Data sovereignty rises fast
Governments are tightening controls on where AI and cloud data can be stored and processed, turning data sovereignty into a top technical and compliance constraint for multinational AI deployments. The trend is already reshaping architectures and vendor choices across regions. (manilatimes.net)
Europe’s Data Act entered into force in January 2024, creating new access-and-sharing rules that regulators and buyers cite when demanding in‑region processing and contractual controls for AI workloads. (data.europa.eu - ) Microsoft unveiled its Microsoft Sovereign Cloud on June 16, 2025, packaging Sovereign Public Cloud, Sovereign Private Cloud and partner “National Partner Clouds” to keep Azure, Microsoft 365 and in‑region AI processing inside European datacenter regions. (microsoft.com - ) Google Cloud expanded its “Data Boundary” and sovereign cloud options in 2025, adding country‑level processing guarantees and air‑gapped/partner‑run deployments after promising to run flagship Gemini model requests on data‑sovereign compute clusters in locations such as London and Manchester. (cloud.google.com - ) (glinsight.com - ) AWS formalized a Digital Sovereignty Pledge and has promoted dedicated infrastructure, Local Zones and Outposts as compliance options since its August 2023 infrastructure announcement, citing customer requirements for residency, latency and personnel‑access controls. (aboutamazon.com - ) (aws.amazon.com - ) China’s PIPL and Data Security Law (both effective from 2021) remain the baseline for cross‑border controls even after the Cyberspace Administration of China published relaxed cross‑border provisions on March 22, 2024, which adjusted some transfer mechanisms but kept security and filing obligations. (wooassociates.com - ) (gtlaw.com - ) India’s 2023 Data Protection framework and subsequent sectoral rules have moved the country toward tighter localization and a “blacklist” approach to cross‑border transfers, prompting mandatory in‑country processing requirements across payments, health and other regulated sectors. (techpolicy.press - ) (legalogic.com - ) Regulated industries are already requiring in‑region inference and SaaS configurations — examples include banks and insurers vetting vendor promises of in‑country model execution and Microsoft advertising in‑region Copilot processing to reduce procurement friction for public‑sector customers. (glinsight.com - ) (itpro.com - )
