8/7/25, 10:55 AM                                Digital Sovereignty Is Far More Than Compliance

         Date                 Share on Facebook     Tweet on Twitter
         2025-08-06 08:00:22


        (MENAFN- Mid-East Info) By Julio Guijarro, CTO EMEA, Red Hat




        August, 2025 – I have honed my expertise in digital sovereignty in recent years largely as a result of it being one of the
        things our EMEA-based partners and customers always ask about. There is no one unifying reason for this increased
        interest in digital sovereignty, but rather several converging factors are accelerating its urgency.

        The most obvious is geopolitical instability. Sanctions and trade wars continue to disrupt global business operations. As
        reported, a coalition of nearly 100 organisations has urged European Commission leaders to establish a dedicated fund for
        building technological independence. In a joint letter addressed to President Ursula von der Leyen and Digital
        Commissioner Henna Virkkunen, the group advocated for strategic investments in homegrown infrastructure to reduce
        reliance on non-European tech giants.

        Another concern is that seemingly neutral cloud providers can become liabilities. One example is the high profile move of a
        major hyperscaler to cut off the International Court of Justice's email access following political pressure, highlighting that
        vendor obligations can sometimes override customer needs.

        In addition to geopolitical concerns, regulatory pressure is also mounting, with regulations like DORA (Digital Operational
        Resilience Act) and NIS2 in Europe requiring financial institutions and critical infrastructure providers to ensure operational
        resilience.

        While it is true that geopolitical dynamics have put digital sovereignty into the spotlight, it would be a misconception to think
        of this as a fresh challenge, as at its core digital sovereignty is about resilience and autonomy. Organisations need to prove
        they can operate independently, even when global political shifts or vendor decisions disrupt their operations.
        Prepare for unintended consequences


        In April 2022, the Amsterdam Trade Bank (ATB), a financially stable Dutch institution, was forced into bankruptcy. This
        wasn't due to poor management or insolvency, but rather because of sanctions imposed on its Russian parent company,
        Alfa Bank.

        When the US, the EU and UK enacted sanctions against Russian entities in spring 2022, the r ipple effects were
        catastrophic for ATB. Despite ATB being fully compliant with Dutch and EU laws, service providers, again being respectful
        with the same laws and sanctions, were obliged to abruptly terminate critical cloud services, including email and core
        banking operations. Without access to cloud-based workspaces and business software suites, ATB lost the ability to
        communicate internally or with customers, leading to its sudden collapse.


        While the sanctions against Alfa Bank have been implemented in a different context this case nevertheless underscores a
        critical distinction when it comes to the question of sovereignty: Own compliance does not guarantee autonomy. Even
        legally sovereign organisations can fail if they lack operational resilience. ATB's total dependence on their service providers
        left it defenceless when they withdrew support, a stark warning against vendor lock-in.

        While“digital sovereignty” refers to government-mandated control, such as GDPR or data localisation laws,“digital
        autonomy” is about an organisation's ability to operate independently, regardless of whether disruptions originate at the
        geopolitical or vendor level. This distinction has now been officially defined in the Netherlands by the Dutch government.

        ATB was sovereign (regulated under Dutch law) but not autonomous, so when its cloud providers pulled the plug, it had no
        backup plan. And, of course, ATB is not alone, in Australia another major hyperscaler accidentally deleted superannuation
        fund UniSuper's online account. Thankfully for UniSuper and its half a million members, they had taken the wise step of
        having a third party back-up.

        Building true autonomy takes a strategic approach

        To avoid ATB's fate, organisations need to take proactive steps towards technology and systems resilience. First, they
        should eliminate single points of failure by adopting multi-cloud or hybrid cloud strategies including on-premise solutions,
        reducing reliance on any single provider. Open source solutions, such as Red Hat OpenShift, offer portability across

      https://menafn.com/1109892693/Digital-Sovereignty-Is-Far-More-Than-Compliance                                 2/3