The Good Tech Companies - Sovereignty in the Cloud: Europe's Most Reliable Path Forward
Episode Date: November 26, 2025This story was originally published on HackerNoon at: https://hackernoon.com/sovereignty-in-the-cloud-europes-most-reliable-path-forward. Europe’s geopolitical tension...s are reshaping cloud strategy. Learn why a sovereign private cloud offers true control, compliance, and long-term data protection. Check more stories related to cloud at: https://hackernoon.com/c/cloud. You can also check exclusive content about #sovereign-cloud, #private-cloud-sovereignty, #eu-cloud-regulations, #geopolitical-cloud-risks, #data-sovereignty-europe, #cloud-repatriation, #gdpr-and-cloud-security, #good-company, and more. This story was written by: @minio. Learn more about this writer by checking @minio's about page, and for more stories, please visit hackernoon.com. Geopolitical tensions, conflicting data laws, and reliance on U.S. hyperscalers complicate Europe’s cloud landscape. True sovereignty requires full control over infrastructure, code, and data—something public clouds can’t guarantee. This article argues that a cloud-native private cloud offers the most reliable path to sovereignty, security, and cost efficiency.
Transcript
Discussion (0)
This audio is presented by Hacker Noon, where anyone can learn anything about any technology.
Sovereignty in the Cloud.
Europe's most reliable path forward, by Minio.
2025 has inherited a slew of geopolitical concerns that started years ago.
U.S. foreign policy, U.S.-China relations, China's geopolitical maneuvers, conflicts in the
Middle East, Russian-Ukraine war, and cybersecurity threats.
Additionally, new leadership in the United States adds to the uncertainty created by
these concerns. And as if all this were not enough, the backdrop of cloud computing in Europe
is that the most robust and feature-rich clouds are U.S.-based and ultimately subject to U.S.
law. Geopolitical concerns always give rise to a need for sovereignty, or for governments
and political unions to exert control over their assets to protect individuals, corporations,
and state secrets. This paper aims to describe Europe's multifaceted cloud computing
landscape amidst the current geopolitical landscape. Along the way, sovereign clouds will be defined,
and alternatives to sovereign clouds will be proposed. What is a sovereign cloud? Look up the definition
of sovereignty, and you will get a definition along the lines of supreme power or authority.
So, a logical definition of sovereign cloud would be a cloud where a single governing entity
like the European Union or a single government controls the physical layer, data centers and
infrastructure, the code layer, quality standards, source code management, and design, and the
data layer, ownership, flows and use. A common misconception is that a sovereign cloud is a cloud
where all physical assets are located within the boundary of some governing entity, and digital
assets within the data layer are never allowed to flow to infrastructure outside of this boundary.
While this is an important requirement of a sovereign cloud, it is not the only requirement.
One more key criterion for a cloud to be truly sovereign is that it must fall under the auspices
of only one government. To understand why this is necessary, consider the graphic below. Each government
makes regulations independent of the others. Also, most governments make rules that primarily
benefit their interests. Consequently, what would happen if government A made an act providing
data acquisition tools for intercepting and obstructing terrorism that clashed with government
bus protections for personally identifiable information? Unfortunately, this is precisely the situation
in Europe today. The graphic below replaces generically labeled vendors with real cloud
providers and real governments. Let's take a more detailed look at the current state of cloud
computing in Europe today. Related. What is sovereign cloud? Characteristics and key drivers
the cloud environment in the EU. The three biggest cloud providers operating in the EU are
Google, Amazon, and Microsoft. They have a combined market share of 70%. European alternatives to these
U.S.-based cloud providers are limited in number, and the few that exist are not as feature-rich as
the U.S.-based cloud providers. Bellowy a diagram showing the conceptual difference between the
capabilities of the U.S.-based hypers and those of European cloud service providers. Source
Policy brief cloud sovereignty. PDF, public AT, AIVD organizations wishing to utilize cloud
services must choose between a feature-rich platform from a U.S.-based provider and a local
European provider. If they need efficiencies and capabilities that only a full-featured platform
can provide in the data that will reside in the cloud is safe from sovereign regulations,
then one of the U.S.-based providers is best. However, if the data stored in the cloud is sensitive,
It could be in the crosshairs of two competing regulations from two governing entities.
In this case, a local sovereign cloud is the best cloud choice.
To be fair, U.S.-based cloud providers have announced sovereign cloud offers.
However, it is still early to assess their viability for a couple of reasons.
First, these offerings are relatively new and have not been sufficiently tested against European regulations.
Second, the hyperscalers are primarily focused on keeping data within a specified border and
helping their customers manage various regulatory controls. How U.S.-based providers will deal with
conflicts of interest between U.S. and European regulations is unclear. Another long-term concern is
that these, sovereign cloud offerings may become too costly for the cloud provider in the long run.
In this case, they could de-invest in sovereign clouds, leaving European governments and organizations
to find a new sovereign cloud. Now that we understand the true nature of a sovereign cloud
and the cloud environment in the European Union lets look at three different approaches to data from
three different governments. Different approaches to personal and non-personal data. Personal data refers
to any information which can be used to identify a person directly or indirectly. It can vary
from genetic, mental, physical, physiological, and cultural data, location data,
identification numbers, and names. Personal data uses are endless, including using digital
ID to gain access to e-government services, participating in political processes such as voting,
making online purchases, accessing financial services, etc. Big tech companies have become notorious for
their data extraction practices. A practice known assurvalence capitalism occurs when a company extracts
usage data and uses it to predict future behavior patterns. This usage data is also considered
personal data. The Cambridge Analytica scandal is a constant reminder about what can happen when
big tech collects personal data and does not secure it properly. Non-personal data is also important.
Over the years, governments have realized that data is a valuable strategic asset in a digital
economy. It can be used for planning, policymaking, creating new opportunities for businesses
and individuals, and boosting economic growth. With the increase of big data analytics and
artificial intelligence, AI, there is a growing need for rules, regulations, and policy direction
on how I should be leveraged to benefit people.
The chart below summarizes three governing bodies
and their overall approach to digital sovereignty,
personal data, and non-personal data.
Source.
Global approaches to digital sovereignty.
Competing definitions and contrasting policy
some interesting observations can be made from the chart above.
Let's start with the US.
Interestingly, the US does not have a unified approach to personal data,
especially if you consider the debacle of the Cambridge Analytica scandal.
Most importantly, the clarifying lawful overseas use of data, Cloud Act authorized U.S.
authorities to demand access to data that is held by U.S. companies overseas.
It should be no surprise that China has everything locked down.
Regulations on personal data are protected by their personal information protection law,
people, which is similar to Europe's general data protection regulation, GDPR.
Non-personal data is categorized according to national security risks and secured appropriately based on these risks.
The European Union is leading the way in terms of protecting personal data.
GDP risks influencing the policies governments around the world are putting together.
They have also considered the fair use of non-personal data.
A private cloud is a sovereign cloud.
What is the best cloud for organizations responsible for data that must be sovereign?
Given the above facts about the true nature of a sovereign cloud, the current public cloud
environment in Europe, and the differing approaches to data occurring worldwide, this is a challenging
question, but one powerful option stands out.
A cloud-native private cloud provides sovereignty and can be built in a cost-effective manner.
Modern data storage techniques like data lakehouse allow for storing both structured and
unstructured data while simultaneously disaggregating compute from storage.
Both storage and compute can scale independently, so organizations only pay for what they
need and can scale out when their storage and compute requirements change.
By ensuring your private cloud is cloud-native, organizations can
move it to a public cloud in the future should an acceptable sovereign public cloud
come along related what is a private cloud benefits and use cases other benefits of private clouds
no one will argue that public clouds are the best way to get started you have resources on demand
and today public clouds are feature rich so you will find everything you need to store your data
host your services authorize your u s er s etc furthermore they save considerably on capital expenditures
However, the public cloud is not a panacea. In the long run, they will cost you more for heavy
workloads. Many organizations today are experiencing this, which is led to a migration
from public clouds to private clouds, also known as repatriation. As a concrete example of
repatriation in action, consider 37 signals, the company behind Basecamp and Hay. They recently
announced their complete exit from AWS. They calculated that they will save $2 million annually by
running on-premise. Another notable example is GEICO, one of the largest automotive insurers in the
United States, which is actively repatriating many workloads from the cloud aspect of a comprehensive
architectural overhaul to cut down on exploding cloud costs. In Europe, many organizations are
conservative in adopting AI because they do not want to bring their sensitive data to the cloud.
Using a private cloud allows organizations to move quickly and, at the same time, maintain control over
their data. For those who have invested in GPUs, a private cloud for model training and model hosting
is best, as you need compute close to your data. Conclusion, a sovereign cloud is a cloud
that keeps digital assets within a specified physical boundary and, most importantly, protects personal
and non-personal data from bad actors and the regulations of other governments. Today, a truly
sovereign cloud is a relative concept. It only exists for a given organization IF the cloud
is owned and operated by another organization within the same political boundary.
If you have any questions, be sure to reach out to us on Slack. Thank you for listening to this
Hackernoon story, read by artificial intelligence. Visit hackernoon.com to read, write, learn and publish.