Unbiased analyst and consultancy agency Omdia has launched its market radar paper, exploring the sovereign cloud market and the way cloud service suppliers (CSPs) responded to the pattern.
The 2025 IT Enterprise Insights research analysed the highest 5 Western public cloud suppliers – AWS, Azure, Google, IBM, and Oracle – and found they make up 86% of the cloud market, with a presence in 33 international locations as of 2024. North America has 347 knowledge centres, Europe 194, and China has simply three. Though cloud is accessible worldwide, the report reveals its infrastructure stays regional.
In line with Omdia’s analysis new codecs like edge cloud and sovereign cloud are on the rise, plus there’s the next concentrate on environmental sustainability which, the corporate surmises, will see extra gamers enter the market.
CSPs all over the world are anticipated to witness elevated strain as China-based CSPs broaden globally. The market has developed lately, with CSPs now broadening their method by offering extra decisions to satisfy operational autonomy, knowledge residency, and resiliency wants.
Omdia discovered that the EU is main in knowledge safety and sovereign cloud initiatives, like Basic Information Safety Regulation (GDPR) and Gaia-X. Areas just like the Center East are beginning to develop comparable laws, with initiatives together with the Saudi Imaginative and prescient 2030. 60 new knowledge centres have been arrange within the Center East, highlighting how its native infrastructure is rising.
The expansion of genAI has prompted international locations to think about “sovereign AI,” developed and run inside nationwide borders, bringing knowledge beneath native management. This creates challenges for CSPs that don’t provide native amenities, and a few are dropping out on enterprise potential enterprise that goes to locally-based knowledge centres.
Omdia says it expects 2026/27 to be necessary for AI improvement, with the thought of “sovereign generated knowledge” changing into extra talked-about, with organisations needing to guard this AI-generated knowledge from inside info requiring the identical ranges of safety as unique datasets. This raises advanced questions on digital possession within the AI period, the paper states.
Omdia have set suggestions for enterprises, service suppliers, and expertise distributors based mostly on its sovereign cloud mannequin. The latter highlights how the “attributes of a sovereign cloud will be utilized at six completely different ranges of sovereignty.”
For enterprises, Omdia’s suggestion is to grasp which components of the enterprise and knowledge are topic to native laws, and develop an architectural method exhibiting how they are going to implement sovereign cloud capabilities of their IT techniques.
Omdia recommends service suppliers develop partnerships with native organisations to obtain official approval ()or accreditation) from nationwide governments to have the ability to ship sovereign cloud options.
Know-how distributors are really helpful to research what’s required to satisfy native sovereignty laws. Omdia additionally suggests making functions extra modular, to allow them to be separated in accordance with native sovereignty guidelines.
Omdia’s sovereign cloud mannequin
To guage precisely the diploma of sovereignty in a cloud deployment, Omdia has proposed a six-level mannequin, one which corresponds to the growing ranges of management and compliance needed.
The mannequin displays how a rustic’s legal guidelines and laws handle knowledge safety, processing, management, and privateness.
The six ranges are:
Information residency
Information have to be saved within the nation, with legal guidelines mandating that sure forms of knowledge, like private or delicate info, can’t be hosted exterior nationwide borders.
Information processing
Information have to be processed domestically by accredited entities following stringent privateness guidelines and consent, thus making certain tighter management over who can deal with the information and the way.
Information privateness
Specializing in entry controls, if knowledge is saved and processed domestically, it must be protected in opposition to unauthorised entry, notably from international authorities. One of many greatest privateness challenges presently comes from the US CLOUD Act (Clarifying Lawful Abroad Use of Information Act) of 2018.
This permits authorities to demand entry to knowledge that’s saved by US-based firms, even when the information is saved on international servers. Understandably, this raises a significant purple flag for these wanting to maintain their residents’ digital info personal and beneath native jurisdiction.
Generated knowledge entry and management
Omdia recommends sovereign frameworks ought to outline who has possession and management over generated knowledge.
Cloud resiliency
Cloud resiliency ensures cloud providers aren’t depending on international infrastructure, serving to to scale back the danger of potential disruption exterior nationwide management, such financial or geopolitical upheavals.
Cloud as necessary infrastructure/operational jurisdiction
Degree 6 suggests the cloud is handled like a nationwide utility, corresponding to power, water or telecommunications. This entails governments in a position to regulate, audit, and oversee the cloud in its jurisdiction.
How CSPs are responding
Starting with a “sovereign-by-design” technique, which basically builds cloud platforms with sovereignty in thoughts, CSPs have needed to evolve, shifting to a extra customised and versatile mannequin, one which aligns with particular regional laws. CSPs are responding to the rising demand for sovereign cloud with two fundamental approaches.
The primary mannequin the corporate urges cloud suppliers to method is full isolation with region-specific choices. Main CSPs like AWS and Oracle are creating separate, remoted cloud environments in a rustic or area. These are then separated from the supplier’s cloud infrastructure and managed by native personnel, with out entry by international workers. The mannequin is designed to satisfy stringent compliance wants, like GDPR.
The second method comes within the type of a partnership mannequin, one thing CSPs like IBM and Huawei have embraced. On this mannequin, an area service supplier or nationwide telecom firm operates the cloud providers on behalf of the worldwide CSP. The companions then deploy and handle the CSP’s cloud stack within the nation, offering localised compliance. Information stays within the jurisdiction, permitting native workers to deal with operations.
Each fashions are a part of a wider pattern, as CSPs can not provide one-size-fits-all cloud options beneath the growing raft of legal guidelines developed by nation states. Cloud suppliers are required to construct sovereign variants that permit prospects to decide on the suitable stage of management, compliance, and privateness to satisfy their wants and people of native legal guidelines. In line with Omdia, “the optimum method stays depending on the person buyer.”
(Picture supply: “Clouds” by Kiwi Tom is licensed beneath CC BY 2.0.)
Wish to study extra about cybersecurity and the cloud from trade leaders? Take a look at Cyber Safety & Cloud Expo going down in Amsterdam, California, and London.
Discover different upcoming enterprise expertise occasions and webinars powered by TechForge right here.
