Tech
Considerations for ensuring a minimum viable digital sovereign cloud | Computer Weekly
Server manufacturers have been working in recent years to adapt their datacentre products to meet the growing demand for artificial intelligence (AI). While major public cloud providers have the resources and scale to handle AI workloads, there is renewed interest in private clouds and on-premise AI. This shift is partly due to the realisation that public large language models (LLMs) are not well-suited for specific enterprise needs. Additionally, geopolitical uncertainties have raised concerns about relying solely on hyperscale cloud providers, prompting businesses to prioritise digital sovereignty and seek greater control over their IT infrastructure.
Lenovo, for instance, positions digital sovereignty in the context of customer requirements and AI deployment strategies. During its latest quarterly earnings call, Lenovo chairman Yuanqing Yang said: “User priorities are shifting towards personalisation and the private domain. This is accompanied by growing emphasis on efficiency, response speed, security, privacy and sustainability.”
The company answers the question of digital sovereignty through its hybrid AI advantage programme, which integrates AI hardware with AI-powered services and AI infrastructure to provide digital sovereignty and address customer privacy requirements.
Meanwhile, during HPE’s fiscal 2025 fourth-quarter earnings call, CEO and president Antonio Neri said: “Sovereign and enterprise bookings now account for more than 60% of the cumulative orders since Q1 of fiscal year 2023, demonstrating our strategy to prioritise profitable AI infrastructure build-out opportunities.”
The company recently introduced its first AMD Helios AI rack-scale architecture integrated with HPE Juniper networking, which it claims is designed to accelerate AI training and inferencing for sovereign clouds.
Similarly, Dell is ramping up efforts to place sovereign cloud capabilities, as Dell vice-chairman Jeffrey Clark explained during the company’s third-quarter 2026 earnings call. “Our salesforce is winning new opportunities across the neocloud customer base, sovereign customer base and enterprise customer base,” he said in response to a question about the factors contributing to incremental AI revenue of $5bn, which was referenced during the earnings call.
Given the trend among server manufacturers to offer digital sovereign capabilities, digital sovereignty is highly likely to be an area of focus for the tech sector in 2026 when targeting customer opportunities.
No regs for digital sovereignty
When looking at what is and what is not digital sovereignty, the authors of analyst Forrester’s Demystifying full digital sovereignty report note that there is no single regulation for digital sovereignty worldwide, which means it is not a compliance issue.
Instead, Forrester analysts Dario Maisto, Pascal Matzke, Lauren Nelson, Lorenzo Annicchiarico and Rachel Birrellone describe digital sovereignty as a risk mitigation exercise, where technology firms and IT service providers subject to foreign jurisdictions may affect an organisation’s ability to keep operations running. Rather than being considered a compliance issue, the Forrester analysts regard digital sovereignty as a request for proposal (RFP) when procuring new IT products and services.
Although it involves access to the organisation’s data, in terms of data residency, Forrester does not recommend treating digital sovereignty as a privacy and data protection issue.
In the report, the Forrester analysts note that data sovereignty concerns the ownership of data. “When you put your data in the infrastructure of a third-party subject to a foreign jurisdiction, such as the US hyperscalers’ datacentres in Europe, you may end up losing access to it,” they warn.
As an example, they note that while Microsoft’s sovereign public cloud ensures that customer data remains within Europe and only European nationals will be responsible for operations, this does not protect Microsoft customers from the risk of the US government “pulling the kill switch”.
Forrester recommends that organisations correctly frame the data sovereignty issue as a first step in gaining stable, long-lasting sovereign control of their data.
A balanced approach to in-country technology capacity
Power International Holding, which has headquarters in Qatar, is using Nutanix’s sovereign cloud capabilities and has adopted a private cloud to ensure sovereignty over its own data and AI models.
The company has been using Nutanix to tackle a proliferation of shadow AI projects when application development teams use external software-as-a-service (SaaS)-based LLMs without centralised controls, as CIO Jasim Rahman explains: “We selected Nutanix to do classical HCI (hyper-converged infrastructure) file management, but it has also allowed us to deploy our own models within the Nutanix AI stack, and this now powers a lot of our use cases in healthcare, IT, HR and facilities management.”
Nutanix Enterprise AI functions as a private cloud, allowing Power International Holding to create and use its own AI models, as well as fine-tune open source ones. It ensures data stays within the country where the company operates, maintaining data residency.
He says the company has a multi-layered approach to digital sovereignty, which includes in-country control over compute infrastructure and the development of AI models and platforms tailored to local needs “Our full-stack sovereignty has multiple stacks. We’re taking a very balanced approach to this, with both western and eastern clusters,” he says.
While Power International Holding is a private company, it participates in nation-building efforts, supporting the Qatar government to develop sovereign AI capabilities. Rahman says this makes it a key partner in advancing Qatar’s digital sovereignty and innovation goals.
“Governments need compute capacity to build models that are tuned for their country, culture, and language,” he adds.
For Rahman, digital sovereignty means ensuring that the compute infrastructure, models, platforms and physical AI remain within the country.
“Governments need a lot of compute capacity to build their AI models,” he says. “The risk is not just data residency. It’s data plus the models. Nobody can see what’s inside the model. It’s like a black box. So we’ve got to be able to intervene to make sure these models are tuned for the country, the culture and the languages spoken in that country.”
Rahman notes that the underlying graphics processing unit (GPU) infrastructure needed for AI requires a balanced approach to digital sovereignty. “In Qatar and the other countries we operate in, we’re taking a very balanced approach to GPU infrastructure. Not many countries produce chips. We are dependent on the west, the Americas and the east.”
This approach means Power International Holding takes into account the specifics of the countries in which it operates. Some of them are leaning west, while some lean east. The underlying stack is the GPU infrastructure. “We’re going to be providing a platform of GPU infrastructure that will allow these countries to have their own digital embassies within this GPU infrastructure. They can operate within that infrastructure independently as sovereign clouds,” says Rahman.
He defines digital embassies as secure, sovereign cloud environments hosted within Qatar’s GPU infrastructure. They are designed to serve as disaster recovery and continuity hubs for other countries and enable countries to store critical data and systems outside their borders, ensuring resilience in case of emergencies such as wars or natural disasters.
Qatar has diplomatic relationships with other nations, such as Rwanda, which facilitates establishing digital embassies for disaster recovery and continuity planning for these countries. “Rwanda wants to have a country business continuity plan outside of Rwanda. That’s where Qatar would come in,” says Rahman.
Minimum requirements
While there have been many discussions around on-premise and private clouds being built to enable digital sovereignty, that does not necessarily mean moving workloads and data out of hyperscale IT infrastructure.
Forrester advises IT and business leaders to determine the minimum level of digital sovereignty needed to meet their business goals. This should be practical and capable of supporting the organisation’s workload requirements. A digital sovereignty plan should focus on delivering useful outcomes, rather than just meeting compliance or avoiding risk, as these alone do not benefit the business.
As Rahman highlights, such a strategy must also consider the countries where the business operates and their geopolitical context. This means IT infrastructure may need to be deployed in a different country from where the business is based. For example, as noted in Forrester’s Demystifying full digital sovereignty report, Estonia’s data embassy is located in Luxembourg to protect its critical data and information.