Summary
AI, public clouds, and geopolitical tensions are making data sovereignty a key concern from the halls of government to company boardrooms. Flexible architectures and the right technology partners to deliver them will be essential to be ready for whatever the future brings.
From its earliest days, Pure Storage has believed that efficient data storage not only addresses the challenges at hand but also adapts to the unknowns just around the corner.
That ethos seems particularly useful in a landscape where data has become both more valuable and more contested.
With its boundless appetite for data, AI is pushing into data centres and public clouds. But for all the clamour around AI, it is the latest in a series of changes—from the rise of public clouds to regulations on personal data and geopolitical tensions—that have once again brought to the fore questions about how data is governed and by whom.
The US and China have been the chief architects of the world’s public clouds and AI models, and much of the world is weighing in on what comes next in this emerging digital order.
The regulations this has set in motion across the globe, along with broader geopolitical uncertainty, have turned data sovereignty into an existential conversation across the halls of government and company boardrooms. In its simplest terms, data sovereignty is the principle that data is subject to the laws and governance of the country where it is collected or stored.
Our experience in data storage and management at exabyte scale gives us a unique perspective on the challenges of sovereignty. And the practical technologies and solutions we deliver to ensure both agility and protection across the data estate offer key insights on the path forward.
High Stakes and High Risks
To get a snapshot of how leaders are weighing sovereignty’s risks and opportunities, we collaborated with the University of Technology Sydney to conduct an independent pulse survey across nine markets in Europe and Asia-Pacific. Our goal was to probe leading industry, research, and government experts on their biggest challenges and needs, the findings of which can be found in this position brief.
The results suggest that data sovereignty has clearly moved beyond the strict concerns of compliance, becoming instead a much larger debate around competitiveness, innovation, and social trust.
- 100% of respondents stated that data sovereignty concerns, including potential service disruptions, have made them reconsider where data is located.
- More than 92% agreed that the current geopolitical environment has increased the risks of not dealing with data sovereignty.
- 78% said they are adopting strategies that include multiple service providers, sovereign data centres, and embedded requirements for data governance in all commercial agreements.
Crossroads
The concerns and expectations of these leaders reveal a basic truth and quandary: Commerce and governance are deeply tied to an interdependent technology ecosystem.
States and businesses will need to align on sovereignty models that safeguard sensitive workloads without sacrificing the ecosystem. Distributed systems cannot be left unmanaged, nor can all data operations be walled within sovereign soil.
That balancing act will hinge on two considerations:
- Physical sovereignty: Investing in or partnering with trusted providers for infrastructure within sovereign borders
- Technical sovereignty: Control through encryption, governance, and portability so that states and enterprises, not vendors and hyperscalers alone, determine how data is managed
“AI is certainly redefining the boundaries that we need to think about [in relation to] protecting data and what data sovereignty actually means.”
–Data governance expert, Australia, Pure Storage and UTS Pulse Survey
Emerging Frameworks
Sovereignty’s emerging regulatory spheres include the US, China, Europe, and Asia. Europe and Asia share a desire to compete with the US and China, but the approaches soon diverge.
In Europe, sovereignty has been largely framed through prescriptive regulation. Anchored by the GDPR and the forthcoming AI Continent Action Plan, the EU is investing heavily in infrastructure, with some €200 billion earmarked for AI capacity.
Asia-Pacific resists any definitive approach. Singapore, Japan, New Zealand, and Australia emphasise principles-based governance and international cooperation—Singapore describes AI as a “technology without a passport”. Whereas South Korea and India tie sovereignty more to economic and social protection.
The Flexibility Principle
No one company—Pure Storage among them—has a magical turnkey solution. But our proximity to the need for data accessibility and management offers glimpses of the flexible models that can serve multiple purposes.
The Pure Storage platform is designed to bring the kind of visibility, control, and automation across massive data sets that will be a necessary starting point for any compliant and agile architecture. We are among the companies bringing modern data portability, encryption, and governance to cloud and sovereign workloads, through an ecosystem of technology partners, including hyperscalers, NVIDIA, Beyond.pl, and others.
That platform is now designed to help organisations create their own secure, virtualized clouds, to unify and manage data storage resources across data centres and clouds alike. This kind of adaptable foundation will serve sovereign goals: a consistent platform that helps organisations set policy to keep specific data sets in sovereign hands or compliant in public clouds.
Critically, new initiatives for expanding capacity cannot be decoupled from energy security. Across the world, AI workloads are taxing power grids. Europe’s data centres alone consume approximately 3% of its electricity, a figure projected to nearly double by 2035. By design, Pure Storage has consistently set benchmark efficiencies in accord with global climate and energy targets. Solutions to manage power, cooling, and space needs will be vital for data centres to scale sustainably.
Plan Now
There are several steps organisations can take to bring a flexible framework to life:
- Assess relative risks: Not all data carries equal sovereignty risk. Map your application landscape to identify what truly requires sovereign protection.
- Adopt a hybrid approach: Keep critical workloads and applications in sovereign environments while leveraging the public cloud for less sensitive ones.
- Choose capable sovereign partners: Prioritize providers that guarantee jurisdictional independence, resilience, and compliance—without sacrificing performance or portability.
- Prepare for regulatory evolution: Boards with digital literacy and organisations with clear governance frameworks will be best equipped to navigate change in an increasingly geopoliticised environment.
Sovereign Paths, Together
In the end, data sovereignty is not an either-or choice. The world is deeply connected through technologies that routinely disrupt their own conventions. Regulators and businesses would do well to avoid business-as-usual denial or the isolation of walled gardens.
Emerging sovereign frameworks should align the goals of our innovators and regulators, where both share the responsibility to protect states and commerce, and where sustainability and advanced technologies can meet.
Most nations can’t outspend today’s superpowers, but they can optimize their strengths by assessing their risks, rebalancing around flexible architectures, and preparing for emerging regulations.
A flexible, resilient foundation will engender trust and keep the wheels of commerce turning—and help the world adapt to whatever comes next.
A New Era of Data Sovereignty
Find out what industry leaders are doing to address data sovereignty challenges.






