Introduction to Sovereign Cloud
The concept of sovereign cloud has gained significant attention in recent years, particularly with the increasing demand for data protection and privacy. Independent analyst and consultancy firm Omdia has released its market radar paper, exploring the sovereign cloud market and how cloud service providers (CSPs) responded to the trend. The 2025 IT Enterprise Insights study analysed the top five Western public cloud providers – AWS, Azure, Google, IBM, and Oracle – and discovered they make up 86% of the cloud market, with a presence in 33 countries as of 2024.
The Current State of Cloud Infrastructure
North America has 347 data centres, Europe 194, and China has just three. Although cloud is available worldwide, the report reveals its infrastructure remains regional. According to Omdia’s research, new formats like edge cloud and sovereign cloud are on the rise, plus there’s a higher focus on environmental sustainability, which, the company surmises, will see more players enter the market. CSPs around the world are expected to witness increased pressure as China-based CSPs expand globally.
Evolution of Cloud Service Providers
The market has evolved in recent years, with CSPs now broadening their approach by providing additional choices to meet operational autonomy, data residency, and resiliency needs. Omdia found that the EU is leading in data protection and sovereign cloud initiatives, like General Data Protection Regulation (GDPR) and Gaia-X. Regions like the Middle East are starting to develop similar regulations, with initiatives including the Saudi Vision 2030. 60 new data centres have been set up in the Middle East, highlighting how its local infrastructure is growing.
The Rise of Sovereign AI
The growth of genAI has prompted countries to consider “sovereign AI,” developed and run inside national borders, bringing data under local control. This creates challenges for CSPs that do not offer local facilities, and some are losing out on business potential that goes to locally-based data centres. Omdia says it expects 2026/27 to be important for AI development, with the idea of “sovereign generated data” becoming more talked-about, with organisations needing to protect this AI-generated data from internal information requiring the same levels of protection as original datasets.
Omdia’s Sovereign Cloud Model
To evaluate accurately the degree of sovereignty in a cloud deployment, Omdia has proposed a six-level model, one that corresponds to the increasing levels of control and compliance necessary. The model reflects how a country’s laws and regulations address data protection, processing, control, and privacy. The six levels are:
Data Residency
Data must be stored in the country, with laws mandating that certain types of data, like personal or sensitive information, cannot be hosted outside national borders.
Data Processing
Data must be processed locally by approved entities following stringent privacy rules and consent, thus ensuring tighter control over who can handle the data and how.
Data Privacy
Focusing on access controls, if data is stored and processed locally, it needs to be protected against unauthorised access, particularly from foreign authorities.
Generated Data Access and Control
Omdia recommends sovereign frameworks should define who has ownership and control over generated data.
Cloud Resiliency
Cloud resiliency ensures cloud services are not dependent on foreign infrastructure, helping to reduce the risk of potential disruption outside national control, such economic or geopolitical upheavals.
Cloud as Important Infrastructure/Operational Jurisdiction
Level 6 suggests the cloud is treated like a national utility, such as energy, water or telecommunications.
How CSPs are Responding
Beginning with a “sovereign-by-design” strategy, which essentially builds cloud platforms with sovereignty in mind, CSPs have had to evolve, shifting to a more customised and flexible model, one that aligns with specific regional regulations. CSPs are responding to the growing demand for sovereign cloud with two main approaches. The first model the company urges cloud providers to approach is full isolation with region-specific offerings. Major CSPs like AWS and Oracle are creating separate, isolated cloud environments in a country or region.
Recommendations for Enterprises, Service Providers, and Technology Vendors
Omdia have set recommendations for enterprises, service providers, and technology vendors based on its sovereign cloud model. For enterprises, Omdia’s recommendation is to understand which parts of the business and data are subject to local regulations, and develop an architectural approach showing how they will implement sovereign cloud capabilities in their IT systems. Omdia recommends service providers develop partnerships with local organisations to receive official approval (or accreditation) from national governments to be able to deliver sovereign cloud solutions. Technology vendors are recommended to investigate what’s required to meet local sovereignty regulations.
Conclusion
In conclusion, the concept of sovereign cloud is becoming increasingly important, with CSPs responding to the growing demand for data protection and privacy. Omdia’s six-level model provides a framework for evaluating the degree of sovereignty in a cloud deployment, and its recommendations for enterprises, service providers, and technology vendors provide a roadmap for implementing sovereign cloud capabilities.
FAQs
Q: What is sovereign cloud?
A: Sovereign cloud refers to the concept of cloud computing where data is stored and processed within a country’s borders, subject to local laws and regulations.
Q: Why is sovereign cloud important?
A: Sovereign cloud is important for ensuring data protection and privacy, as well as complying with local regulations and laws.
Q: What are the six levels of Omdia’s sovereign cloud model?
A: The six levels are: data residency, data processing, data privacy, generated data access and control, cloud resiliency, and cloud as important infrastructure/operational jurisdiction.
Q: How are CSPs responding to the growing demand for sovereign cloud?
A: CSPs are responding with two main approaches: full isolation with region-specific offerings, and partnership models with local service providers or national telecom companies.
