Digital sovereignty 101: Everything you wanted to know (and needed to ask)

There’s more to digital sovereignty than just protecting data. While that's a big piece of the puzzle, digital sovereignty is really about having control over your digital world — from the physical data centers to the software your customers and the public use every day.

Sovereign cloud solutions are growing in popularity. Globally, 37% of organizations surveyed are currently using them, and a combined 44% plan to adopt them in the coming years, according to a new report published in September from IDC.

At its core, digital sovereignty is about allowing public and private organizations worldwide to keep the flexibility their domestic operations require. It’s about enabling them to operate on multiple clouds, and it’s about enabling them to maintain control over data with advanced technologies.

We discussed the ongoing and growing importance of digital sovereignty during a recent webinar. The great questions you asked showed us that as more companies use AI and the cloud, getting sovereignty right has become essential. To answer the most common questions from the webinar, I sat down with Julien Blanchez, Google Cloud's expert on digital sovereignty in Europe, the Middle East, and Africa.

Senanu Aggor: One of the key questions that we heard during the webinar centered on defining what, exactly, digital sovereignty is — and how it differs from data privacy and cybersecurity. Julien, can you talk about how we define digital sovereignty at Google Cloud?

Julien Blanchez: That's a great question, and it's a distinction that's at the heart of many of these conversations.

Think of it this way: Digital sovereignty is the big picture. It's a nation's ability to have the final say over its own digital destiny — the way it controls its infrastructure, its data, and the digital services operating on its own terms. It’s about ensuring that local laws govern the cloud operations and controls where data is located, who can access it, and how it’s managed.

Data privacy is just one of the cornerstones of the sovereignty expectations. It’s all about the rights of the individual. Think of GDPR — it’s about how a person’s data is collected, used, and shared, and making sure they have control over their own information.

And cybersecurity is the shield. It's the practice of protecting all of our digital systems, from networks to data, against attacks and unauthorized access. So, while digital sovereignty certainly includes privacy and cybersecurity, it's a much broader concept that encompasses the control of the entire digital ecosystem.

Senanu Aggor: That makes sense. Another major theme from our attendees was trust, especially with AI. How can organizations use AI and the cloud while still being sure they have control over their data and that it's secure?

Julien Blanchez: You're right, trust is the key. And it's a major focus for us. Every day we see technical decision makers choosing less secure and less innovative technology because they don't trust hyperscale offerings. Unless we solve for this trust, too many organizations around the world will remain less secure and less competitive than they could be.

For AI, it comes down to a few key pillars: robust security measures, crystal-clear data residency policies, and a commitment to ethical AI development.

People want to know, and rightly so, that their cloud service provider is able to keep their services secure, and that data isn't being exposed when it's being processed. They want to know how we're tackling the ethical challenges of AI, like bias, and how we're protecting their privacy.

At Google Cloud, we’re dedicated to being transparent about our commitment to data security, safety and trust, especially when it comes to our AI services. We want to make it very clear how your data is and is not being used. We also want to put you, or a domestic operator, in control.

Ultimately, organizations across all nations will want world-class AI of their own, operating on their terms. That is exactly what we are helping them build with our technology.

Senanu Aggor: Let's get practical for a moment. We hear terms like "sovereign" and "isolated" or "air-gapped" cloud solutions. How do those actually work, and what are the trade-offs?

Julien Blanchez: This is where the rubber meets the road. Sovereignty has different interpretations, and there is no “one size fits all” technical solution.

For use cases where operating on the public cloud is not an option, an air-gapped solution may sound like the most desirable level of control as it's physically isolated from open networks. Air-gapped solutions such as Google Distributed Cloud, can offer a very high level of assurance, but do come with some limitations.

For example, that isolation can make it more challenging to connect to and integrate with other cloud services. In turn, that integration can affect how data can be replicated in different locations, and recovered after a natural disaster or a direct physical attack. It also can impact how fast software can be patched, and how much you can make use of highly scalable big data services.

We've been getting a lot of questions about isolated solutions. It is the reason why we partnered with Thales in France to help them build S3NS, a subsidiary using our Google Cloud Dedicated solution. While using technology from abroad, S3NS will be the one of the first European hyperscale cloud providers. The Google Cloud Dedicated solution acts as a twin replica of Google Cloud, but is fully operated by domestic providers, such as S3NS, independent from Google, and subject only to their local laws.

To explain the difference between the two offers, we're actively developing more detailed resources, including whitepapers. S3NS also publishes its own technical documentation that will provide a much deeper view into how these dedicated and air-gapped solutions work in practice.

Senanu Aggor: That brings up an interesting point that was debated in the webinar chat. If every nation or organization creates its own isolated "digital island," are we going to end up with a fragmented cloud? How do you balance that need for national control with the desire to stay competitive on a global scale?

Julien Blanchez: That's the critical tightrope we're walking. The goal is to avoid the digital isolation of entire parts of the world. It's about providing the control and compliance that organizations need over their workloads, without cutting them off from the incredible innovation and scale that the global technology offers.

This is precisely what solutions like Google Cloud Dedicated are designed to do. We want to provide those sovereign capabilities while still allowing organizations to tap into the power of the broader Google Cloud ecosystem.

It's about rebalancing the uneven distribution of technology, helping create new local cloud providers that can offer the best of both worlds, not forcing a choice between local or global.

Senanu Aggor: What about the legal side of things? Data doesn't stop at the border, and many webinar attendees asked how Google Cloud handles the different legal requirements for data storage around the world.

Julien Blanchez: The legal landscape is definitely complex, and it's a top priority for us. We are deeply committed to ensuring we meet the legal and compliance requirements in every country and region we operate in.

That is why we are continuously exploring ground breaking technology options here, leveraging our well-proven engineering capabilities. Building together with our customers around the world, competitive world class AI tools that respect local legal, cultural, political constraints, will be our common challenge for the next few years.

It's a very exciting task ahead. Our promise is to strive for the highest security and innovation, and be transparent, providing clear information on the robust solutions we deliver and to help our customers navigate these complex jurisdictional waters.

I hope this discussion has helped clarify some of the key themes around digital sovereignty. The conversation is ongoing, and Google Cloud is committed to providing the solutions and information our customers need.

To get started with our digital sovereignty solutions, visit our Sovereign Cloud website or reach out to one of our digital sovereignty experts.