As global tensions continue to rise and cloud adoption accelerates, digital sovereignty has become a board-level topic. Tech execs must now modernize infrastructure, protect autonomy, ensure compliance, and manage geopolitical risk at the same time. As we outlined in a recent report, 2025 showed a clear trend: Digital sovereignty is reshaping public cloud strategy across all major regions and industries. Tech execs who delay may face growing operational and regulatory challenges.

Why Digital Sovereignty Matters Now

Organizations depend heavily on providers that often operate under foreign jurisdictions. New regulations such as NIS2, DORA, and national data sovereignty laws increase scrutiny over where data is stored, who controls it, and how resilient it is during disruption.

Meanwhile, sovereignty is no longer limited to governments or regulated industries. It now influences cloud decisions in healthcare, manufacturing, energy, education, finance, and more. Tech execs must reassess long‑held assumptions and find the right balance between innovation and control.

Four forces are driving the shift:

  • Sovereign‑ready cloud strategies are expanding. Regulated industries once led sovereignty‑driven decisions. Today, many nonregulated sectors follow. Tech leaders across Europe, APAC, and North America now select cloud vendors based on sovereignty requirements, as well. They also evaluate factors such as: 1) sovereign cloud regions; 2) data‑boundary commitments; and 3) local operational controls.
  • Private cloud supports stronger control. Many tech leaders run sensitive workloads on internal private cloud platforms. This approach increases control, reduces exposure to foreign jurisdictions, and protects critical workloads. Despite rising concerns, however, there is no major shift toward repatriating existing public cloud applications. Migration is expensive, and regulations rarely require it. For this reason, hybrid cloud models remain the preferred choice.
  • Multicloud is becoming compliance‑driven. Multicloud adoption is evolving. It is no longer only about reducing vendor lock‑in or choosing best‑of‑breed services. It is also driven by compliance needs. Nearly half of cloud leaders expect sovereignty requirements to increase the number of providers they use. New sovereign regions from hyperscalers and stronger local provider offerings are accelerating this trend.
  • Government momentum is accelerating the shift. Meanwhile, governments worldwide plan to increase investments in digital sovereignty over the next year. Although investment levels vary, the direction is clear: Digital sovereignty is becoming a national resilience priority. Enterprises should expect: 1) stricter regulations; 2) deeper compliance audits; and 3) greater expectations for sovereign cloud governance.

The New Imperative: Minimum Viable Sovereignty

A balanced pragmatic approach — which we call minimum viable sovereignty — helps organizations reduce risk without overengineering solutions. It avoids unnecessary complexity and focuses on essential protections. To achieve this, tech execs should: 1) identify workloads requiring sovereign controls; 2) select cloud providers with enforceable sovereignty commitments; 3) combine sovereign public cloud, private cloud, and trusted local providers; 4) prepare for geopolitical and jurisdictional risk scenarios; and 5) integrate sovereignty into enterprise risk management programs.

Hyperscalers are rapidly expanding their sovereign capabilities, while local providers are strengthening their own value offerings. Tech execs who adapt early will gain the most flexibility and resilience.

Start Your Sovereignty Journey Today

Digital sovereignty is now central to cloud modernization and enterprise resilience. Tech execs have a unique opportunity to shape secure, compliant, and geopolitically resilient cloud strategies for the decade ahead. Begin by: 1) assessing sovereignty exposure; 2) identifying critical workloads requiring protection; 3) engaging vendors on sovereignty guarantees; and 4) designing a roadmap for minimum viable sovereignty.

Reach out to Forrester and schedule a guidance session or an inquiry to help guide your sovereign cloud strategy and dig deeper into the broader concept of digital sovereignty.