The logbook
Notes from
the chart room.
Plain-language writing on sovereignty, European regulation and the craft of data platforms. No fluff, no vendor bingo.
The US Cloud Act, explained for European CIOs
What the Cloud Act and FISA 702 actually allow, why an EU region on a US cloud doesn't protect you, and what real immunity requires. A plain-language guide for European decision makers.
Read→DORA is here: what it means for your data platform
The Digital Operational Resilience Act applies to nearly every financial entity in the EU. Here is what it demands from your data platform: ICT risk, audit, exit strategy, and a practical checklist.
Read→The EU AI Act: what your data platform must be able to prove
The AI Act's hard deadlines are about evidence: where training data came from, what the model did, and who decided what. Here is what that means for your data platform, with a practical checklist.
Read→HDS: how to run analytics on French health data without breaking the rules
France's HDS certification governs where personal health data may be hosted. Here is what it means for analytics and ML on patient data, and how a bring-your-own-cloud architecture keeps you inside the lines.
Read→What a sovereign data platform actually means (and what it doesn't)
Sovereignty has become a cloud marketing word. Here is a concrete test to separate sovereign architecture from sovereign branding: jurisdiction, keys, residency, formats and exit.
Read→