/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us/dq/media/media_files/2025/08/15/kunal-2025-08-15-12-18-35.png)
Cloud sovereignty isn’t just a buzzword anymore. It’s a real concern for businesses across the world.
Kunal Kushwaha, Field CTO, Civo told Dataquest that latest Civo research in the UK found that 84 percent of IT leaders are worried about geopolitical risks to their data. Even more interesting, 68 percent want full ownership of their data when it comes to AI.
This isn’t just a UK thing, he explained. “In Europe, we’re seeing a clear pushback against the dominance of big cloud providers through projects like EuroStack. Over in India, the momentum is strong too. New data protection laws and the RBI’s plan to launch its own sovereign cloud show how serious the country is about taking control of its data.”
It is worth noting here that the RBI’s announcement is a big deal. “Their upcoming sovereign cloud, set for 2025, will offer affordable cloud services to financial institutions and make sure all data stays within the country. On top of that, India’s Digital Personal Data Protection Act from 2023 has strict rules about where data can go. The draft rules released in early 2025 give the government a lot more power over cross-border data movement.” Kushwaha reasoned.
Many recent examples show that even when intention is there, the business model and geopolitical pressures cannot assure real sovereignty. In June 2025, Microsoft France told the French Senate that they couldn’t guarantee French citizen data wouldn’t be sent to the US, even without the French government agreeing to it. “Laws like the US CLOUD Act and FISA 702 allow the US government to demand data from any US-based company, no matter where the data is kept. That means a US hyperscaler would need to give access to any data stored on their servers in India. So storing your data locally doesn’t protect you if your provider still answers to foreign laws.” Kushwaha cautions.
Addressing the big question on ‘sovereignty washing’, he explained why people are calling out big cloud providers like Microsoft, AWS, and Google. “They talk a lot about digital sovereignty, but they’re still US companies. US laws still apply. Real data sovereignty means full legal and operational control. It’s not just about storing data in a certain location. You need jurisdictional separation and customer-controlled encryption keys. Without that, the sovereignty claims don’t mean much.”
Cloud decisions aren’t just about tech specs or pricing anymore, he pointed out. “Sure, cost, performance, and security still matter, but now geopolitics is right there in the mix too. Businesses have to think about all of it together. That’s just the reality now. With Trump’s new tariffs, shifting regulations, and all the legal risks tied to foreign jurisdictions, cloud has become way more than just a budget or tech decision. It’s now a business risk decision too.”
Notably, and understandably then, the global sovereign cloud market was around 96 billion dollars in 2024. By 2033, it's expected to hit nearly 649 billion.
(To read the complete interview, check out the September issue of Dataquest).