data, data center, AI, boom, bubble, futurum signal

In today’s digital world, “cloud” often means “anywhere, anytime, under someone else’s control.” But increasingly, that definition is being pushed back. Governments. Regulated industries. Enterprises with tight customer expectations. They all want more: More control, more visibility, more sovereignty. They demand that their data not just travel securely, but reside where laws, trust and oversight allow it to. And so hybrid models, sovereign clouds, and even on-site deployments are moving to center stage.

Recent announcements from SAP, Oracle, AWS, Google and others make it clear: The era of one-size-fits-all cloud is fading. Instead, we’re entering the age of where and who controls cloud infrastructure — operational, legal, technical and physical.

The Rising Tide: Examples of Sovereign and On-Site Clouds

Take SAP. Just in the past few weeks, SAP pledged over €20 billion to build out its sovereign and private cloud footprint in Europe as part of its broader SAP Sovereign Cloud offering.  Their ambition isn’t just theoretical; via SAP Sovereign Cloud On-Site, they are giving customers the option to host managed cloud infrastructure within their own facilities. That means local control over data handling, logging, key management — all of which SAP says will be audited and managed to the customer’s standards. 

In India, SAP recently launched its Sovereign Cloud offering, in full compliance with national security policies (NISPG), allowing regulated industries to modernize with cloud and AI while ensuring that “data remains secure, compliant, and within sovereign boundaries.” Martin Merz, President of SAP Sovereign Cloud, put it simply: “With SAP Sovereign Cloud in India, we are proud to support the country’s path as a growing hub for innovation — offering customers freedom of choice to embrace cloud and AI while retaining full control over data and operations.” 

Oracle also offers examples: Its Oracle EU Sovereign Cloud gives German and EU public and private sector customers infrastructure separated physically, logically and cryptographically from other regions. Support and operations are delivered by EU residents under EU legal entities. 

And hyperscalers, too, are adapting. AWS has unveiled its European Sovereign Cloud, with governance, control and staffing all localized to Europe. They promise that operations will be carried out under EU law, by EU residents, with data and metadata kept within the region.  Microsoft is similarly expanding its sovereign public cloud offerings to give European organizations more control over data location, encryption, and who can access what. 

What “Hybrid + On-Site Sovereignty” Really Means

These aren’t small tweaks. What we’re seeing is a spectrum of sovereignty:

  • Legal sovereignty: Laws governing data use, privacy, government access and compliance.
  • Data residency / physical sovereignty: Data stored in specific jurisdictions, sometimes in facilities owned or selected by the customer.
  • Operational sovereignty: Who has control over maintenance, staffing, physical infrastructure/security.
  • Technical sovereignty: Control over encryption, key management, logging, auditing, middleware, etc.

The “On-Site” models are especially interesting because they push many of these layers into the customer’s own data centers. SAP’s On-Site offering “delivers the highest levels of data, operational, technical, and legal sovereignty,” according to their own description. 

The Drivers: Regulation, Trust & Risk

Why is this movement accelerating now?

  • Regulation is tightening globally. GDPR in Europe is far from alone. India’s NISPG, national digital sovereignty laws and sector-specific compliance regimes (healthcare, finance, defense) demand local control. Businesses expecting to comply tomorrow must plan today.
  • Trust and geopolitics matter. Customers are wary of cross-border access, supply chain vulnerabilities, foreign government legal reach (e.g. U.S. Cloud Act, Chinese laws). They want assurance that their data isn’t subject to unpredictable foreign influence.
  • AI demands and sensitive workloads amplify the risk. Training data, personal info, health and financial data — such workloads are too sensitive for uncertain control.
  • Hybrid cloud maturity: it’s easier now to distribute infrastructure, connect sites, run observability and governance across public, private, and on-site deployments. The tools are catching up.

Challenges & Trade-Offs

Yet sovereignty is not without cost.

There are price premiums. A report from BCG noted that sovereign cloud offerings often come at 10-30% higher costs versus equivalent public cloud services, due to isolation, audited staffing, regulatory compliance and infrastructure duplication. 

Operational complexity increases when mixing environments. Ensuring consistency of security, identity, monitoring, patching and governance across public, private and on-site clouds is nontrivial.

Customer responsibility also increases. Having data on-site or in a sovereign cloud may shift burdens for physical security, compliance auditing and legal liability.

Furthermore, sovereignty promises may sometimes amount to branding if not implemented carefully: “Resident staff”, “within-region infrastructure”, but still relying on vendor tools, pipelines or overseas dependencies that undermine sovereignty in practice.

Hyperscalers, Neoclouds & Sovereignty: What Happens Now

For hyperscalers, this trend is a forcing function. They must localize operations, staffing, governance, and often split out infrastructure in new ways. AWS, Microsoft, Google are investing heavily in sovereign cloud controls; they can provide scale and reach—but must adapt for customers who no longer accept remote control from afar.

Neocloud and sovereign cloud providers may have an edge in trust, in proximity to regulation, and in being designed with sovereignty in mind rather than retrofitted. They can appeal to regulated industries by offering compliance and control baked in, not “bolted on.” On-site sovereign clouds are particularly compelling for sectors like government, defense, health and perhaps even financial services, where data cannot leave national borders or physical control.

Shimmy’s Take

Sovereign clouds, hybrid models, and on-site deployment are more than trends — they’re the cloud’s next frontier. The notion that “cloud means remote public infrastructure you don’t own” is being replaced by “cloud infrastructure shaped by law, trust and locality.”

If you’re a platform engineer or security leader, this shift demands rethinking architectural standards. GitOps pipelines, identity, observability, policy enforcement — it all must span across environments, physically, legally and operationally grounded in your jurisdiction. Your cloud tools must support selectable sovereignty: On-Site, Local Region, or Public Cloud modes.

SAP’s new On-Site model, Oracle’s EU-Sovereign Cloud’s separation guarantees, AWS’s regionalized control frameworks—these aren’t niche plays. They are signals that sovereignty is not the exception anymore; it’s becoming a baseline expectation for many enterprises.

In the end, sovereignty isn’t just about regulation compliance — it’s about trust. It’s about giving customers faith in where their data lives, who can touch it, and under what conditions. The future of cloud will be hybrid, sovereign, and fundamentally more distributed. The question isn’t if you adopt sovereignty — it’s how soon, and how well you build for it.

TECHSTRONG TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Events

SHARE THIS STORY

RELATED STORIES:

Why Only 39% of SAP Customers Have Upgraded—And How HPE GreenLake Aims to Change That

SAP Expands Cloud ERP Transition Support and Strengthens Migration Tools for Businesses

Understanding Data Sovereignty with Nathan Bennett

IBM Readies Managed SAP Service Running on Power Platform