Data sovereignty emerges as key risk amid global tensions

A new report highlights that data sovereignty is emerging as a significant risk for organisations and nations amid ongoing geopolitical tensions and evolving regulations.

The report, produced by Pure Storage in collaboration with the University of Technology Sydney, draws on interviews with industry leaders from nine countries including the United Kingdom. It underscores the urgency with which organisations are re-evaluating their approaches to data location and management due to increasing sovereignty risks.

Rising concerns

The research indicates that all surveyed leaders are reconsidering where their data is housed, driven by fears of service disruption and the impact of geopolitical changes. The findings show 100% of respondents acknowledged that sovereignty risks have prompted a re-examination of data storage practices. In addition, 92% stated that geopolitical shifts are heightening their exposure to risk, while an equal proportion warned that insufficient sovereignty planning could cause reputational damage.

Leaders identified the loss of customer trust as a particular concern, with 85% citing it as the ultimate consequence of failing to address data sovereignty. Furthermore, 78% reported taking concrete steps to build sovereignty into their strategies, including adopting multi-provider approaches, utilising sovereign data centres, and embedding stricter governance clauses within commercial agreements.

Geopolitical and regulatory drivers

The authors of the report detail a convergence of factors - including potential service disruption, concerns about foreign influence, and ongoing regulatory change - that are intensifying the challenge. As a result, organisations face potential revenue loss, regulatory penalties, and a lasting impact to stakeholder trust if these exposures are not managed effectively.

These developments come as nations work to expand sovereign cloud capacity and enterprises weigh the operational risks posed by sanctions, platform restrictions, and disrupted supply chains. Recent contracts, such as the UK Ministry of Defence's agreement with Google to provide a sovereign cloud, illustrate the widespread recognition of these issues.

Adopting balanced strategies

The report notes that the response to data sovereignty challenges is not simplistic. Rather than withdrawing entirely from public cloud services or minimising the risks associated with data sovereignty, the authors advocate for a more balanced approach. Understanding which data sets and services are most critical and sensitive, and placing these in sovereign environments, while retaining the use of public cloud resources for less sensitive work, is recommended.

"The Access Group handles sensitive end-user data for our customers across the world, from the National Health Service in the UK to the Tax Department in Australia. Data sovereignty is an absolutely critical issue for us and our customers. In fact, they ask that it be written into our contracts. With Pure's help, we are able to deliver sovereign Enterprise Data Clouds in each of our data centers around the world," said Rolf Krolke, Regional Technology Director, APAC, The Access Group.

The report also includes a perspective from Alex McMullan, Chief Technology Officer, International, at Pure Storage, who said: "The potential consequences of not having a modern and realistic data sovereignty strategy are acute. Loss of trust, financial damage and competitive disadvantage are possible outcomes that cannot be ignored. We recommend a hybrid approach to data sovereignty: start with a risk assessment across workloads, keep critical workloads sovereign, and use the public cloud for the rest. A balanced strategy optimises reducing risk while maintaining speed of innovation and organisational resilience."

Sector response and future outlook

The brief accompanying the report stresses the need for organisations to conduct strategic risk assessments, combine sovereignty requirements with innovation goals, and prepare for further regulatory changes. According to the research, those who take action now will be better placed to secure a competitive edge as sovereignty pressures grow across global markets.

Gordon Noble, Research Director at the Institute of Sustainable Futures, University of Technology Sydney, commented on the scale of the response: "These are wake-up call numbers. Every single leader we interviewed is rethinking data location. The message is clear: sovereignty is no longer optional, it is existential."

Archana Venkatraman, Senior Research Director, Cloud Data Management, IDC Europe, said: "Data sovereignty has evolved from a technical challenge to a critical business issue. Organisations that don't address where their most important data and services are located risk service disruption, regulatory non-compliance, and reputational damage. We expect to see data sovereignty treated as a strategic priority in 2025 and beyond, to safeguard long-term business continuity and trust. Organisations that focus on pragmatic strategies to enhance data resilience, control and strategic autonomy can minimise dependencies, risks and exposures."

Research context

The study was based on qualitative interviews with experts and practitioners drawn from industry and research institutions in Australia, France, Germany, India, Japan, New Zealand, Singapore, South Korea and the United Kingdom. These countries represent a variety of regulatory and geopolitical contexts in which data sovereignty is increasingly regarded as a key determinant of business success.