Unbiased analyst and consultancy agency Omdia has launched its market radar paper, exploring the sovereign cloud market and the way cloud service suppliers (CSPs) responded to the pattern.
The 2025 IT Enterprise Insights research analysed the highest 5 Western public cloud suppliers – AWS, Azure, Google, IBM, and Oracle – and found they make up 86% of the cloud market, with a presence in 33 international locations as of 2024. North America has 347 information centres, Europe 194, and China has simply three. Though cloud is accessible worldwide, the report reveals its infrastructure stays regional.
In line with Omdia’s analysis new codecs like edge cloud and sovereign cloud are on the rise, plus there’s a better give attention to environmental sustainability which, the corporate surmises, will see extra gamers enter the market.
CSPs all over the world are anticipated to witness elevated strain as China-based CSPs broaden globally. The market has advanced lately, with CSPs now broadening their strategy by offering further decisions to satisfy operational autonomy, information residency, and resiliency wants.
Omdia discovered that the EU is main in information safety and sovereign cloud initiatives, like Common Information Safety Regulation (GDPR) and Gaia-X. Areas just like the Center East are beginning to develop related rules, with initiatives together with the Saudi Imaginative and prescient 2030. 60 new information centres have been arrange within the Center East, highlighting how its native infrastructure is rising.
The expansion of genAI has prompted international locations to think about “sovereign AI,” developed and run inside nationwide borders, bringing information underneath native management. This creates challenges for CSPs that don’t supply native amenities, and a few are dropping out on enterprise potential enterprise that goes to locally-based information centres.
Omdia says it expects 2026/27 to be essential for AI improvement, with the concept of “sovereign generated information” turning into extra talked-about, with organisations needing to guard this AI-generated information from inner info requiring the identical ranges of safety as unique datasets. This raises complicated questions on digital possession within the AI period, the paper states.
Omdia have set suggestions for enterprises, service suppliers, and know-how distributors primarily based on its sovereign cloud mannequin. The latter highlights how the “attributes of a sovereign cloud will be utilized at six completely different ranges of sovereignty.”
For enterprises, Omdia’s advice is to grasp which components of the enterprise and information are topic to native rules, and develop an architectural strategy displaying how they are going to implement sovereign cloud capabilities of their IT programs.
Omdia recommends service suppliers develop partnerships with native organisations to obtain official approval ()or accreditation) from nationwide governments to have the ability to ship sovereign cloud options.
Expertise distributors are beneficial to analyze what’s required to satisfy native sovereignty rules. Omdia additionally suggests making functions extra modular, to allow them to be separated in accordance with native sovereignty guidelines.
Omdia’s sovereign cloud mannequin
To guage precisely the diploma of sovereignty in a cloud deployment, Omdia has proposed a six-level mannequin, one which corresponds to the rising ranges of management and compliance vital.
The mannequin displays how a rustic’s legal guidelines and rules handle information safety, processing, management, and privateness.
The six ranges are:
Information residency
Information should be saved within the nation, with legal guidelines mandating that sure varieties of information, like private or delicate info, can’t be hosted exterior nationwide borders.
Information processing
Information should be processed domestically by permitted entities following stringent privateness guidelines and consent, thus guaranteeing tighter management over who can deal with the info and the way.
Information privateness
Specializing in entry controls, if information is saved and processed domestically, it must be protected in opposition to unauthorised entry, notably from international authorities. One of many largest privateness challenges presently comes from the US CLOUD Act (Clarifying Lawful Abroad Use of Information Act) of 2018.
This permits authorities to demand entry to information that’s saved by US-based firms, even when the info is saved on international servers. Understandably, this raises a serious purple flag for these wanting to maintain their residents’ digital info non-public and underneath native jurisdiction.
Generated information entry and management
Omdia recommends sovereign frameworks ought to outline who has possession and management over generated information.
Cloud resiliency
Cloud resiliency ensures cloud providers usually are not depending on international infrastructure, serving to to scale back the chance of potential disruption exterior nationwide management, such financial or geopolitical upheavals.
Cloud as essential infrastructure/operational jurisdiction
Degree 6 suggests the cloud is handled like a nationwide utility, corresponding to power, water or telecommunications. This entails governments capable of regulate, audit, and oversee the cloud in its jurisdiction.
How CSPs are responding
Starting with a “sovereign-by-design” technique, which primarily builds cloud platforms with sovereignty in thoughts, CSPs have needed to evolve, shifting to a extra customised and versatile mannequin, one which aligns with particular regional rules. CSPs are responding to the rising demand for sovereign cloud with two predominant approaches.
The primary mannequin the corporate urges cloud suppliers to strategy is full isolation with region-specific choices. Main CSPs like AWS and Oracle are creating separate, remoted cloud environments in a rustic or area. These are then separated from the supplier’s cloud infrastructure and managed by native personnel, with out entry by international workers. The mannequin is designed to satisfy stringent compliance wants, like GDPR.
The second strategy comes within the type of a partnership mannequin, one thing CSPs like IBM and Huawei have embraced. On this mannequin, a neighborhood service supplier or nationwide telecom firm operates the cloud providers on behalf of the worldwide CSP. The companions then deploy and handle the CSP’s cloud stack within the nation, offering localised compliance. Information stays within the jurisdiction, permitting native workers to deal with operations.
Each fashions are a part of a wider pattern, as CSPs can now not supply one-size-fits-all cloud options underneath the rising raft of legal guidelines developed by nation states. Cloud suppliers are required to construct sovereign variants that permit clients to decide on the best degree of management, compliance, and privateness to satisfy their wants and people of native legal guidelines. In line with Omdia, “the optimum strategy stays depending on the person buyer.”
(Picture supply: “Clouds” by Kiwi Tom is licensed underneath CC BY 2.0.)
Wish to study extra about cybersecurity and the cloud from trade leaders? Try Cyber Safety & Cloud Expo going down in Amsterdam, California, and London.
Discover different upcoming enterprise know-how occasions and webinars powered by TechForge right here.
