• 3 min read
Data sovereignty alone won’t make systems resilient
Data sovereignty is only one part of resilience. Organizations should focus on data-layer control, flexible infrastructure and the failures most likely to disrupt services.

Image: TechRadar
Data sovereignty has risen sharply up the executive agenda, driven by regulatory scrutiny, geopolitical tensions across the Atlantic and concern about hyperscalers' concentration of infrastructure power. But allowing those political pressures to dominate infrastructure decisions can weaken the operational resilience organizations are trying to protect.
A Principal Technologist, EMEA, at MongoDB argues that compliance with data-residency rules remains a genuine obligation for regulated organizations. The problem begins when that obligation is treated as a reason to abandon hyperscaler infrastructure entirely.
Hyperscalers built their position by offering capabilities that are difficult to reproduce at scale. Organizations with deep dependencies on them are unlikely to unwind those relationships quickly. A multi-year transformation with significant execution risk may not be a sensible response to a political concern that could change within the same timeframe.
Data residency is not operational resilience
Data residency, infrastructure control and operational resilience are related, but they are not interchangeable. The failures most likely to take services offline are system outages, slow incident response and exploited security vulnerabilities—not necessarily the jurisdiction where data is stored.

Recommended reading
Rosenergoatom Tests 5-Cubic-Meter Hydrogen Electrolyzer
A platform that fails during peak demand can cause the same commercial and reputational damage whether its data is held domestically or abroad. A security breach is not inherently more or less severe because it occurred on local or international infrastructure. Uptime, security posture and incident-response capability are the measures that determine how an organization performs under pressure.
Sovereignty is one input into that assessment, not the framework for the entire decision. Data being stored in the “right” jurisdiction does not make an organization resilient. Resilience must be designed into its architecture and operations.
Control belongs at the data layer
As AI applications spread, the database is becoming more than a storage mechanism. It can serve as the most reliable point of deterministic control in the stack, where governance is enforced rather than simply documented in policy.
Key sovereignty controls—including data location, encryption, access permissions and cross-region movement—are fundamentally data-infrastructure decisions. When organizations can enforce those rules at the data layer, the choice between a hyperscaler and a fully domestic provider becomes less important. The central question becomes whether the infrastructure can apply the right policies to each workload.
That approach supports a tiered architecture: cloud-native infrastructure for speed, scale and flexibility; on-premises or segmented deployments for regulated workloads; and enough portability to move between configurations as circumstances change. Regulations will evolve, and the geopolitical conditions driving today’s sovereignty debate may look different in three years.
Technology leaders should meet residency obligations, establish genuine data-layer control and preserve architectural flexibility. They should also prioritize the failure modes more likely to create immediate costs: peak-load outages, delayed incident response and exploitable vulnerabilities. Those are the issues most likely to dominate post-mortems—not sovereignty.
This article was produced for TechRadar Pro Perspectives. Its views belong to the author and are not necessarily those of TechRadar Pro or Future plc.
Enterprise Editor
Marcus follows the money. He covers enterprise software, cloud architecture, and the tectonic shifts in Big Tech strategy. He translates dense earnings calls and complex M&A activity into actionable insights about where the industry is actually heading. If a tech giant makes a silent pivot, Marcus is usually the first to notice.
via TechRadar


