Klaudia Ciesielska, Brandsit: Data sovereignty is increasingly emerging in the context of the digital strategies of companies and public institutions. How does OVHcloud define this concept and what are its key pillars from the cloud provider’s perspective?
Tomasz Sobol, OVHcloud: For OVHcloud , data sovereignty from the outset means an organisation’s control over where and how its data is stored, processed and protected – both technologically and legally. This concept is based on three pillars: transparency, compliance with local regulations and technological independence. Equally important is the clarity of the offering: the customer needs to know exactly where his or her data is located, what security mechanisms are in place and whether the service meets regulatory requirements.
K.C.: Which regulations (e.g. RODO, DORA, NIS2, Gaia-X) are most influencing customer expectations in the area of data sovereignty today?
T.S.: Customer expectations in the area of data sovereignty are today shaped by a number of regulations that set new standards for digital responsibility.The RODO is still the foundation – providing a framework for transparency and control over the processing of personal data. NIS2 extends cyber security obligations to key sectors of the economy and DORA strengthens the digital resilience of financial institutions and their technology providers. All these regulations raise technology requirements, but also redefine the customer-cloud provider relationship. Today, it is compliance that counts, but also proactive support in implementation.
“Today, it is not only compliance that counts, but also active support in implementation.”
K.C.: With the public cloud, the question of data location and jurisdiction is key. How does OVHcloud give customers control over where and how their information is stored?
T.S.: Full control of the data comes from our approach to managing it. Firstly, we implement an integrated operating model where we oversee the entire chain of operational activities – we design and build the servers ourselves, as well as managing our own data centres (44 locations on 4 continents) and fibre network. Secondly, we provide our customers with a choice of regions and availability zones within the EU, such as Poland, France or Germany. This approach guarantees control of data in accordance with the European legal system and specific regulations. All of this translates into building autonomy and operational security, which in effect provides customers with full control over their own data and how it is processed.
K.C.: In recent years we have seen a growing interest in the European cloud as an alternative to American and Asian providers. How does OVHcloud see its role in building Europe’s digital independence?
T.S.: We are seeing a clear shift in the approach to the cloud, with more and more organisations driven not only by technical parameters but also by the need for strategic sovereignty. OVHcloud is responding to these expectations by offering solutions that comply with European regulations and protect data from the influence of jurisdictions outside the continent. We are also constantly strengthening our infrastructure, currently operating 44 of our own data centres and 16 local zones. We are developing products so that these meet the needs of government and regulated sector customers. Examples include SecNumCloud – a private government cloud – and On-Prem Cloud Platform – allowing you to build a private cloud on dedicated OVHcloud hardware with the ability to connect it to global resources. Our aim is to provide proximity of service, compliance with local laws and real support in building a sovereign cloud for European customers.
“More and more organisations are driven not only by technical parameters, but also by the need for strategic sovereignty.”
K.C.: Is data sovereignty a topic that really influences customers’ purchasing decisions, or is it more a part of companies’ image strategy?
T.S.: Data sovereignty is no longer an empty buzzword – today it really influences purchasing decisions, especially in the area of AI projects and digital transformation. It means control and influence over strategic resources, which is why companies are increasingly choosing cloud providers not only for the technology, but also for compliance with local laws, transparency of offerings, the ability to decide on the location of data and a guarantee of portability and easy exit from the contract or architecture (the so-called exit-friendly approach), as required by the Data Act. This is in response to increasing regulatory requirements and the need to build digital resilience. In practice, this means that data sovereignty is becoming a strategic pillar for responsible growth and competitiveness – a condition for scaling business without compromising on security and compliance.
K.C.: What trends in regulation, technology or user awareness are most likely to change attitudes towards data sovereignty in the cloud in the next 2-3 years?
T.S.: Three key trends will shape the approach to data sovereignty in the cloud over the next 2-3 years. Regulations introducing more stringent requirements for cyber security, digital resilience and transparency of AI systems. Technologies – including local data zones, end-to-end encryption, tools for advanced identity management or AI-based threat monitoring – will become a natural part of cloud providers’ offerings. In parallel, user awareness will grow, as we have seen especially since the beginning of the year.
