Today’s digital industries face multiple challenges in effectively managing their data. According to a poll of 3,700 senior leaders across 21 countries, 75% of respondents agree their organization is increasingly concerned about the geopolitical risks associated with storing and managing data with global cloud providers. At the same time, cyber incidents are now the top global risk in 2025, according to Allianz, with high-profile cyber-attacks causing billions in losses and multi-week outages.
The trust crisis in global cloud
We’re witnessing a crisis of trust in the global cloud. It has become clear, particularly through the lens of a complex geopolitical landscape with nation-state-sponsored cyber threats, that the idea of absolute safety in the cloud is compromised. While global cloud providers offer best-in-class capabilities, they aren’t appropriate for everything. At a national level, trust for these bulk cloud carriers has weakened.
The US Clarifying Lawful Overseas Use of Data (CLOUD) Act, which came into force in 2018, adds to the problem. The Act allows US authorities to access data from US-headquartered cloud providers or their subsidiaries, even if data is stored outside the US. While this is a particular concern for defense organizations, other industries with strategic national IP are also at risk. According to Capgemini research, the threat posed by potential exposure to extra-territorial laws and/or the possibility of data access by foreign governments owing to a vendor’s location of origin was cited as a concern by 68% of public sector respondents. Ultimately, without sovereign control over data, governance isn’t guaranteed.
The UK legislative response
To help mitigate this, the UK’s Data (Use and Access) Act 2025 has now become law, and minimum security and resilience requirements will be introduced for data centers in the UK, along with growing EU data‑governance regulations. While this will help to safeguard data, it also presents a new level of complexity for businesses to contend with. Ultimately, there’s a greater need for certainty around where data sits, who can access it and how it’s protected. Sovereignty has never been more important.
The risk to innovation
According to the defense and security think-tank, the Royal United Services Institute (RUSI): “The threat posed to UK businesses and economic and national security by IP theft and IP loss is huge, and the UK’s approach needs immediate attention.”
The threat posed to UK businesses and economic and national security by IP theft and IP loss is huge, and the UK’s approach needs immediate attention. — Royal United Services Institute
When you consider the cost implications, it’s easy to see why. According to the UK government’s Cost of Cyber Crime report, the cost of cybercrime to the UK is £27 billion per year. Of this, £9.2 billion comes from the theft of IP from UK businesses.
At the same time, the UK has the challenge of keeping pace with agile competitors in complex, multi-partner programs. The Chinese can develop things much faster than we can in the highly regulated UK and EU industries. We can’t keep up. They can develop a new platform and have it in service in years, and it takes us decades. The UK’s most innovative sectors — defense, aerospace, clean energy and life sciences — depend heavily on cloud-based collaboration. The challenge, therefore, is enabling cross-border collaboration without leaking UK-developed IP.
The sovereign cloud solution
A single misplaced control system can cascade across the entire supply chain. Sovereign cloud gives UK businesses the control and assurance they need. With single-tenant environments enabled by the sovereign cloud, each customer gains a dedicated virtual space, so there’s no hyperscaler-style multi-tenancy. This provides stronger isolation and security, making it suitable for organizations handling sensitive IP or subject to strict data residency requirements.
For CTOs and technology procurement leaders, the shift toward sovereign cloud represents not just a compliance measure but a strategic advantage. It enables secure collaboration across borders while maintaining control over data. As cyber threats evolve and geopolitical tensions persist, the ability to demonstrate data sovereignty will become a differentiator in winning contracts and building trust with customers and partners.
| Risk Factor | Statistic | Source |
|---|---|---|
| Leaders concerned about geopolitical cloud risks | 75% | Poll of 3,700 senior leaders (21 countries) |
| Public sector concerned about foreign data access | 68% | Capgemini research |
| Annual cost of cybercrime to UK | £27 billion | UK government Cost of Cyber Crime report |
| IP theft portion of cybercrime cost | £9.2 billion | UK government |
In conclusion, the UK’s data sovereignty push, anchored by the Data (Use and Access) Act 2025 and sovereign cloud architectures, offers a path for digital industries to mitigate risks while maintaining global competitiveness. For enterprise decision-makers, investing in sovereign cloud capabilities is no longer optional — it is a prerequisite for protecting IP and enabling secure innovation.
Sources:
