Blog post

Sovereign Digital (and Data) Strategy Home Base

By Andrew White | November 06, 2022 | 0 Comments

Sovereign Digital StrategySovereign Data StrategyData-DrivenData StrategyData Sovereigntydata sharingData SecurityData PrivacyData OwnershipCloud Infrastructure

Where is all this water coming from?

There are three kinds of organizations, and the following graphic is a great way to explore these as it pertains to geopolitical risk and sovereign digital strategies:


  1. There are many organizations that spot one small hole.  They have noticed a discrete policy issues by some government agency and they react to it.  This could be the quintessential, “we need to comply with GDPR”.    Or perhaps you do business in Asia, and you have seen a Chinese regulation about data sharing that might concern your IP.
  2. A growing number of organizations have looked up and they can see several holes.  They have noticed that there are several policies that have popped up.  Several different initiatives and investments have been kicked off.  All is well though, since “we seem to be coping with the level of water coming through”.
  3. Very few organizations have looked up, left and right, and they see many holes.  They see water on the floor around them.  The have concluded that not only is there a reservoir behind the wall but there could also be tsunami.  As such they are taking a coordinated approach across the entire company.  This could include the CEOs office, strategy, business model, finance and accounting, COO, CIO, core business systems, ERP, IP, data, and technology (such as cloud).

From water to data and dots

Geopolitical risk has led to the idea of sovereign digital strategies.  An organization in the first two stages sees only disconnected policies and reacts accordingly.  If you sit in the third category you assume something else is afoot.  Maybe there is a united, organized plan in place behind the scenes.  Even if there is no unitary plan, it is productive to assume there is one.  That is because our response changes.  If you do not, your own response might be like the organizations in category 1.  Far better it is to be in category 2 and ready for 3, just in case.

Each of these represent a distinct policy that explains how data about something can be stored, accessed, processed, shared, analyzed, or otherwise used.   Today we can watch all these policies in the news.  And many of those firms are reacting to each policy one at a time.  The concept behind sovereign data strategies is that we could assume that there is an organized process behind the scenes pulling these threads together for the benefit of the sovereign state.  As you can imagine, in some states this is quite possible, as with the case with the EU.  With other states, we might never know, such as with China.

My original research is published here (see Trends 2023: Rise and Risks From EU, U.S., China and Other Sovereign Data Strategies and Policies) and this note was covered in the press here (see Computer Weekly’s The rise and risks of sovereign data strategies).  The core material was presented at our Data and Analytics conference series in 2023 and our global IT Symposium series 2023.  Some recent press coverage while in Sydney, Australia: The market (and other) forces behind the rise of sovereign cloud.

Connecting the dots

You have to be careful with this stuff.  Data sovereignty is not the same as sovereign data strategy.  Data sovereignty basically refers to regulations concerning where data is stored.  As you parse the tea leaves and read the research, storage is but one dimension of sovereign data strategies.  There are many others.  If you add compute to storage, and focus on infrastructure, you get the cute phrase, “sovereign cloud”.  But that might not include the data itself, or the applications that run on the infrastructure.  It won’t likely include data sharing and all aspects of data access.  Even “applications” can be abused: does that include analytics, BI and AI?

Since this is a fast-moving space, I thought I would put a page up and update it with news and advice that emerge every day.  This is that page.  I can’t promise that this is everything you need to know; but I can try to keep it up to date.  Hopefully, it proves useful.  I organize the notes, press clippings and advice around the silod or segmented policy categories.  This will never be complete, or entirely up to date.  But I will do my best when I get a free moment to update the list.

This list tries to connect you to all the discrete teams and angles that we are researching.  Unknown by me at the time, several other analysts were looking at this topic from a top-down or geopolitical angle.  As such they really started this work before I did and the name they chose to use was “sovereign digital strategy”.  As such, the element I look at, sovereign data strategy, sits in that wider context.

Gartner research is marked with an, ‘*’.

From sovereign data, to sovereign digital, strategy
Corporate and Organizational Structure
Cloud Infrastructure (storage, compute, edge)
Cloud Applications (business applications, application development/Software Engineering, Analytics and BI etc.)
Data Privacy/Protection
Data (and analytics) Governance
Data Security
Data Storage (what is generally referred to as data sovereignty)
Data Sharing
AI Explainability

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed