The Rise of Digital Sovereignty: How Geopolitics Is Shaping Cybersecurity

Introduction

In an era where data is as valuable as currency, nations are increasingly asserting control over their digital landscapes. The European Union’s Digital Markets Act (DMA), for instance, compels tech giants like Google and Apple to ensure fair competition by opening their platforms to rivals, fundamentally altering their business operations. Similarly, China’s Data Security Law mandates that data generated within its borders be stored domestically, impacting how foreign companies manage information. This movement, termed “digital sovereignty,” reflects a global shift towards nations reclaiming authority over their digital infrastructures and data flows. As countries prioritise national interests in the digital realm, businesses face a transformed cybersecurity landscape, navigating a world where the once borderless internet is now segmented by national policies and regulations

Key Factors

The drive towards digital sovereignty is propelled by several key factors:​

Geopolitical Tensions: Escalating rivalries among global powers, notably the technological competition between the United States and China, have prompted nations to seek greater control over their digital infrastructures. For instance, the U.S. has imposed restrictions on Chinese tech firms like Huawei, citing national security concerns, while China has accelerated its efforts to develop indigenous technologies to reduce reliance on Western innovations. ​

Cybersecurity Concerns: The increasing use of cyberattacks as instruments of geopolitical strategy has heightened the emphasis on securing national digital assets. The conflict in Ukraine has demonstrated how cyber operations can be integrated into military tactics, underscoring the necessity for nations to safeguard their digital infrastructures against potential threats. ​

Technological Nationalism: Countries are aiming to diminish dependence on foreign technology providers to bolster national security and economic stability. This is evident in initiatives to develop domestic capabilities in critical sectors such as artificial intelligence and semiconductor manufacturing, reflecting a broader trend of prioritising national interests in technological advancement. ​

Emerging Digital Colonialism Debate: Developing nations are increasingly challenging the dominance of major Western tech firms in their digital economies. Concerns have been raised about data extraction practices that mirror historical patterns of resource exploitation, leading to calls for greater control over digital resources and the promotion of local tech industries. For example, African countries are advocating for digital sovereignty to ensure that data generated within their borders benefits their own economies. ​

Collectively, these dynamics are reshaping the global digital landscape, prompting nations to assert more control over their digital domains to navigate the complex interplay of technology, security and sovereignty.

What Digital Sovereignty Looks Like in Practice

​ As nations strive to assert control over their digital landscapes, digital sovereignty manifests itself in various concrete measures:

Data Localisation Laws: Countries such as Brazil, India and those within the European Union have enacted legislation mandating that data pertaining to their citizens be stored and processed within national borders. For instance, Brazil’s General Personal Data Protection Law (LGPD) mirrors the EU’s General Data Protection Regulation (GDPR) in enforcing strict data protection measures. These laws aim to safeguard personal information but can introduce complexities for multinational companies managing cross-border data flows.​

Fragmented Regulation: The proliferation of diverse data protection laws has led to a complex web of compliance standards globally. Organisations must navigate varying requirements, such as the GDPR in Europe and similar regulations in countries like Nigeria and Saudi Arabia, each imposing distinct obligations on data handling and transfer. This fragmentation challenges businesses to develop adaptable compliance strategies that meet multiple jurisdictional demands.​

Sovereign Clouds: In response to concerns over foreign influence and data access, nations are promoting the development of national or regional cloud service providers. European initiatives like GAIA-X aim to establish a secure and sovereign digital ecosystem, reducing reliance on non-European cloud services. GAIA-X sets standards for interoperability, security and sovereignty in cloud computing, enabling European businesses to retain control over their data. ​

Decentralised Internet Models: Some countries are constructing national intranets to exert greater control over domestic internet usage. Russia’s “sovereign internet” law, for example, seeks to create a national domain name system that allows the country to disconnect from the global internet if necessary, aiming to bolster cybersecurity and control information flows. Similarly, Iran has developed a National Information Network to manage and monitor domestic internet traffic. ​

Cross-Border Conflict: The tension between multinational cloud platforms and local legislation is evident as countries enforce data sovereignty measures. Major cloud providers like Amazon Web Services (AWS) have responded by launching dedicated cloud infrastructures, such as the AWS European Sovereign Cloud, designed to comply with stringent EU privacy and data sovereignty requirements. These developments reflect the ongoing balancing act between leveraging global cloud services and adhering to national data protection laws.​

Collectively, these practices illustrate the multifaceted approaches nations are adopting to achieve digital sovereignty, significantly impacting global cybersecurity strategies and international business operations.

Business Implications: Risks and Adaptations

The push for digital sovereignty is reshaping the way global businesses operate, adding layers of complexity and cost to their cybersecurity and data strategies. With governments increasingly demanding that data be stored and processed within national borders, businesses must now adopt region-specific compliance strategies. This ends the era of universal, centralised cybersecurity frameworks and forces companies to manage a patchwork of localised policies.

Infrastructure demands have also grown, in some cases dramatically. To meet national requirements, organisations are investing in duplicate data centres and services across jurisdictions, significantly increasing overheads. Regulatory risk looms large as well, with fines like the €1.2 billion penalty against Meta in 2023 for unlawful EU–US data transfers highlighting the stakes.

To navigate this shifting terrain, many firms are rethinking their cloud strategies, turning to hybrid and multi-cloud models to remain agile amid jurisdictional demands. At the same time, a new kind of corporate diplomacy is emerging. Companies like TikTok have set up regional data operations and engaged directly with policymakers to maintain market access and brand trust.

In response to all of this, the role of the Chief Information Security Officer (CISO) is evolving—now often doubling as a diplomatic envoy, managing regulatory relationships and ensuring cross-border compliance while safeguarding digital assets.

Future Trends and Strategic Responses

Looking ahead, the rise of digital sovereignty is likely to accelerate the fragmentation of the global internet—what some are now calling the “splinternet”. Distinct digital zones may emerge, with North America, China, the EU and others, setting divergent rules, standards and data protocols. While this grants nations greater control, it also raises the tension between privacy and freedom. As more states enforce national data laws, the open, borderless internet may become a relic of the past.

A new frontier in this debate involves artificial intelligence. Countries are beginning to assert ownership over AI models trained on local datasets, with calls to regulate foundational models based on national context and values. Similarly, cloud infrastructure and digital supply chains are being redrawn, with governments promoting “trusted” national providers to reduce dependency on foreign platforms.

In this fragmented landscape, resilience and redundancy are becoming top priorities. Businesses are investing in decentralised systems, disaster recovery plans and compliance diversification. At a geopolitical level, digital alliances—like the EU’s GDPR bloc or ASEAN’s cross-border data frameworks—are offering new routes for cooperation.

Strategic Agility in an Age of Fragmentation

As we have seen, digital sovereignty is no longer a fringe concern—it is reshaping the cybersecurity and business rulebook. The smartest companies now treat cybersecurity as a geopolitical issue, not merely a technical one. Future-ready firms will thrive by designing digital systems that are secure, sovereign-respectful, and globally adaptable—leading with both trust and agility.

And what about you…?   

• What risks do you foresee for your business if global digital fragmentation continues to accelerate?
• What role do you think businesses should play in shaping international digital policy—should they simply comply, or actively engage in digital diplomacy?