Digital and/or Data Sovereignty is a hot topic these days. We are discussing this back and forth and people are freely mixing the concepts and use them as they want them – making sure that we are still confused by the terms and their impact on the customer data itself.
Digital vs. Data Sovereignty
Owning digital data refers to having legal rights over the data, such as being the creator or rightful holder, with full authority to determine how it’s used, shared, or monetized. Ownership implies that the entity can sell, modify, or delete the data as they see fit. Controlling digital data, on the other hand, involves the ability to manage or govern access to the data, including who can view, modify, or use it, but doesn’t necessarily imply legal ownership. For example, a cloud service provider might control data by storing and securing it, but they don’t own the data—it remains the property of the user or organization that created it. In practice, ownership gives broader rights, while control focuses on operational oversight and governance.
Digital Sovereignty (Owning the Data)
Digital sovereignty refers to the concept that digital information is subject to the laws and governance structures of the country where it is collected, stored, or processed. It emphasizes that data, especially sensitive or personal data, must be managed in compliance with local regulations, such as data protection laws or privacy standards. This concept has become increasingly important in the era of cloud computing, where data may be stored in servers located in various countries. Ensuring digital sovereignty helps protect national interests, maintain privacy, and enforce legal accountability for organizations handling data across borders.
Owning the data should not be a topic – everyone agrees that customer owns its data, and there is no questions about this one. The fact that data is stored locally, remote or in the cloud does not change this one – customer is protected by several laws and treaties on that one.
What we usually mix is that digital sovereignty is the same as data sovereignty, so you would hear different ideas on this one, like that only the data that is stored locally is for sure owned by the customers itself. If you move it somewhere else (like cloud), you would lose the ownership – and here they are talking about control, not ownership itself.
Data Sovereignty (Controlling the Data)
When people are talking about Data Sovereignty they usually refer to a nation’s ability to control and govern its own digital infrastructure, data, and technologies, without reliance on foreign entities – model in which all services needed are built on location of the customer, or customers country. It encompasses ensuring that a country’s data remains within its borders or under its control, securing critical technologies, and protecting national digital infrastructure from external interference. Nothing wrong with this model, but it requires significant investments and work done to be at the top level of operations, automation, services, security etc. which is required to provide high quality end user services. This is what we usually see with local provides that are supporting data sovereignty requirements – they keep running low level services (like infrastructure) but stay away from the higher level of services (like platforms).
This concept is also closely linked to data privacy, cybersecurity, and the regulation of tech giants, and is often driven by concerns over surveillance, economic security, and maintaining autonomy in an increasingly interconnected and digital global landscape. But it misses one critical point and that is control over ownership as explained above: you are owning the data, but you still need to control it, regardless of location. Location does not play a significant role today when it comes to sovereignty.
Approach to Building Sovereignty
There are four distinctive platform scenarios that are landing the different digital / data sovereignty options for the customer. From now on, I will write only about digital sovereignty because data sovereignty from the ownership perspective is no question, no brainer. But basically we are still taking about data so:
- Datacenter based: where data is managed, processed, located, and owned by the customer, not connected to public services. Technically, architecture could be linked to public services, but there is no data transfer or data copy outside of the datacenter (or customer IT infrastructure) world.
- Datacenter extended with the Hub: where data is managed, processed, located, and owned by the customer, but connected to the public services. This implies that some of the services are exposed, connected to the data that is still at customer location, but could be (depending on the solutions) transferred to other locations. At the same time, services of other providers (outside of the customer) could be invoked / used.
- Datacenter extended with the Edge: where data is managed and processed by the public service provider and located and owned by the customer, on the location of the customer or other local or regional provider. Scenario that directly addresses the need of control over need to own the data. Data can be moved, stored, used in different locations, but under the rules and regulations of the customer. Typically that would be an encrypted data where service provider needs to ask customer for the key to use it, and customer is controlling the access.
- Public service provider services only: where data is managed, processed, and located by the cloud services provider and owned by the customer. Note that depending on the geolocation of hyperscale datacenter, Governments could look differently at the residency and then sovereignty options (look at the extended hyperscale options).
Solution Architectures
Not all platform architectures are the same, and not all of them will have the same transformation path to modernize and enable different degrees of digital sovereignty. There are many variants, and there are multiple platforms and technologies deployed and used there. We do see some commonalities that we can use to better define and build a common platform for national or supranational digital sovereignty:
- To support different requirements on the digital sovereignty, we see 5 main groups (initiatives) of Government building and developing National Datacenter that scale from on-premises only to strong support for public cloud services.
- Visible trend is expanding on-premises datacenters with hybrid extensions (expanding to public services) but also going Public Cloud (where public cloud services is primary model)
- In between there are many advanced options that explore specific scenarios for the custom need of the Government, like shared services and multi-cloud support that are emerging architecture of sovereign clouds.
From the implementation perspective, we see different options where we can create platforms, but those options can also be a timeline or guideline for different digital sovereignty development stages:
- Modernized Datacenter: where you have fully optimized, automatized, orchestrated, and converged datacenter that has on-premises location, supporting firm infrastructure control and strong data control.
- Hybrid Datacenter (HUB): modernized datacenter that is extended with hybrid infrastructure that allows you to extend the workload scenarios to public cloud, supporting both firm and soft infrastructure control and strong data control.
- Shared Services Datacenter (MULTICLOUD): hybrid datacenter that is organized around shared services that manages complex workloads that integrate services located in other datacenters, supporting both firm and soft infrastructure control and strong data control.
- Public Services Datacenter (EDGE): public shared services datacenter located on premise that is integrated with different customer services, located usually in highly secure private environment, supporting both firm and soft infrastructure control and strong data control.
- Public Services Datacenter: standard public cloud located in the highly secure public environment (usually hyperscale datacenter), supporting soft infrastructure control and strong data control.
In rest of this series, we will explore all options that models have, looking at the different roles of hybrid cloud and how it could be positioned to drive all benefits of the public cloud but enabling the requirements of the private cloud.