Awareness of data sovereignty is increasing within organizations. Geo-political situations and recent news stories are causing many to formally evaluate their data management strategies and policies.
This means that organizations are also looking at the tools and platforms they use to run and maintain key IT infrastructure and undertake tasks such as monitoring and management. SaaS and cloud first/only tooling can often present data sovereignty challenges and complications. Increasingly, many cloud and SaaS options are offering on-premises alternatives that organizations are leveraging to assure their sovereignty goals.
What is Data Sovereignty?
Data sovereignty means that the data collected is subject to the laws of the country where it is stored. The legal jurisdiction of data sovereignty enforcement is the government and authorities of country where the data physically resides. For example, if data is collected in Germany, German laws apply—even if organization collecting the data is a U.S. company. Sovereignty regulations may mandate that certain types of data must not leave the geographical extent of the country or must not be shared with 3rd parties.
What is Data Sovereignty vs Data Residency vs Data Localization?
Data Sovereignty is closely associated with the distinct concepts of Data Residency and Data Localization.
Data Residency refers to the geographic location of the storage where an organization keeps data. Organizations choose to store data in a specific locations for reasons such as performance, compliance, or client preference. Sometimes this decision is made as a consequence of choosing a specific tool or product that by default is tied to storing data in specific locations or clouds. Once a data location has been established the data is often then also subject to sovereignty legislation of the country in which it is located.
Data Localization refers to laws that require data to be stored and processed within national borders. In some countries governments mandate in-country storage, particularly for certain types of data such as healthcare or financial information, i.e. a healthcare provider operating in Russia must keep and process patient records within Russia.
Data Sovereignty – Examples and Complexities
Several high-profile discussions around data sovereignty have highlighted the complexities and nuances that organizations face even when adopting mainstream products and cloud services such as Microsoft 365. If formulating a data sovereignty strategy it is worth familiarizing yourself with some of these well-known cases that highlight corner-cases and complexities you may need to consider.
Example: Data Sovereignty – Microsoft and UK Scottish Police Data
In 2024 it was widely reported that Microsoft were unable to guarantee the sovereignty of UK policing data hosted on its hyperscale public cloud infrastructure. Microsoft admitted that they were unable to guarantee that data uploaded to a key Police Scotland IT system would remain in the UK as required by law. Details of the case are covered, here: Microsoft admits no guarantee of sovereignty for UK policing data | Computer Weekly.
Specific details of the limitations and challenges around sovereignty were published by the Scottish Police Authority, see: Response | Scottish Police Authority. Notably, Microsoft confirmed that they could not adhere to the sovereignty requirements for data held in M365, the flagship office productivity suite. Other key points of interest, include:
- The concepts of “data at rest” and “storage at rest”, whilst Microsoft could commit to data sometimes being kept within the UK this excluded certain processing for which data would be moved potentially to offshore geographies
- Support services are often located in offshore geographies and may require data to be moved
- Backup and failover locations need consideration
Example: Data Sovereignty and the US CLOUD Act
The U.S. Clarifying Lawful Overseas Use of Data Act (CLOUD Act) was passed in 2018. It gives U.S. law enforcement authorities the power to request data stored by most major cloud providers, even if it is outside the United States.
Theoretically this means that USA based cloud companies could be mandated to release data which is subject to local data sovereignty regulation. Although yet to be tested this possibility is fueling a rise in concerns over the use of hyperscale providers.
Headlines such as: Microsoft admits it would have to let Trump spy on EU data if demanded | TechRadar and Europeans seek ‘digital sovereignty’ as US tech firms embrace Trump | Reuters are now common and fueling concerns, especially in Europe.
Example: Denmark and Others Plan to Replace Microsoft Over Data Sovereignty Concerns
In June 2025 it was widely reported that Denmark intends to migrate Danish government employees from the Windows 365 office productivity suite and products to an alternative, with data sovereignty being quoted as the principal driver, see Denmark’s Government Ditches Microsoft for Open Source – OMG! Ubuntu, the coverage around these reports included similar projects elsewhere in Europe, see: Denmark, Now Germany: Is the Public Sector Migrating Away from the Microsoft Suite? – UC Today.
Example: Data Sovereignty and the AWS European Sovereign Cloud
Particularly in Europe shifting geo-political situations and the dominance of USA owned hyperscale clouds has prompted concerns over cloud usage, with many organizations retaining on-premises systems to ensure compliance and control. AWS recognizing these concerns are in the process of defining and launching the AWS European Sovereign Cloud to satisfy EU regulators and governments.
Aiming to launch within 2025 the AWS European Sovereign Cloud aims to address no only data localization considerations but also the organizational governance structures problematic with international hyperscaled providers. Read more: Built, operated, controlled, and secured in Europe: AWS unveils new sovereign controls and governance structure for the AWS European Sovereign Cloud. Whilst AWS already offers certain on-prem and data localization mechanisms (such as “Dedicated Local Zones”), the European Sovereign Cloud is being architected to address data sovereignty issues that persist in existing models.
eG Enterprise – Architected for Data Sovereignty
At eG Innovations we have taken a neutral approach to cloud deployment and aim for feature parity no matter how you choose to deploy the product. The eG Enterprise platform is available for deployment on-premises, in a cloud of your choosing or as fully turnkey SaaS in a number of cloud regions. This flexibility offers our customers choices to ensure they comply to the sovereignty and localization regulations they need to comply with.
eG Enterprise is also fully functional in air-gapped environments with no external access and implements a wealth of data protection features including AES 256 encryption. Customers can also host and operate the observability solution by themselves and in some cases, we support such customers with no access to even view their deployment.
eG Enterprise supports over 650+ technologies spanning the hybrid on-prem and cloud infrastructures that those vigilant about sovereignty increasingly choose to adopt. Designed to expect hybrid architectures and audit processes, eG Enterprise is already widely deployed in heavily regulated sectors (including finance and government) and in geographies where data sovereignty concerns are high (particularly Europe).
Our failover mechanisms and support structures are also well tested for ensuring data sovereignty for governmental customers and similar. If you are struggling with the sovereignty and/or localization implications of SaaS-only or cloud-first monitoring tools, please do consider trying eG Enterprise as an enterprise ready alternative.
eG Enterprise is an Observability solution for Modern IT. Monitor digital workspaces,
web applications, SaaS services, cloud and containers from a single pane of glass.
Learn More
- Read more about cloud repatriation trends and how organizations are moving workloads back on-premises, often driven by sovereignty or localization concerns, see: On-premises, Cloud First or Cloud Repatriation – What’s the Trend? Which is Best? | eG Innovations and From Cloud Adoption to Reversal: Navigating the Hybrid Cloud Advantages Adventure | eG Innovations
- Data sovereignty is also driving cloud exit strategies, learn more : The Importance of a Cloud Exit Strategy: What It Is, Who Needs It, and How to Plan It | eG Innovations
- The heightened awareness of data sovereignty and localization considerations is helping many of our MSP customers grow their businesses by offering alternatives to global hyperscaler vendors, learn more: How MSPs can Capitalize on the Rush to Localize IT Services
Rachel has worked as developer, product manager and marketing manager at Cloud, EUC, application and hardware vendors such as Citrix, IBM, NVIDIA and Siemens PLM. Rachel now works on technical content and engineering and partner liaison for eG Enterprise 
