SaaS data protection platform provider Keepit has recently published its Data Sovereignty: Take Control of Your Data report, highlighting the growing importance of data sovereignty amid rising geopolitical tensions, hyperscaler dominance, and evolving regulations in today’s cloud environment.
Sovereignty in understanding one’s own infrastructure
Tailored for CEOs, CIOs, CISOs, COOs, and board members, the report offers a clear view of what data sovereignty looks like in real-world operations and outlines actionable steps organizations can take to safeguard their data in increasingly unpredictable conditions.
“Around the world, leaders face a difficult balancing act: enabling innovation while protecting the organization from political, operational, and compliance risks,” said Keepit CISO Kim Larsen in an accompanying commentary with the report.
“Many companies believe that keeping data in-region is enough. Increasingly, it’s not. True sovereignty requires understanding who owns the infrastructure that stores your data and whether foreign jurisdictions can compel access.”
Hyperscaler dominance and systemic risk
One of the report’s most significant findings is the “hyperscaler monoculture” shaping today’s cloud landscape. According to the research, 97 percent of global cloud infrastructure is concentrated among just a handful of providers.
Keepit argues that this consolidation creates systemic risk, where outages or misconfigurations can rapidly cascade across SaaS, identity, and backup platforms.
In particular, U.S. and Chinese hyperscalers dominate the market: AWS, Microsoft, Google Cloud, IBM, and Oracle collectively hold 83 percent, while Huawei, Alibaba, and Tencent account for another 13 percent.
Politics, legislation as defining factors
Politics and control were another central theme from the report, emphasizing legislation such as the US’ Clarifying Lawful Overseas Use of Data Act (CLOUD Act) and the EU’s landmark Schrems II ruling mandating conflicting access rules.
The CLOUD Act can compel access to data, even if it resides in foreign datacenters. Meanwhile, the Schrems II ruling invalidated the EU-US Privacy Shield framework, in part because it was found that US laws impeded the protection of personal data and violated the GDPR.
According to Keepit, the shifting regulations underscore the need for security teams to defend information that may be legally accessible to foreign jurisdictions — even when stored in-region.
“Laws like the CLOUD Act and rulings such as Schrems II have shown how quickly established frameworks can shift. At the same time, hybrid warfare and supply chain vulnerabilities continue to expose weaknesses in global digital infrastructure. This report helps leaders navigate that landscape with clarity and confidence,” Larsen said.
Other notable findings include the rise of APT activity targeting cloud identity providers; SaaS backups relying on the same hyperscalers as production, making recovery difficult in the event of an outage or breach; and regulators raising expectations for data resilience through requirements for independence and provable control.
Eight trends to monitor in digital sovereignty
The study also outlines eight trends expected to shape how organizations build and protect their digital infrastructure in the near future:
- Sovereign cloud or localized (on-prem) infrastructure
- Tightening of regulations and legal frameworks
- Supply chain and hardware sovereignty
- Data sovereignty and memory or cognitive sovereignty
- Geopolitical fragmentation or blocs
- Stronger demand for ethics, trust, and transparency amid public pressure
- Decentralization, edge AI, and self-sovereign identity
- Environmental energy and sustainability constraints
Alongside these trends, Keepit recommends practical steps for strengthening digital sovereignty and data resilience.
These include elevating sovereignty as a core business priority, defining clear sovereignty requirements, partnering with trusted providers, and regularly auditing and reporting on data governance, among others.
Earlier this year, Keepit also published a report on data governance and its increased importance in the age of AI. Read more about its findings and how organizations can remain compliant amid accelerating AI adoption.