Jurisdictional Control
Can the organization prove where data is stored, processed, backed up, accessed, and exposed to legal regimes?
DSCC Certification
Certification turns sovereignty from a claim into evidence.
DSCC certification pathways are being developed to help organizations demonstrate auditable capability across data control, jurisdictional exposure, AI governance, vendor dependency, portability, security, and Indigenous Data Sovereignty alignment where applicable. Full certification applications will launch in a future phase. Organizations can register interest now to receive updates and readiness information.
Certification applications are in development.
DSCC is developing its certification application, evidence review, auditor workflow, decision process, badge issuance, and public verification systems. Full certification applications will launch in a later phase. Organizations may register interest now to receive updates, readiness information, and early access announcements.
Purpose
What DSCC certification is designed to prove
DSCC certification is being designed to assess whether an organization can demonstrate sovereign capability through governance, evidence, controls, contracts, technical architecture, audit records, and accountable decision-making.
The purpose is not to reward slogans. The purpose is to verify whether an organization can show meaningful control over the data, AI systems, vendors, infrastructure, and governance obligations it depends on.
Governance and Accountability
Can the organization show who owns decisions, controls access, approves use, and remains accountable?
Vendor and Cloud Dependency
Can the organization manage vendor lock-in, cloud dependency, subcontractors, cross-border exposure, and exit risk?
AI Sovereignty
Can the organization govern AI models, training data, prompts, outputs, infrastructure, and third-party dependencies?
Portability and Exit Capability
Can the organization move, return, delete, or recover data and digital workloads without institutional hostage-taking?
Indigenous Data Sovereignty Alignment
Where Indigenous data is involved, can the organization demonstrate respect for community authority, consent, stewardship, use restrictions, and data return obligations?
Process
The DSCC certification pathway
DSCC certification will follow a structured pathway from standards review to application, evidence submission, audit review, decision-making, badge issuance, and renewal. Each step is designed to protect credibility and ensure certification is based on documented evidence.
Review Standards
The organization reviews DSCC standards and determines which certification pathway applies.
Complete Eligibility and Readiness
The organization completes eligibility screening and readiness questions to identify scope, risk, data types, AI use, and Indigenous data involvement where applicable.
Submit Application
The organization submits a formal certification application, including scope, responsible officers, declarations, and certification tier selection.
Pay Application / Audit Fee
Applicable certification and audit fees are paid before formal review begins.
Upload Evidence
The organization uploads policies, contracts, architecture documents, governance records, AI documentation, and other required evidence.
Auditor Review
A DSCC-assigned auditor reviews evidence, requests clarification, and scores the organization against applicable criteria.
Committee Decision
A certification decision is made through an authorized review process separate from sales, membership, and training activities.
Badge and Verification
Approved organizations receive a certificate, badge, and future registry/verification listing for the certified scope.
Renewal
Certification is time-limited and will require renewal, with annual attestation and full reassessment on a defined cycle.
Core Tiers
Core certification tiers
DSCC’s core certification tiers are intended to reflect increasing levels of organizational maturity, evidence, and sovereign capability.
DSCC Verified
Entry-level verification for organizations beginning their sovereignty journey.
Designed for organizations that can provide baseline evidence of data governance awareness, basic control mapping, policy foundations, and initial sovereignty readiness.
For small and mid-sized organizations, early-stage readiness, organizations beginning documentation, and organizations preparing for deeper certification.
DSCC Certified Data Sovereign Organization
Primary organizational certification tier.
Designed for organizations that can demonstrate defined policies, governance accountability, jurisdictional control, vendor management, security safeguards, portability planning, and audit-ready evidence.
For established organizations, public institutions, corporate members, technology providers, and organizations seeking public credibility.
DSCC Advanced Sovereign Organization
Higher-maturity certification for organizations with strong sovereignty architecture.
Designed for organizations that can demonstrate advanced sovereign control, mature governance, vendor independence, AI/data portability, continuous monitoring, executive accountability, and evidence-based resilience.
For public-sector institutions, critical infrastructure organizations, mature enterprises, organizations with complex data/AI systems, and organizations seeking leading-market credibility.
Specialty Streams
Specialty certification streams
Specialty streams are intended to assess specific sovereignty risks and operating environments beyond the core organizational certification pathway.
DSCC Sovereign AI Ready
For organizations seeking to demonstrate governance over AI systems, models, training data, prompts, outputs, vendors, infrastructure, and AI-related dependency risk.
Covers: AI system inventory, model governance, training data controls, prompt/output governance, vendor AI dependency, human oversight, AI portability, explainability and auditability.
DSCC Indigenous Data Sovereignty Aligned
For organizations that handle Indigenous, First Nation, Métis, Inuit, Nation, community, treaty, cultural, or community-controlled data and need to demonstrate alignment with authority, consent, stewardship, restrictions, and community governance obligations.
Covers: community authority, consent and permission, data-sharing agreements, cultural protection, AI/secondary-use restrictions, data return/deletion, vendor restrictions, community oversight.
DSCC Sovereign Government Ready
For organizations seeking to demonstrate readiness to support government or public-sector data sovereignty requirements.
Covers: jurisdictional control, procurement readiness, public-sector data handling, security and privacy baseline, vendor dependency, audit evidence.
DSCC Sovereign Public Sector Ready
For public institutions, agencies, nonprofits, and public-service organizations seeking to strengthen data and AI sovereignty readiness.
Covers: public accountability, data governance, privacy/security controls, vendor oversight, accessibility and transparency, records and retention obligations.
DSCC Sovereign Critical Infrastructure Ready
For organizations operating in sectors where data, AI, infrastructure, continuity, and jurisdictional resilience are mission-critical.
Covers: resilience, continuity, vendor dependency, incident response, data recovery, access control, sovereign infrastructure risk.
Specialty Pathway
Indigenous Data Sovereignty Alignment pathway
Where an organization handles Indigenous, First Nation, Métis, Inuit, Nation, community, treaty, cultural, or community-controlled data, ordinary privacy and cybersecurity controls may not be enough. The organization may need to demonstrate how it respects community authority, consent, stewardship, use restrictions, cultural protection, AI limitations, vendor boundaries, and data return or deletion obligations.
Community Authority
Who has authority to approve collection, access, sharing, analysis, retention, return, or deletion?
Consent and Permission
What was approved, by whom, for what purpose, and under what restrictions?
Stewardship and Possession
Who holds the data, who controls it, and what obligations apply to the holder?
Cultural Protection
Does the data include sensitive cultural, historical, land-related, language, governance, or community information requiring special protection?
AI and Secondary Use
Can the data be used for analytics, AI training, automated decision-making, commercialization, or secondary research?
Vendor and Jurisdictional Exposure
Can third-party vendors, cloud providers, subcontractors, or foreign jurisdictions access the data?
Data Return and Deletion
Can the data be returned, deleted, restricted, or excluded from downstream systems where required?
Community Oversight
Is there an ongoing process for review, correction, dispute, withdrawal, or governance escalation?
DSCC’s Indigenous Data Sovereignty work should be informed by an Indigenous Advisory Circle to help review relevant standards, training content, resources, terminology, and alignment criteria. Advisory review does not replace the authority of any Indigenous Nation, government, community, or organization over its own data.
Evidence
Evidence domains
Future DSCC certification will require organizations to provide documentation and evidence across applicable domains. Evidence requirements will depend on certification tier, scope, sector, AI use, and Indigenous data involvement.
Data Inventory
What data exists, where it sits, who uses it, and what systems depend on it.
Data Residency
Where data is stored, processed, backed up, and replicated.
Vendor and Cloud Contracts
How vendors, cloud providers, subcontractors, and processors handle data and access.
Governance Policies
Who has authority, accountability, and decision rights.
Security and Privacy Controls
How data is protected, monitored, accessed, retained, and disclosed.
AI Governance
How AI systems, models, prompts, outputs, training data, vendors, and dependencies are governed.
Incident Response
How the organization responds to breaches, loss, unauthorized access, and operational disruption.
Backup and Recovery
How data and systems can be restored, recovered, or maintained during disruption.
Exit and Portability
How data, workloads, records, and systems can be moved, returned, deleted, or replaced.
Indigenous Data Governance
Where applicable, how the organization demonstrates authority, consent, stewardship, cultural protection, restrictions, and return/deletion obligations.
Clarity
What certification is — and what it is not
Membership Is Not Certification
DSCC membership indicates participation in the DSCC community and access to member benefits. It does not mean the member or organization has been certified.
Training Is Not Organizational Certification
Completing DSCC training may demonstrate learning or professional development. It does not certify an organization’s data sovereignty posture.
DSCC Certification Is Not Government Approval
DSCC certification, when launched, will be a DSCC-issued certification based on DSCC standards and processes. It should not be presented as government authorization, regulatory approval, or legal immunity.
Lifecycle
Renewal and public verification
Future DSCC certifications are expected to be time-limited, renewable, and subject to status controls. Approved organizations may receive a certificate, badge, verification link, and registry listing for the certified scope. Expired, suspended, or revoked certifications must be clearly distinguishable from active certifications.
Renewal model preview
- Annual attestation
- Material change disclosure
- Three-year renewal cycle
- Reassessment where required
- Public status updates
- Revocation/suspension rules
Future verification pages and registry listings will help the public confirm whether a DSCC certification is active, expired, suspended, revoked, or limited to a specific scope.
Get Ready
Register certification interest
DSCC is developing its certification application, audit, decision, badge, and verification systems. Organizations interested in future certification can register interest now to receive updates, readiness information, and early access announcements.
FAQ
Certification questions, answered
Is DSCC certification available now?
Full certification applications are being developed for a future phase. Organizations may register interest now to receive updates and readiness information.
Is membership the same as certification?
No. Membership provides access to DSCC community benefits and resources. Certification will be a separate process based on standards, evidence, review, and decision-making.
Does training completion certify an organization?
No. Training may support professional development and readiness, but organizational certification requires a separate evidence-based review process.
What will organizations need to provide?
Evidence may include data inventories, policies, vendor contracts, cloud architecture, security controls, AI governance documentation, backup and recovery plans, exit strategies, and Indigenous data governance evidence where applicable.
How long will certification last?
DSCC anticipates certification will be time-limited, with renewal requirements and periodic reassessment. Final renewal rules will be published when certification applications launch.
Will certification be publicly verifiable?
Future certification may include a badge, certificate, verification link, and public registry listing for approved organizations and certified scopes.
What is Indigenous Data Sovereignty Alignment?
It is a specialty pathway intended to support organizations in demonstrating respectful alignment where Indigenous data governance obligations arise. DSCC does not replace Indigenous authority over Indigenous data.
Is DSCC certification government approval?
No. DSCC certification, when launched, will be a DSCC-issued certification based on DSCC standards and processes. It should not be represented as government authorization or regulatory approval.
Prepare now for the future of sovereignty certification.
Organizations that prepare early will be better positioned to demonstrate data sovereignty, AI governance, vendor resilience, auditability, and Indigenous Data Sovereignty alignment where applicable.