Unbiased analyst and consultancy agency Omdia has launched its market radar paper, exploring the sovereign cloud market and the way cloud service suppliers (CSPs) responded to the development.
The 2025 IT Enterprise Insights research analysed the highest 5 Western public cloud suppliers – AWS, Azure, Google, IBM, and Oracle – and found they make up 86% of the cloud market, with a presence in 33 nations as of 2024. North America has 347 knowledge centres, Europe 194, and China has simply three. Though cloud is accessible worldwide, the report reveals its infrastructure stays regional.
Based on Omdia’s analysis new codecs like edge cloud and sovereign cloud are on the rise, plus there’s a better give attention to environmental sustainability which, the corporate surmises, will see extra gamers enter the market.
CSPs around the globe are anticipated to witness elevated strain as China-based CSPs increase globally. The market has advanced lately, with CSPs now broadening their strategy by offering further decisions to satisfy operational autonomy, knowledge residency, and resiliency wants.
Omdia discovered that the EU is main in knowledge safety and sovereign cloud initiatives, like Normal Knowledge Safety Regulation (GDPR) and Gaia-X. Areas just like the Center East are beginning to develop comparable rules, with initiatives together with the Saudi Imaginative and prescient 2030. 60 new knowledge centres have been arrange within the Center East, highlighting how its native infrastructure is rising.
The expansion of genAI has prompted nations to contemplate “sovereign AI,” developed and run inside nationwide borders, bringing knowledge beneath native management. This creates challenges for CSPs that don’t provide native amenities, and a few are shedding out on enterprise potential enterprise that goes to locally-based knowledge centres.
Omdia says it expects 2026/27 to be vital for AI growth, with the concept of “sovereign generated knowledge” turning into extra talked-about, with organisations needing to guard this AI-generated knowledge from inside data requiring the identical ranges of safety as unique datasets. This raises complicated questions on digital possession within the AI period, the paper states.
Omdia have set suggestions for enterprises, service suppliers, and expertise distributors primarily based on its sovereign cloud mannequin. The latter highlights how the “attributes of a sovereign cloud may be utilized at six completely different ranges of sovereignty.”
For enterprises, Omdia’s suggestion is to know which components of the enterprise and knowledge are topic to native rules, and develop an architectural strategy exhibiting how they are going to implement sovereign cloud capabilities of their IT methods.
Omdia recommends service suppliers develop partnerships with native organisations to obtain official approval ()or accreditation) from nationwide governments to have the ability to ship sovereign cloud options.
Expertise distributors are beneficial to research what’s required to satisfy native sovereignty rules. Omdia additionally suggests making purposes extra modular, to allow them to be separated in accordance with native sovereignty guidelines.
Omdia’s sovereign cloud mannequin
To guage precisely the diploma of sovereignty in a cloud deployment, Omdia has proposed a six-level mannequin, one which corresponds to the rising ranges of management and compliance vital.
The mannequin displays how a rustic’s legal guidelines and rules tackle knowledge safety, processing, management, and privateness.
The six ranges are:
Knowledge residency
Knowledge have to be saved within the nation, with legal guidelines mandating that sure kinds of knowledge, like private or delicate data, can’t be hosted exterior nationwide borders.
Knowledge processing
Knowledge have to be processed domestically by accredited entities following stringent privateness guidelines and consent, thus guaranteeing tighter management over who can deal with the info and the way.
Knowledge privateness
Specializing in entry controls, if knowledge is saved and processed domestically, it must be protected towards unauthorised entry, significantly from overseas authorities. One of many greatest privateness challenges at the moment comes from the US CLOUD Act (Clarifying Lawful Abroad Use of Knowledge Act) of 2018.
This permits authorities to demand entry to knowledge that’s saved by US-based firms, even when the info is saved on overseas servers. Understandably, this raises a serious crimson flag for these wanting to maintain their residents’ digital data personal and beneath native jurisdiction.
Generated knowledge entry and management
Omdia recommends sovereign frameworks ought to outline who has possession and management over generated knowledge.
Cloud resiliency
Cloud resiliency ensures cloud companies aren’t depending on overseas infrastructure, serving to to cut back the chance of potential disruption exterior nationwide management, such financial or geopolitical upheavals.
Cloud as vital infrastructure/operational jurisdiction
Degree 6 suggests the cloud is handled like a nationwide utility, corresponding to power, water or telecommunications. This entails governments capable of regulate, audit, and oversee the cloud in its jurisdiction.
How CSPs are responding
Starting with a “sovereign-by-design” technique, which basically builds cloud platforms with sovereignty in thoughts, CSPs have needed to evolve, shifting to a extra customised and versatile mannequin, one which aligns with particular regional rules. CSPs are responding to the rising demand for sovereign cloud with two major approaches.
The primary mannequin the corporate urges cloud suppliers to strategy is full isolation with region-specific choices. Main CSPs like AWS and Oracle are creating separate, remoted cloud environments in a rustic or area. These are then separated from the supplier’s cloud infrastructure and managed by native personnel, with out entry by overseas employees. The mannequin is designed to satisfy stringent compliance wants, like GDPR.
The second strategy comes within the type of a partnership mannequin, one thing CSPs like IBM and Huawei have embraced. On this mannequin, a neighborhood service supplier or nationwide telecom firm operates the cloud companies on behalf of the worldwide CSP. The companions then deploy and handle the CSP’s cloud stack within the nation, offering localised compliance. Knowledge stays within the jurisdiction, permitting native employees to deal with operations.
Each fashions are a part of a wider development, as CSPs can now not provide one-size-fits-all cloud options beneath the rising raft of legal guidelines developed by nation states. Cloud suppliers are required to construct sovereign variants that permit prospects to decide on the suitable stage of management, compliance, and privateness to satisfy their wants and people of native legal guidelines. Based on Omdia, “the optimum strategy stays depending on the person buyer.”
(Picture supply: “Clouds” by Kiwi Tom is licensed beneath CC BY 2.0.)
Need to study extra about cybersecurity and the cloud from trade leaders? Take a look at Cyber Safety & Cloud Expo happening in Amsterdam, California, and London.
Discover different upcoming enterprise expertise occasions and webinars powered by TechForge right here.