Data is not just a technical category, but a strategic issue of power. At a time when companies, countries and individuals are moving a large part of their digital lives to the cloud, the decisive question is where this data is stored, who manages it and under which legislation it actually falls. This is where the concept of the sovereign cloud comes in, which in Europe is rapidly becoming a political, economic and security priority from a niche technological topic.
- Data sovereignty is not a question of location, but of control – especially over access, infrastructure and cryptographic keys.
- The legal framework plays a key role, as access to data is increasingly determined by jurisdiction, not technology.
- More control brings more security, but also more complexity, so interoperability and an exit strategy become imperative to reduce dependencies.
- The most realistic model is a hybrid: a combination of sovereign environments for critical data and global platforms for efficiency and scalability.
In the podcast Tech giants they discussed it Peter KosRegional Director for Eastern Europe, Turkey and Central Asia at NetApp Corporation, and David Bevchead of IT and cloud services at Telekom Slovenije. In the foreground is the realization that digital sovereignty is no longer a projection of the future, but a response to the reality in which data acts as an infrastructure, which increasingly shapes power relations.
Surveillance as a new definition of infrastructure
The sovereign cloud does not mean only a different layout of servers, but a shift in the understanding of control. The key question is no longer technical, but institutional: who has the actual influence over the digital environment. This logic is clearly reflected in the definition, which places the sovereign cloud in the context of local governance.
As David Bevc from Telekom Slovenije points out, it is an environment that is located in Slovenia, and it is overseen by a Slovenian company, staff and engineers who ensure that the data does not flow elsewhere. In such a formulation, infrastructure is no longer just a technological layer, but also an organizational and management structure that determines data and decision-making flows.
Between autonomy and efficiency
In practice, sovereignty does not function as an absolute category, but as a continuum of decisions that organizations make based on their priorities. NetApp’s Peter Kos points out that there are levels of sovereignty, from complete to minimal, which means that complete autonomy is not always the optimal choice. Organizations are weighing the advantages of global providers – scalability, speed, economies of scale – and the greater degree of control afforded by local models.
Such decision-making is becoming distinctly strategic. It is no longer about optimizing costs or performance, but about managing dependencies and long-term risks.
Sovereignty as a legal issue
The physical location of data is often understood as a key element of sovereignty, but it is not sufficient in itself. The presence of data in Europe or Slovenia does not mean that they are beyond the reach of external legal systems.
Peter Kos PHOTO: Marko Feist
The question of jurisdiction comes to the fore. As Peter Kos points out, control over technology, control over one’s data, applications and operations is increasingly placed within the framework of sovereignty, which means that the legal framework is becoming equivalent to the technical one. Today, access to data is no longer established primarily through technical hacks, but through legislation, court decisions and international jurisdictions.
In this context, it becomes crucial whether the data is managed by a local entity or a global corporation operating under a foreign jurisdiction.
Keys as a real point of control
One of the most concrete aspects of sovereignty is manifested in the management of encryption keys. Technological data protection does not in itself mean actual control.
As Bevc points out, the question is not simply whether the data is encrypted, but who manages the cryptographic keys. If these are in the domain of global providers, access control also moves out of the organization. This means that the legal or operational mechanisms of third countries may affect access to data, regardless of its physical location.
Local key management therefore means a significantly higher level of autonomy. In this context, sovereignty is no longer measured in kilometers, but in management rights.
The price of control
A higher degree of control over the digital environment inevitably brings greater complexity. Sovereignty requires additional resources, knowledge and management capacity.
Kos illustrates this logic by comparing different levels of security: “If we just lock the shop, that’s one cost; if we have a security system, the cost is higher; if we have protection, even significantly higher.” A similar dynamic applies in the cloud, where a higher level of protection means a larger investment.
The decision for sovereignty is therefore primarily a decision about what level of risk the organization is willing to accept.
Exit as part of strategy
In addition to control, the ability to exit the system is also becoming crucial. Dependence on one provider – the so-called lock-in – can limit flexibility and long-term competitiveness.
Kosovo’s position is unequivocal: lock-in is never a good solution. Therefore, interoperability is no longer a technical advantage, but a strategic necessity.
This is followed by the concept of an exit strategy. Bevc warns that a way-out strategy should be a key part of any transition to the cloud, as it allows organizations to maintain control over their data even in the event of changes or crisis scenarios.
Resilience, Proximity and Trust Architecture
Sovereign models raise the key issue of operational resilience, which in practice goes beyond the classical understanding of security. Local infrastructure enables faster response, greater transparency over systems and more efficient management of recovery processes. The proximity of the infrastructure is increasingly becoming a competitive advantage, as it shortens response times and reduces dependence on distant operational centers.
David Bevc, head of IT and cloud services at Telekom Slovenije PHOTO: Marko Feist
In this context, sovereignty becomes directly related to operational reliability. As Bevc explains, data and business recovery is often easier to ensure in a local sovereign cloud than in a completely remote environment, which confirms that proximity is not just a logistical category, but an element of stability and control. The sovereign cloud thus acts as an architecture of trust, where the technological solution is intertwined with organizational and operational capabilities.
At the same time, cloud development no longer proceeds linearly in the direction of centralization. In parallel, the process of dispersal is taking place, driven by the growing need to process data at the point of its origin. Edge computing it moves computing power closer to the user, device or industrial environment, changing the logic of the infrastructure itself. As Kos notes, the edge is already here – in cars, phones, smart devices, which means that the modern cloud works as a combination of centralized and distributed systems. In this context, the sovereign cloud assumes the role of a connecting layer that enables coordination between global platforms and local requirements.
The hybrid model as a European answer
In such an environment, a hybrid approach is emerging as the most realistic development path. The sovereign cloud is not established as an alternative to global solutions, but as their strategic complementary layer. Organizations increasingly combine different models: they place sensitive and critical data in sovereign environments, while using global platforms for services where the advantages of scalability, speed and economy prevail.
Such an approach allows for a balanced management of openness and control. It is not about withdrawing from the global digital space, but about its more deliberate use, where decisions about location and data management become part of a broader business strategy.
In this context, the debate on the sovereign cloud goes beyond the technological framework and becomes a question of Europe’s future role in the digital ecosystem. Data has become infrastructure, and infrastructure determines power relations.
The sovereign cloud is thus no longer just a technological option, but an instrument for creating digital autonomy, where the decision to manage data also means the decision to control one’s own development.
