Tech
Auditing, classifying and building a data sovereignty strategy | Computer Weekly
Data sovereignty is a hot topic. For commercial and public sector organisations, compliance to ensure personal data is secure is a primary objective. And that means it cannot be subject to foreign laws or interference.
Data sovereignty is also a matter for international relations, where states strive to ensure citizen and organisation data is secure from foreign interference. And, for states, achieving data sovereignty is also a way of protecting and developing national economies.
In this article, we look at data sovereignty, and the key steps CIOs need to take to build their data sovereignty strategy. This centres on auditing, classification and building controls over data location and movement.
What is data sovereignty, and why is it an issue?
At the most general level, data sovereignty is the retention of data within the jurisdiction – usually state boundaries – whose laws govern its use.
Interest in data sovereignty has been building for some time. In one sense, it looks a lot like law catching up with the “wild west” early years of cloud use and popularity. Here, organisations rushed to this new, highly flexible location to process and store data, then later discovered the risks to which they – and their customer data – had become exposed.
More recently, the drive to digital sovereignty stepped up to the level of states. That trend got a big boost during US president Donald Trump’s first term. That saw the country’s introduction of the Clarifying Lawful Overseas Use of Data (Cloud) Act, for example, which potentially allows US law enforcement to access data stored by US companies anywhere. Alarm bells started ringing, especially in Europe.
Organisations achieve digital sovereignty in their operations by making data subject to the laws and control of the state they operate in, or from. But we are far from achieving that, when, for example, Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP) have around 70% of the European cloud market, and many European state organisations are completely or overwhelmingly dependent on US hyperscalers for cloud services.
What are the concerns about data sovereignty, and what do CIOs plan to do?
Surveys regularly find IT decision-makers are concerned about data sovereignty. A Gartner survey conducted among 241 IT decision-makers globally found the majority (75%) of those outside the US plan to have a digital sovereignty strategy in place by 2030. Meanwhile, 53% said concerns over geopolitics would restrict future use of global cloud providers, and 61% said such worries would increase their use of regional or local cloud providers.
Complexity – and the potential for contradictory regulations and increased costs – is also a major concern, says Simon Robinson, principal analyst for storage and data infrastructure at Omdia.
“Our research found 74% of organisations say sovereign clouds have become more important over the last two years,” he says.
“However, it is a complex and fast-moving area. The regulatory and compliance environment is evolving rapidly. But the challenge for global organisations is that some regulations may actually conflict, potentially forcing them to contemplate whether they might break one law or regulation to satisfy another.”
Robinson adds: “At the very least it pushes up costs, may lead to inconsistent data policies around retention, and could slow down the adoption of advanced technologies, such as AI [artificial intelligence].”
So, while risks around stored data being in datacentres in a foreign country, on foreign infrastructure and subject to that country’s laws are a major worry, resolving that situation can bring its own issues too.
What is a data sovereignty audit, and why is it so important?
Core to an organisation’s responses to an unknown or uncontrolled data sovereignty situation is an audit of its data. This is the first step towards ensuring data is kept and processed within the appropriate state boundaries.
That will likely take the form of identification of the risks around different classes of data, according to Jon Collins, vice-president of engagement and field chief technology officer at GigaOm.
“Not all data is created equal, and not all parts of the architecture are created equal,” he says. “The first step is to classify what you’ve got. Identify whether it needs to fall within the scope of sovereignty, understand what kind of data it is, and consider how it might be impacted in terms of privacy, localisation and compliance.”
Key parts of a digital sovereignty strategy include mapping digital assets and data flows throughout their lifecycle and the laws to which they are subject at all stages. Then classify the data to assess risk levels for each class.
This can include geo-tagging, and should be part of an ongoing process, says Bettina Tratz-Ryan, vice-president and analyst at Gartner. “Automated discovery tools help identify and tag sensitive data, whether in physical storage or incidental locations like shared drives and folders,” she adds.
“Regular audits and compliance checks are non-negotiable and require strong governance policies and periodic manual reviews.”
How to minimise exposure to data storage risks
A data storage strategy that addresses data sovereignty builds on the classification of data in the data audit to limit what data can go where.
As part of the classification process, data will be subject to a policy that manifests in metadata tagging that indicates its sensitivity and tolerance for movement.
“Organisations should adopt a data governance as code approach, automating compliance through infrastructure as code techniques for consistent enforcement and rapid remediation,” says Tratz-Ryan.
That means sensitive data should be stored locally or in regional datacentres to meet residency requirements, with the cloud used for scalability under strict, region-specific compliance requirements.
“Continuous monitoring, encryption and geo-fencing are essential, and governance must be built in, not bolted on,” adds Tratz-Ryan.
Such approaches address the difficulties that potentially arise with data in transit. With the ability to monitor compliance and auditability built in via classification and tagging, critical workloads can be more easily segregated from less sensitive data at rest and in transit.
“Strict governance over location and movement is the cornerstone of risk mitigation,” says Tratz-Ryan.
Challenges in maintaining knowledge and control
There are many challenges to data sovereignty auditing. Data moves, and it moves across borders. We might believe we have nailed down data in our infrastructure, while data finds other backdoor routes across frontiers. Meanwhile, proprietary systems present huge challenges to audits and tagging, and staff create shadow IT, use emails, attach files, and so on.
In short, data movement in an organisation can be very complex indeed. It is potentially simple to audit and control the vast bulk of our data, but the problems come with incidental cases of data movement, says Tratz-Ryan.
“In globally connected organisations, sovereignty risks will occur even if data is stored in local servers. Remote access, backups, and software-as-a-service integrations can create cross-border exposure, triggering compliance challenges under laws like the US Cloud Act. Also, governance can be bypassed by incidental data movement via virtual private networks, personal devices, or email,” she says.
“And, for example, an automotive manufacturer may store design files on-premise in one location, but metadata and backups can flow through global product lifecycle management systems, creating sovereignty exposure.
“Incidental data movement, such as emails, shared drives and collaboration tools, often push data into unsanctioned cloud folders, outside sovereign governance. Shadow IT compounds the problem when employees use external apps without IT oversight, creating blind spots.”
GigaOm’s Collins believes that for most, the key elements needed to incorporate data sovereignty compliance are already present in their organisation.
“It’s practical to consider it within your broader governance, risk and compliance framework,” he says. “The advantage is, as a larger organisation, you already have practices, processes and people in place for audit, reporting and oversight. Sovereignty requirements can be incorporated into those mechanisms.”
Collins says we should not assume all data needs to meet sovereignty rules, and that in many cases, it’s not possible to do so.
“For example, it’s not realistic to make email a fully sovereign, locally contained application because it’s inherently distributed,” says Collins. “But you can prevent sovereign data from being transmitted by email. That’s where data loss prevention and data protection policies come in, to make sure data from certain repositories, or of certain classifications, is not emailed out.”
Similarly with cloud. Rather than try to make all cloud folders sovereign, we should instead decide what data can and cannot be stored there. And if data needs to be stored locally, then it goes to a local on-premise or domestic cloud service or availability zone.
“The core debate is deciding whether a particular dataset is sovereign,” says Collins. “If you operate in a given country and you hold customer data about people in that country, then that data stays in that country. That gives you a clear list of what cannot go into cloud folders, be sent by email, or managed by a system that can’t guarantee localisation. Once you frame it that way, the whole thing becomes much more straightforward.”
L.L. Bean is infamous for its outdoorsy appeal, ranging from outerwear and supplies to withstand the elements to laid-back lifestyle products. The company was established in 1912 by Leon Leonwood Bean in Maine. It remains headquartered there today, continually rolling out revered classics and updated essentials for today’s nature lovers. Take the Bean Boots: what started as L.L. Bean’s premier product ultimately helped shape the brand into what it is today. This definitive shoe, which can be worn on hiking trails and rain-slicked city streets alike, has remained true to the original version. If you’ve ever wanted to capture the essence of being a rugged Mainer or recreate a cozy cabin at home, here are plenty of L.L. Bean promo code options at your fingertips.
Get 10% Off Your First Order With an L.L.Bean Promo Code
You may bemoan email updates, but in terms of sales, this L.L. Bean coupon is a pretty low lift. Sign up for email updates from the company, and you get 10% off your first order. This offer is valid only once per email address, so choose your purchase wisely.
Take Up to 75% Off Outdoor Gear in the L.L.Bean Sale Section
Sales mean stocking up, especially on outdoor equipment and camping supplies ahead of your next adventure. Whether you’re about to take up fishing and need supplies, or have Noah Kahan concert tickets in sight and want extras from his L.L. Bean collaboration collection for the event, all of that is available to you. You can save 75% off these L.L. Bean sale items, no promo code needed.
This is a different sort of two-for-one special: twice a day, L.L. Bean posts new sales at 6 AM and 2 PM sharp, Eastern time. While the two-a-day daily markdown is not super expansive in terms of inventory up for grabs, what is posted for sale usually comes at a heavily discounted price akin to deals you’d see on Black Friday.
This L.L. Bean sale is like an online treasure hunt. The daily markdown sale involves a new deal posted daily from 6 AM to midnight Eastern time. Inventory leans toward gear, such as backpacks, blankets, and shoes.
Score Free Shipping on Orders Over $75
We’ve all abandoned our online shopping carts at one point or another once we saw how much shipping was going to cost. Shipping usually costs $8 for a standard L.L. Bean order—that is, if you are under $75. If you hit that threshold or more, you immediately score free shipping on your order.
Military, First Responders, Medical Workers, and Students Can Save an Additional 10%
Being in the medical field or a first responder can often be a tough, thankless job. But, there’s a special L.L. Bean sale for medical workers and first responders so that you can stock up on supplies for when you rest and recharge in your down time. Use the L.L. Bean first responder discount for 10% off—be sure to verify your license status through SheerID.
L.L. Bean military discount offers 10% for military personnel, current or former. This discount also applies to family members—if you or a family member would like to partake, verify your status via SheerID.
Teachers deserve their (wild)flowers. To make sure you have what you need for your next outdoor adventure and say thanks, you can get 10% off with the special L.L. Bean teacher discount. College students, there’s also the L.L. Bean student discount where you 10% off, too. To redeem either of these discounts, make sure to verify your teaching or student (or both!) status via SheerID.
Earn 20% Off With the L.L.Bean Mastercard
If you’re hunting for a potential credit card candidate, and already are an avid L.L. Bean fan, this is the opportunity for you. You can earn 20% off once approved for an L.L. Bean Mastercard, along with free shipping on all orders when you use it—no minimum purchase necessary.
MPs have launched an inquiry into the use of technology and artificial intelligence (AI) in education.
The cross-party Education Select Committee will look at how technology can both help and hinder the UK’s education sector, not just in schools, but also colleges, universities and early years services.
“AI and EdTech are already reshaping education, from the early years and secondary school right through to college and university,” said Helen Hayes, chair of the committee.
“These tools could represent an extraordinary opportunity to elevate learning and streamline teachers’ busy workloads. At the same time, there are risks in deploying rapidly developing technology without any clear values-based decision-making or evaluation framework, and without a full understanding of the consequences, and there is a potential risk of widening inequality between students.”
Educators are already dipping their toes into the tech sphere, for example, at Bett Show 2025, it was announced the government had plans to help teachers use AI for lesson planning and marking, and Ofsted found many schools are experimenting with the use of AI for personalised learning, translation of resources, and turning lessons and other resources into podcasts.
The government has already started looking into the potential uses of AI in schools and other education establishments, including the development of AI tools for 1:1 tutoring, but AI is causing a number of concerns among students and parents alike, with parents changing their career advice to children as a result of widespread AI adoption.
As pointed out by education secretary Bridget Phillipson in early 2026, the government has to “get this right” for the technology to meet its potential as the “biggest boost for education in the last 500 years”.
The Education Select Committee will look into several areas of tech and AI adoption in education, including how it will affect skills, safeguarding issues and how teachers will cope with tech deployment.
Access to technology, AI and digital tech has the potential to widen the diversity divide in the UK, and the committee will consider whether introducing AI risks making this issue worse.
When it comes to tech’s impact on skills, the committee will look into how AI specifically will affect critical thinking, problem solving and speech development.
Teachers have a longstanding issue with tech deployment and teaching tech skills, so how they are supported in implementing tech during teaching, as well as ensuring they can properly use it, will need to be considered. The committee will also explore how tech and AI may change the way assessments are undertaken.
How AI and tech is integrated into each level of education in the UK has the potential to either massively help or catastrophically hinder the UK’s education delivery and skills development.
“Our inquiry will take a hard look at the evidence, and separate AI fact from fiction,” said Hayes. “We will explore how AI and EdTech are already being used and consider how the government can balance its benefits with safeguards against the risks it poses.
“The committee wants to understand how technology is shaping children and young people’s lives and learning, and what more the government needs to do to ensure that every child and young person is able to thrive,” she said. “I encourage anyone with experience in this area to submit evidence to our inquiry.”
Joe Gebbia, cofounder of Airbnb and the US Chief Design Officer appointed by Trump, was spotted in San Francisco today using a mysterious metallic device. In a social media post on X viewed over 500,000 times, a man who looks like Gebbia sits with an espresso at a coffee shop. He’s wearing metallic buds that bisect his ears, with a matching clamshell-shaped disc in front of him on the counter.
After the video was posted Monday morning, social media users were quick to suggest that this could be some kind of prototype from OpenAI’s upcoming line of hardware devices designed in partnership with famed Apple designer Jony Ive. An OpenAI spokesperson declined to comment on the potential Gebbia video after WIRED reached out. Gebbia also did not respond to a request for comment.
The device Gebbia appears to be wearing looks quite similar to the hardware seen in a fake OpenAI ad that was widely circulated on Reddit and social media in February. That video from last month seemingly showed Pillion actor Alexander Skarsgård interacting with an AI device that had a similar-looking pair of earbuds and a circular disc. At the time, OpenAI denounced the widely seen video as not real. “Fake news,” wrote OpenAI President Greg Brockman at the time, responding to a social media post.
The earbuds seen in the video of Gebbia also look quite similar in shape to the Huawei FreeClip 2, a pair of open earbuds released earlier this year. However, the clamshell seen on the coffee counter next to Gebbia is different from Huawei’s most recent headphone case. It would also be quite surprising if a government official were seen using Huawei tech, considering the Chinese company is effectively banned from selling its phones in the US due to security concerns.
WIRED’s audio experts say he’s most likely wearing open earbuds, as Gebbia’s pair share some similarities with Soundcore’s AeroClips or Sony’s LinkBuds Clip, though the cases for those buds don’t match what’s on the table in front of Gebbia. WIRED also ran the photo and video through software that attempts to identify AI-generated outputs and other deepfakes. The detection software, from a company called Hive, says the odds are low that this imagery of Gebbia was generated by AI. Still, AI detectors are not always reliable and can include false outputs. It’s possible that the entire post could be a synthetic hoax.
Could this be some kind of soft launch teaser for OpenAI’s hardware? The timing of this trickle out would make sense, since the company may ship devices to consumers sometime early in 2027. Still, OpenAI denied any involvement with the previous pseudo-ad for the metallic AI hardware, with its shiny earbuds and matching disc.
Best Buy’s holiday sales disappoint, but retailer shows progress in growing profits
Princess Anne to mark 25 year celebration after ‘outstanding’ honour
The Premier League is boring now: A tactical way to save it
-
Politics5 days agoWhat are Iran’s ballistic missile capabilities?
-
Business7 days agoHouseholds set for lower energy bills amid price cap shake-up
-
Sports1 week agoTop 50 USMNT players of 2026, ranked by club form: USMNT Player Performance Index returns
-
Politics5 days agoUS arrests ex-Air Force pilot for ‘training’ Chinese military
-
Sports5 days agoSri Lanka’s Shanaka says constant criticism has affected players’ mental health
-
Business7 days agoLucid widely misses earnings expectations, forecasts continued EV growth in 2026
-
Sports1 week agoSouth Africa thrash India by 76 runs in T20 World Cup Super 8 – SUCH TV
-
Fashion6 days agoNew Zealand’s apparel imports steady at $1.2 bn in 2025