The European Union’s implementation of the General Data Protection Regulation (GDPR) in 2018 emphasized individuals’ control over their personal data, raising public awareness about data usage. As early as 2000, digital sovereignty had been incorporated into national digital development strategies, advocating that individuals act according to their own will in the digital world, free from external control—an idea aligned with the spirit of GDPR. As digital identity forms the foundation of the digital realm, countries have advanced privacy regulations in response to digital protectionism, emphasizing individual security and autonomy. Despite the challenges it poses to enterprises, digital sovereignty holds profound strategic value for both individuals and nations.

This project proposes a context awareness based Zero Trust Architecture (ZTA) based on the principle of “never trust, always verify.” In addition to access control, it incorporates mechanisms to assess emerging risks such as AI agents and fraudulent or deceptive information, thereby realizing the core concept of digital sovereignty—freedom from external manipulation—and ensuring individual autonomy and control. As AI agents become integral to digital services, establishing trustworthy verification mechanisms is essential to prevent misuse of personal data. Furthermore, since social media has become a major information source across text, voice, and video, enhancing defenses against misleading or fraudulent content is critical.