Just when you thought AI had sucked all the air out of the room, data sovereignty is a growing concern for businesses around the world—and the MSPs who serve them. So, what is data sovereignty, why is it suddenly so important, and how can MSPs act to meet their customers’ evolving needs?
Data Sovereignty Defined
The concept of data sovereignty is that digital data is subject to the laws and governance of the country in which it is collected, processed, or stored. In other words, if data is stored on servers in a particular country, it must comply with that country’s data protection and privacy regulations—even if the company handling the data is based elsewhere. It’s a complex topic that’s just got a whole lot more complicated… and a whole lot more important.
Data sovereignty can also refer more broadly to the ownership and control of data.
Why is Data Sovereignty a Hot Topic?
Data sovereignty has slowly grown as a search term since 2013—and then in 2025 it skyrocketed. The increased interest is a direct result of policy changes introduced and suggested by US President Donald Trump.
The Trump administration’s approach: deregulation, increased executive control over government agencies, and diminished independence of key privacy oversight bodies.
Its actions have caused uncertainty around privacy protections for both US businesses and their international partners. Across the world, this has led governments and other organizations to express concern about the security of data transfers to the US.
Businesses are concerned—and rightly so— with the security of their data and the need to comply with the laws of the countries in which they operate. They also know they must protect the data—and trust—of their valued customers. Fail to do that, and you can kiss your profits and reputation goodbye!
Businesses care about data sovereignty
Research from OVHcloud found that more than 75% of UK organizations see data sovereignty as an increasingly important aspect of their data management approach, with most considering it “crucial”.
“Having a robust data sovereignty strategy means that you know who controls your data, where it is, who has access to it, and which regulations it’s subject to,” said Matt Tebay, Multi-Cloud Evangelist at OVHcloud.
“Organizations are increasingly realising that it’s not simply a cost and regulatory burden, but can build better customer trust, enhance governance and provide a layer of security and transparency to customers.”
In this environment of uncertainty, and with change happening at breakneck speed, MSPs must integrate data sovereignty solutions to meet their clients’ requirements. They must also ensure their services comply with relevant rules and regulations across countries and regions.
Increased data sovereignty legislation
The European Union GDPR (General Data Protection Regulation, for those who have been living under a regulatory rock) may be the most famous data protection law, but it is far from the only one.
The new German Privacy Act (BDSG-new, or BDSG-neu if you want to sound like a local) restricts data transfers to third countries and businesses that process citizens’ personal information must meet data protection requirements, even if located outside Germany’s borders.
France has introduced its SecNumCloud certification scheme, and new legislation is expected. The situation in the US is—you guessed it— complex, with California implementing its own data legislation in the absence of stricter Federal legislation.
“This isn’t solely a Western trend, either,” states Nick Law, Head of Cloud Migration Factory at Atos. “In China, for example, public sector institutions must use a Chinese cloud provider to store their data. Vietnam, Russia and Indonesia all require their citizens’ data to be stored on servers within the country.”
Hyperscalers understand the need for data sovereignty
The global heavy hitters clearly understand the importance of data sovereignty, especially to European organizations that often face stricter levels of data regulation.
AWS European Sovereign Cloud is marketed as “a new, independent cloud for Europe, designed to help public sector organizations and customers in highly regulated industries meet their evolving sovereignty needs”. It claims to provide “the capability to meet stringent operational autonomy and data residency requirements” and is set to launch in Germany by the end of 2025.
Microsoft addresses concerns about European data sovereignty with its EU Data Boundary for the Microsoft Cloud. This solution allows its European commercial and public sector customers to store and process their customer data for Microsoft core cloud services within the EU and EFTA regions.
Google Sovereign Cloud offers a range of functions that allow clients to maintain data residency, operational oversight, and encryption management within specific geographic regions. It states that “these controls aim to ensure compliance with local data regulations and offer increased security for sensitive information”.
However, the rise of AI and the vast amount of data used in training and processing have complicated the data landscape further.
AI will increase the focus on data sovereignty
Research from Gartner found that by 2027, 70% of enterprises expect digital sovereignty to be a top factor when selecting public-cloud GenAI services.
“Specialty cloud providers will become an important consideration for many enterprise cloud architectures as organizations extend their cloud operations to cover diverse locations and use cases,” said Sid Nag, Vice President Analyst at Gartner.
“Digital sovereignty will drive the need to include cloud providers that can meet the evolving and unique requirements of sovereign operations, no matter the region they operate in.”
The MSP GLOBAL community is brilliant at working together to deliver cutting-edge digital transformation so how can it react to a shifting data sovereignty environment that has more twists that the 5km of rollercoasters at PortAventura Park (where our 2025 event will take place – scroll down to book your free place!)
MSPs, Take Action
Become a trusted advisor: Small- and medium-sized businesses in particular are looking for guidance on how to stay compliant. Use your understanding of your customer’s specific needs to provide relevant guidance and solutions.
Consider ESG: Data sovereignty impacts where data is processed and stored, potentially bringing local environmental and compliance regulations into play. Ensure your ESG audit trail is clear to avoid fines—or worse.
Explore the potential of AI: It may still be possible to move data within a region to optimise storage and manage costs. AI can be a powerful tool for identifying the best solution.
Get to grips with lifecycle management: Optimizations in this area will help clients reduce costs and risk. Improved information processing, retention, and removal will reduce the scale of data sovereignty challenges.
Keep an eye on the hyperscalers: The market-leading CSPs and other “big dogs” invest heavily to ensure data sovereignty compliance, and have insight into upcoming legislation. Follow their product pipelines to get a feel for what’s on the horizon in the data sovereignty space.
Register for MSP GLOBAL: Join your peers and the leaders who drive this industry in Barcelona to get the latest business intelligence, discover the latest solutions, and connect with the partners who will help keep you ahead of the data-sovereignty curve.
October 22-23, 2025 – 
PortAventura Theme Park (Barcelona), Spain