Trust in the cloud: Building transparent data relationships in Europe
"Data sovereignty represents more than a technical solution - it's Europe's requirement in rebuilding trust in the digital age."
The promise that European data stays within European borders is crumbling under scrutiny, revealing a fundamental shift in understanding digital sovereignty. Nearly 70% of European organisations now cite exposure of data to extra-territorial laws as a key concern in their current cloud environment, according to an independent study supported by Broadcom, Sovereign Cloud for Europe, as organisations discover that physical location doesn't guarantee legal protection.
When cloud providers fall under foreign jurisdiction, data stored locally could still be accessed by foreign authorities, shattering the illusion that geography equals sovereignty. This realisation is driving Europe's strategic pivot toward true data sovereignty - a movement that goes beyond knowing where data resides to ensuring who has control and legal authority over it.
As concerns about legal access mount and customer distrust of foreign cloud services deepens, European organisations are demanding transparency about data access rights and genuine control over their information. Data sovereignty represents more than a technical solution. It's Europe's requirement in rebuilding trust in the digital age, fundamentally rethinking cloud dependencies and moving toward authentic digital independence where legal frameworks, not just server locations, determine data protection.
A current lack of transparency in data handling
Ambiguity over where data is stored or managed is making it difficult for organisations to assess the risks associated with their cloud providers and undermines trust. This is compounded by conflicting legal jurisdictions, with cloud providers often storing or remotely accessing data across multiple countries, subjecting it to various legal frameworks.
For instance, as highlighted in Sovereign Cloud for Europe, the U.S. CLOUD Act allows U.S. authorities to obtain a warrant in a criminal case to access data held by American companies, even if the data is stored abroad. This can conflict with stricter rules on transferring personal data outside the EU, such as the EU's General Data Protection Regulation (GDPR).
READ MORE: Sharepoint under attack: Microsoft rocked by "high-severity, high-urgency" Toolshell zero-day
Against this backdrop, European-based customers want to be assured that they can make their own autonomous decisions about the collection and use of their organisational data for other services. They need confidence that their provider won't hand their data over to a government if it asserts jurisdiction to obtain that data, critically without informing the owner, and that their data won't be subject to government-mandated restrictions that could render it inaccessible.
Ultimately, all of this very real uncertainty hampers trust and leads to customer confusion, when providers should be looking to strengthen relationships and accountability.
Improving clarity without waiting for new legislation
To provide customers with this clarity, various stakeholders must collaborate to drive the adoption of truly sovereign cloud services. Regulators should engage in more public discussions about the legal risks involved in data residency and provide clear policy direction regarding what organisations can and cannot do with managing their workloads in the cloud.
European organisations must also undertake a critical evaluation of their existing cloud dependencies, examining not only their current arrangements but also their potential vulnerabilities and long-term strategic implications.
READ MORE: Europe facing AI “polycrisis” as superintelligence “looms on the horizon”
Simultaneously, cloud providers bear the responsibility to prioritise transparency by clearly articulating the risks associated with foreign government access to data, including the legal frameworks that may compel such access and the circumstances under which it might occur.
This risk-based approach also recognises that not all organisations require sovereign cloud solutions. Those handling less sensitive data may find that hyperscalers meet their needs adequately.
However, organisations with stronger security drivers—such as those advancing AI capabilities or operating in sectors with highly sensitive data, such as financial services and healthcare—should consider sovereign solutions to bolster confidence in their data storage and protection strategies.
Fostering trust in an era of digital sovereignty
The evolving landscape of data residency necessitates greater transparency and autonomy in data management to rebuild eroded trust between cloud providers and their customers. European organisations must undertake a critical evaluation of their existing cloud dependencies, examining not only their current arrangements but also their potential vulnerabilities and long-term strategic implications.
This comprehensive approach must enable organisations to retain meaningful control over their data whilst navigating an increasingly complex legal and policy landscape, where differing national interests and commercial considerations often intersect. Ultimately, rebuilding trust requires a sustained commitment to shared responsibility for data sovereignty and the development of robust safeguards that protect organisational autonomy in data governance decisions.
Martin Hosken is Field CTO, Cloud Providers, Broadcom
