Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
In July this year, Microsoft confirmed what many across the European technology and regulatory ecosystems had long suspected: even data stored on EU soil can be subject to foreign jurisdiction. Under oath before the French Senate, the company admitted it “cannot guarantee” that European customer data would be shielded from U.S. government access under the CLOUD Act.
This news was widely reported across Europe, fueling the debate over data sovereignty, control, and the future of the continent’s digital infrastructure. Don’t forget, this isn’t just a legal concern, it’s a strategic one as well. If, as Microsoft has suggested, data stored in Frankfurt or Paris can be accessed from Washington, then physical residency of the data alone offers no real protection. Sovereignty, as it turns out, is not about geography; in the case of data, it’s about governance and the influence held by those making the rules.
The illusion of control
But how have we arrived at this point? For years, hyperscalers have fervently assured European customers and regulators alike that local data centrers, regional compliance and contractual safeguards are sufficient to meet the region’s data sovereignty needs. But as Microsoft’s testimony made clear, these measures can be overridden by foreign mandates. The CLOUD Act, which took effect in 2018, is a case in point that allows U.S. authorities to compel access to data held by American companies, regardless of where that data is physically located. For European lawmakers, that situation is unacceptable.
It also puts European organizations in a very difficult position, with those reliant on U.S. hyperscalers exposed to extraterritorial legal claims. For the commercial sector alone, it’s a major headache to say the least, but in the defence, public services, and critical infrastructure sectors, it’s not just a compliance risk; it’s a potential sovereignty breach.
Complicating matters even further is the nature of contemporary enterprise data itself. With up to 90% of new data being unstructured (such as emails, documents, logs, and media), visibility and governance are, by definition, a more complex undertaking. In hybrid and multi-cloud environments in particular, this data can easily sprawl across jurisdictions, platforms, and formats, making it even more difficult to track, classify, or protect.
In these circumstances, organisations that don’t have a clear view of where data lives, who can access it, and under what legal framework, are flying blind. Sovereignty becomes not only elusive but also operationally impossible, even when they take steps to address their choice of service providers.
Intelligent data management
So, what can be done to address these increasingly urgent issues? Fortunately, sovereignty doesn’t need to wait for legislative reform or new infrastructure. Instead, the availability of intelligent, vendor-neutral data management platforms can bridge the gap between visibility, control and policy enforcement across today’s fragmented infrastructure and data environments.
These platforms enable organizations to:
Map data flows across clouds and jurisdictions
Classify data by sensitivity and legal exposure
Enforce residency, retention, and access policies
Detect and mitigate unauthorized access or movement
Ultimately, the objective should be to build digital resilience, reinforce trust, and align operations with European regulations. This works in contrast to solutions tied to a single vendor or storage format, which almost inevitably result in limitations on portability, governance and long-term control. Add to that the challenges associated with legacy tiering systems, intermediary gateways, and proprietary formats, and it’s easy to see why so many organizations fall short of the neutrality required for sovereign operations.
In contrast, modern data management platforms must support seamless movement, classification, and retention across diverse infrastructures, be that public cloud, private cloud, or on-premises, and do so without compromising control.
Europe’s digital future
Looking ahead, the situation remains mired in uncertainty. The Microsoft testimony has sharpened the stakes and, at the same time, sovereign cloud initiatives and regulatory scrutiny are gaining momentum. AWS’s €7.8 billion investment in a European Sovereign Cloud is one signal. The French Senate’s inquiry is another. But meaningful sovereignty will require more than infrastructure; it demands intelligent data management, legal clarity, and operational independence.
As the European Parliament warned back in 2020, “citizens, businesses and Member States… are gradually losing control over their data.” Five years later, that warning has become a strategic imperative. Europe’s digital future will depend not just on where its data resides, but on who governs it, how it’s protected, and whether its control can be guaranteed.
