A cloud deployment model that guarantees operational, legal and technical control of data and workloads within a specific jurisdiction (typically the EU). Sovereign cloud answers the concern that hyperscaler deployments remain exposed to foreign jurisdiction, primarily the US CLOUD Act.

Sovereign cloud is not one product. It ranges from hyperscaler sovereign regions (limited operational sovereignty) through sovereign overlays (dedicated operations staff and key control) to fully EU-owned providers (full sovereignty, smaller feature set). Picking the right point on this spectrum is a trade-off between capability and jurisdictional risk.

In regulated EU decisions, sovereign cloud is increasingly a dealbreaker rather than a criterion. DORA Art. 28, EBA outsourcing guidelines, BSI C5 and BaFin-regulated scopes all treat data residency plus operational control as non-negotiable for material workloads.

The decision interacts with every other cloud decision: IAM integration, exit strategy, log management, incident response. A memo that chooses sovereign cloud without mapping those downstream effects understates the real commitment.

Sovereign cloud

Related terms