A sovereign cloud is a cloud computing service that complies with the data usage and privacy laws of a specific country or location. In this way, the sovereign cloud prevents the transfer of data to unauthorized parties – e.g., countries – outside the established jurisdiction.
Major events in the history of data sovereignty include the 2001 U.S. Patriot Act and the related 2010 global surveillance disclosures; the 2020 Schrems II verdict from the Court of Justice of the European Union (CJEU), concerning the transfer of personal data from Europe to the U.S.; and a 2015 court case, Microsoft Corp v. United States, which pivoted around a request from the U.S. Department of Justice to access personal emails housed in an Ireland data center, and Microsoft’s maintaining that data on international servers was not subject to U.S. jurisdiction.
The public use of artificial intelligence (AI) tools has prompted new discussions surrounding data sovereignty and digital sovereignty. Per research from Brookings, “Growing mistrust between nations, however, has caused a rise in digital sovereignty, which refers to a nation’s ability to control its digital destiny and may include control over the entire AI supply chain, from data to hardware and software.”
A sovereign cloud adheres to sovereignty requirements and local data laws. In maintaining a sovereign cloud, best practices include physical security measures (e.g., physical data centers); access controls that prevent entry from unauthorized users; data encryption; data classification according to determined sensitivity levels; and careful cloud service provider selection.
The business benefits of a sovereign cloud include the following: