International legal basis, treaty mechanisms, IP ownership, dispute resolution, and WTO/trade agreement compatibility analysis.
Critical for: FCO/Legal counsel, international law experts
Read Legal Framework →Regulatory Compliance Matrix
Comprehensive mapping of regulatory requirements across all jurisdictions: data protection, national security, cloud-specific, sector-specific.
Critical for: Compliance officers, legal teams
View Compliance Matrix →Country Precedents
Historical examples of sovereign cloud and technology infrastructure initiatives from multiple jurisdictions.
Useful for: Policy comparison, lessons learned
View Precedents →