A few months ago I published a note that attempts to weave together what otherwise might be looked at as distinct threads and themes. I used the term, “sovereign data strategy” to denote the idea that notable sovereign states had a legitimate person or team working behind the scenes. The distinct themes touch on all the ways in which companies, consumers, and governments use data. You would know this if I called out the following:
Each of these represent a distinct policy that explains how data about something can be stored, accessed, processed, shared, analyzed or otherwise used. Today we can watch all these policies in the news. And many of those firms are reacting to each policy one at a time. The concept behind sovereign data strategies is that we could assume that there is an organized process behind the scenes pulling these threads together for the benefit of the sovereign state. As you can imagine, in some states this is quite possible, as with the case with the EU. With other states, we might never know, such as with China.
Connecting the Dots
The original research is published here (see Trends 2023: Rise and Risks From EU, U.S., China and Other Sovereign Data Strategies and Policies) and this note was covered in the press here (see Computer Weekly’s The rise and risks of sovereign data strategies). The core material was presented at our Data and Analytics conference series in 2023 and also our global IT Symposium series 2023. Some recent press coverage while in Sydney, Australia: The market (and other) forces behind the rise of sovereign cloud.
You have to be careful with this stuff. Data sovereignty is not the same as sovereign data strategy. Data sovereignty basically refers to regulations concerning where data is stored. As you parse the tea leaves and read the research, storage is but one dimension of sovereign data strategies. There are many others. If you add compute to storage, and focus on infrastructure, you get the cute phrase, “sovereign cloud”. But that might not include the data itself, or the applications that run on the infrastructure. It won’t likely include data sharing and all aspects of data access. Even “applications” can be abused: does that include analytics, BI and AI?
Since this is a fast moving space, I thought I would put a page up and update it with news and advice that emerge every day. This is that page. I can’t promise that this is everything you need to know; but I can try to keep it up to date. Hopefully it proves useful. I organize the notes, press clippings and advice around the silod or segmented policy categories. This will never be complete, or entirely up to date. But I will do my best when I get a free moment to update the list.
Overall Sovereign Data Strategies and Mitigating Practices
- Gartner: Trends 2023: Rise and Risks From EU, U.S., China and Other Sovereign Data Strategies and Policies, September, 2022
- Gartner: 5 Steps for Dynamic Management of Globalization Risks in Uncertain Times, April 2022
- Gartner: Mitigate Geopolitical Risks With Architectural Composability, April 2022
- Gartner: How Can CIOs of Multinationals Manage Digital Sovereign Risk?, March 2022
- Gartner: Choose the Optimal Corporate Structure to Drive Digital Reglobalization in a New Market, February, 2022
- Gartner: Quick Answer: How Do I Get Started With Connected Governance?, December 2021
- Digital Nation (Press, Australia): The market (and other) forces behind the rise of sovereign cloud
- Gartner: Connected Governance Orchestrates Complex Cross-Enterprise Decisions, November 2021
Cloud Infrastructure (storage, compute, edge)
- Gartner: Mapping the Sovereign Cloud Opportunity for CSPs in Europe, June 2022
- Gartner: Quick Answer: How Can Hyperscale Cloud Providers Address the Growing Dilemma of Cloud Sovereignty?, May, 2022
- Gartner: Multinational Operations Can Mitigate a Market Exit With Edge Computing, May 2022
- Gartner: What Are the Different Provider Approaches to ‘Sovereign Cloud’ Demands?, April, 2022
Cloud Applications (business applications, application development/Software Engineering, Analytics and BI etc.)
- Gartner: Mitigate Geopolitical Risks With Architectural Composability, April, 2022
Data Privacy/Protection
- Gartner: Infographic: How CIOs Are Adapting Operations to Expanding Digital Regulations Globally, November, 2022
- Gartner: EU State of Privacy — The European Union, August, 2022
- Gartner: What You Need to Know About China’s Cybersecurity Protection Classification Framework July 2021
- Wall Street Journal (US): State versus Federal efforts at Data Privacy, July, 2022
- Gartner: Top Trends in Privacy Driving Your Business Through 2024, May, 2022
- Gartner: State of Privacy — China, March, 2022
- EU Data Protection Guidelines
- US Federal Data Privacy
Data Governance
- Gartner: Quick Answer: How Should Chinese Enterprises Better Deliver Data Monetization Regarding “20 Data Measures”?, January, 2023
Data Security
- Gartner: Tool: What Security Regulatory Requirements in China Should You Care About? February, 2023 NEW
- Gartner: Quick Answer: How Do Other Organizations Deploy Data and Analytics Security Governance in the Cloud?, March, 2022
- Gartner: Still a Moving Target — What to Do With the Chinese Data Security Law, February, 2022
Data Storage
- Gartner: Quick Answer: How Can Hyperscale Cloud Providers Address the Growing Dilemma of Cloud Sovereignty?, May, 2022
- Gartner: How Can CIOs of Multinationals Manage Digital Sovereign Risk?, March, 2022
- Gartner: Practical Privacy — Balancing Data Residency Requirements With Business Needs, June 2020
Data Sharing
- Gartner: Top 3 Priorities for Chinese Enterprises to Promote Effective Data Sharing, July, 2022
- Gartner: Quick Answer: How Executive Leaders Must Prepare for the New EU Data Act, June, 2022
- Garner: Overcome the Challenges of Cross-Border Data Communication Over Internet With China, May, 2021
- EU Data Sharing Guidelines
AI Explainability
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.
Comments are closed