Every nation in the world is discussing strategic measures in achieving digital sovereignty narratives. However, most conversations tend to get stuck in the same loop, such as data residency, legal jurisdiction, compliance, security standards, or even certifications. But one moment realized to me that compliance doesn’t wholly equal sovereignty. This point only tells you what’s allowed; sovereignty tells you who’s in control.
It has been too long since the global duopoly has continued to exert disproportionate influence over global data through a combination of its technological dominance and regulatory reach. What often appears to be progress in connectivity and efficiency has, in reality, created a dependence. This is no longer just about who leads in the market — it is about who holds the entire digital leverage.
Take the issue of legal jurisdiction and access. Many entities in critical sectors — healthcare being a particularly urgent example — still often rely on infrastructure controlled by big tech. You may specify data-residency: “Store the data in region X.” but what guarantees do you have that those providers won’t be subject to external legal demands? Certain regulations allow providers incorporated under specific jurisdictions to be compelled to access data — even when that data is physically stored abroad. Compliance in such cases becomes theoretical rather than real.
Beyond the legal jurisdiction issue, the dependency on dominant cloud providers also introduces other critical gaps:
- Transparency: Lines of control remain blurred, as data access can still be compelled without the knowledge of organizations or users, undermining proper accountability.
- Compatibility: Standards and interoperability are primarily dictated by these giant providers, meaning local systems are often shaped around their platforms rather than independent choices.
- Trust: Patients, citizens, and regulators are left questioning whether systems can genuinely be called sovereign if they remain vulnerable to foreign court orders and external influence.
I have observed how healthcare entities increasingly push their workflows into the cloud. On the surface, it looks positive: agility, scalability, remote access, telehealth, big data analytics, all essential. But under that surface lies a tension that is often unspoken.
A Patient’s Data Deserves More Than Storage
Globally, the cracks are still showing. One of the most pressing issues is data fragmentation. Health systems often fail to connect seamlessly, leaving records scattered across platforms that cannot speak to each other. Instead of a minor technical inconvenience, it creates real risks when data is inconsistent or incomplete. When combined with the reality that most of these systems still rely heavily on hyperscalers, the problem deepens: standards and architecture are shaped externally, reinforcing lock-in and weakening local control.
That is why sovereignty must go beyond data residency & compliance. Electronic Medical Records are not just administrative files; they form the backbone of diagnosis, treatment, and long-term patient care. If data integrity is questioned — if records are manipulated, inaccurate, or inaccessible due to this dependency — the consequences are severe. A single error in a patient’s digital record could mean a misdiagnosis, an incorrect treatment plan, or even the loss of life. In this context, data is not abstract — it is life itself.
Data cannot be treated as a passive by-product. It must be safeguarded at every layer: the infrastructure it resides on, the flows that distribute it, and the governance that determines access. Understandably, many organizations or even nations still hesitate. Building own infrastructure, negotiating control clauses, handling encryption keys, ensuring auditability — these are expensive, complicated, and often outside the comfort zone of many organizations, particularly those in developing nations. There is also fear:
- Fear of not matching the reliability or cost-efficiency of global cloud providers.
- Fear of being criticized for “reinventing the wheel” or “not being competitive.”
- Fear of embargo or other policy backlashes, or being isolated if choosing paths that diverge from dominant global norms.
These fears are valid but also paralyzing. At this stage, there is no longer an alternative path if the goal is true sovereignty. The dominance of the global duopoly will persist as long as most of the adoptions remain concentrated on their platforms, reinforced by laws that extend their jurisdiction worldwide. The only proven counterweight has been a bold investment in the self-reliance of infrastructure.
We have spent too long mistaking data residence & compliance for sovereignty only. Checking the right boxes, meeting foreign standards, storing data in designated regions — all while the actual levers of control remain outside our hands. As long as the backbone of our digital world runs on infrastructure tied to a foreign jurisdiction, digital control is never absolute. Transparency, accountability, and trust will always be compromised. And in healthcare, compromise is not an option.
The path forward is not about rejecting the world or competing head-to-head with global hyperscalers. It is about building — piece by piece, layer by layer — our own trusted foundations. Only then can we assure citizens and patients alike that their data is protected by us, for them, at home.
We cannot wait for dominance to fade — it won’t. The truth is that these big players have already accumulated and studied vast amounts of our data over a long period, often influencing our behavior patterns without realizing it. The choice is simple: act now, or accept permanent reliance. And for those of us who believe data is life itself, inaction is no longer an option.