8/7/25, 10:54 AM           Digital Sovereignty is far more than compliance - Middle East Business News and Information - mid-east.info
        institutions and critical infrastructure providers to ensure operational resilience.



        While it is true that geopolitical dynamics have put digital sovereignty into the spotlight, it
        would be a misconception to think of this as a fresh challenge, as at its core digital sovereignty

        is about resilience and autonomy. Organisations need to prove they can operate independently,
        even when global political shifts or vendor decisions disrupt their operations.



        Prepare for unintended consequences



        In April 2022, the Amsterdam Trade Bank (ATB), a financially stable Dutch institution, was
        forced into bankruptcy. This wasn’t due to poor management or insolvency, but rather because

        of sanctions imposed on its Russian parent company, Alfa Bank.



        When the US, the EU and UK enacted sanctions against Russian entities in spring 2022, the
        ripple effects were catastrophic for ATB. Despite ATB being fully compliant with Dutch and EU

        laws, service providers, again being respectful with the same laws and sanctions, were obliged
        to abruptly terminate critical cloud services, including email and core banking operations.

        Without access to cloud-based workspaces and business software suites, ATB lost the ability to
        communicate internally or with customers, leading to its sudden collapse.



        While the sanctions against Alfa Bank have been implemented in a different context this case
        nevertheless underscores a critical distinction when it comes to the question of sovereignty:

        Own compliance does not guarantee autonomy. Even legally sovereign organisations can fail if
        they lack operational resilience. ATB’s total dependence on their service providers left it

        defenceless when they withdrew support, a stark warning against vendor lock-in.



        While “digital sovereignty” refers to government-mandated control, such as GDPR or data
        localisation laws, “digital autonomy” is about an organisation’s ability to operate independently,
        regardless of whether disruptions originate at the geopolitical or vendor level. This distinction

        has now been officially defined in the Netherlands by the Dutch government.



        ATB was sovereign (regulated under Dutch law) but not autonomous, so when its cloud
        providers pulled the plug, it had no backup plan. And, of course, ATB is not alone, in Australia
        another major hyperscaler accidentally deleted superannuation fund UniSuper’s online account.

        Thankfully for UniSuper and its half a million members, they had taken the wise step of having

        a third party back-up.




      https://mid-east.info/digital-sovereignty-is-far-more-than-compliance/#:~:text=Digital sovereignty isn't just,independence from vendor lock-in.  2/3