IDC Guest Post (Sponsored by Broadcom)
There is a question I get asked regularly, and it has not changed much over the years: what exactly is digital sovereignty?
The short answer is that it depends on who you ask and when. The longer answer is that the concept has been steadily expanding in scope, to the point where we would argue that simply calling something "sovereign" no longer means very much. When standards are unclear and definitions vary, sovereignty washing fills the space.
What really matters is what kind of sovereignty, for which workloads and data, under what circumstances, and with which partners.
IDC's latest Worldwide Digital Sovereignty Survey, published June 2026, puts some useful numbers around what organizations are doing and thinking right now. The survey covers 600 organizations across 15 countries and multiple industries. What it shows is a market at an inflection point: adoption is broad, intent is strong, and the underlying motivations have become considerably more complex.
The State of Sovereign Cloud Adoption
More than half of organizations globally are already using sovereign cloud solutions, with more than a third planning to do so within the next twelve months.
For most organizations, sovereign cloud is not a standalone environment. Nearly half treat it as part of a broader multicloud or hybrid cloud strategy, while 43% see it as their primary cloud platform. That combination reflects something significant: organizations are not retreating from the public cloud, they are asking more of it. They want commercial-grade innovation and scale alongside control, compliance, and resilience guarantees that they can point to in conversations with regulators, boards, and customers.
When organizations tell us why they chose sovereign cloud, data privacy and security comes out clearly at the top, cited by 51%. That makes sense. But what is interesting is the range of other drivers alongside it: regulatory compliance, better vendor risk management, operational resilience, and geopolitical risk mitigation. These are not competing motivations so much as reinforcing ones. Organizations are building the case for sovereignty across multiple dimensions at once, which is why the decisions involved have moved out of IT departments and into boardrooms.
The geopolitical context matters here. Over the past six months, 72% of organizations say their interest in digital sovereignty solutions has increased, driven by tensions, regulatory changes, and economic uncertainty. That reflects a world in which technology dependency has become a strategic vulnerability and organizations are rethinking their assumptions about supply chains, data access, and operational continuity.
What Sovereignty Should Actually Look Like in Practice
This is where the picture becomes more nuanced. When organizations look for sovereign solutions (particularly for SaaS), they consistently prioritize a cluster of capabilities: data residency and jurisdictional control, protection against foreign government data access, control over operational access and administrative support, and data portability including the ability to exit a platform. Transparency about AI model usage and training data comes in at 41%, a number that would have been closer to zero a few years ago.
These preferences tell you something about what organizations are actually trying to achieve. They are not looking for isolation. They are looking for verifiable control, portable architecture, and the assurance that their data cannot be accessed without their knowledge. They also want to be able to leave. Exit rights are not an afterthought in these decisions and should be contractually explicit from the outset.
When choosing a sovereign partner specifically, the attributes that rise to the top are around trust and accountability: compliance credentials, security capabilities, and demonstrable local knowledge. These are not purely technical requirements. They speak to the relational dimension of sovereignty, namely the question of whether a partner can be held to account, and by whom.
AI Sovereignty: The Next Frontier
AI changes this conversation in ways we are still working through.
Sovereignty began as a data-at-rest problem; as organizations move up the cloud stack, data in transit has come into scope too.
AI takes the sovereignty story to a new dimension as it makes it a data-in-use and data-in-training problem. When a model is trained on proprietary datasets, when it is fine-tuned on sensitive records, when it is making consequential decisions in regulated environments, the sovereignty question is not just about where the data lives. It is about who controls the model, who can access the inference logs, and what happens if a foreign provider restricts or withdraws access.
That last point is very real. On June 12, 2026, the US Government, citing national security concerns, suddenly issued an export control directive suspending all access to Anthropic's latest models, Fable 5 and Mythos 5, by any foreign national. Even before this directive, nearly two-thirds of organizations told us that dependency on foreign AI providers is either a major or moderate concern given current geopolitical conditions. The risks they have in mind are AI model access cut-offs, export restrictions, and the broader exposure that comes from relying on platforms controlled in other jurisdictions.
The response, where organizations have begun to act, is to run AI workloads on sovereign infrastructure. More than 42% are already using sovereign cloud to build or run AI solutions, with a further 38% planning to do so within twelve months. The top use cases where they feel sovereign infrastructure matters most include AI processing sensitive or regulated data, AI applied to corporate strategy and intellectual property, and AI handling personal identifiable information. Critically, when it comes to the data used to train or fine-tune models, 47% say full ownership and control is critical, with a further 51% saying it is important even if they sometimes use third-party data when necessary.
This is a near-universal requirement. It reflects an understanding that the data used to shape a model's behaviour is as strategically sensitive as the outputs themselves.
The Challenges That Still Constrain Progress
None of this is easy to execute. The challenges organizations face in implementing sovereign cloud are well documented: cost remains the most cited barrier, followed by complexity. Sovereign solutions are often more expensive to run than standard public cloud; the scale economics differ, and compliance and audit overhead is real.
There is also a product gap. When we ask organizations where current offerings fall short, the answers cluster around the same themes as their requirements: not enough transparency, limited portability, insufficient operational independence. The market is catching up, but slowly. And the organizations waiting for it to catch up are facing regulatory and business pressure in the meantime.
What This Means for Technology Vendors
The implications for the vendor community are direct. Sovereign is increasingly a table stakes descriptor. What differentiates is the substance behind the label: genuine transparency about how access controls and AI training operate, meaningful data portability, the ability to exit without excessive switching costs, and the kind of contractual assurances that stand up to regulatory scrutiny.
Organizations are also looking for partners who understand that sovereignty and innovation are not in opposition. The concern we hear most often is being locked into a less capable environment in exchange for control. The vendors and platform providers who address that tension directly and can demonstrate how sovereign infrastructure enables rather than limits AI and cloud investment, are the ones who will earn the trust that underpins long-term relationships.
The market signal is clear: organizations globally are committed to digital sovereignty as a strategic priority. What they need now is the implementation support, the architectural flexibility, and the partner ecosystem to turn that commitment into operational reality.
---
All data sources: IDC Worldwide Digital Sovereignty Survey, June 2026 (n=600, global total).