Rahiel Nasir
Rahiel Nasir (Associate Research Director, European Cloud Practice)

Throughout 2022, I talked a great deal about how digital sovereignty was evolving, and we now have the evidence to prove it.

Ongoing geopolitical uncertainties, along with macroeconomic trends such as the ongoing threat of a new pandemic and inflationary fears, mean digital sovereignty is shifting gears and emphasis from self-determination to self-sufficiency and survivability.

As a result, digital sovereignty encompasses several layers which we present as part the “Sovereignty Stack”:

Source: IDC's Sovereignty Stack, 2023

Organisations that are ready to embrace this broader view of digital sovereignty should consider the following attributes when designing, procuring, implementing and managing sovereign solutions.


  • Data sovereignty: While you may be familiar with data (and cloud) sovereignty, these are just subsets of digital sovereignty (as explained in my video A Few Words on Digital Sovereignty).

Data sovereignty is the starting point that enables organisations to achieve the full stack of digital sovereignty outcomes.

As data regulations emerge and evolve, they should look for technology solutions that provide a holistic view of how data is collected, classified, processed and stored to ensure that data legislation and rules are being met.

  • Technical sovereignty: Organisations cannot lock themselves into custom-built solutions that become legacy systems in their own right.

They must aim to work with platform players that can deliver plug-and-play capabilities. Here, open source solutions will lend themselves well to interoperability, as well as data portability and transferability.

  • Operational sovereignty: IT executives will seek technology suppliers that offer cloud capabilities that enable transparency in controlling operations, from provisioning and performance management, to monitoring of physical and digital access to the infrastructure.

Transparency equals trust — a fundamental tenet of digital sovereignty.

  • Assurance sovereignty: Data availability is essentially all about resilience.

For example, in Europe, this is mandated by rules such as the EU Cybersecurity Strategy, Network and Information Systems Directive, and the Digital Operational Resilience Act (DORA).

The latter defines the principles to ensure that digital infrastructure across the continent’s financial sector is always available to provide critical services.


  • Supply chain sovereignty: As well as reinforcing digital supply chain resilience, the aim here is to strengthen the digital economy’s competitiveness, its capacity to innovate, and ability to create jobs.

Skills sovereignty is also a part of this layer. Here, organisations should expect service providers to invest in knowledge transfer as this can support and foster local talent and empower companies to develop their own digital innovations.

Without this transfer, the much-talked-about IT talent shortage will continue to perpetuate.


  • Geopolitical sovereignty: IT and digital technologies are now at the heart of a nation’s critical infrastructure.

This takes the idea of digital sovereignty level to a broader, macro level.

As a result, governments as well as business leaders want to use cloud solutions to help deal with the strategic weaknesses, vulnerabilities and high-risk dependencies of an increasingly volatile geopolitical environment.

Note that the attributes you see in the IDC Sovereignty Stack are mutually dependent on one another.

For instance, the easier and more affordable it is to integrate solutions and switch among vendors, the easier the opportunity to promote co-innovation with local companies that create local jobs.

The “Stack” in Action

Since the start of the Russia-Ukraine War in February 2022, a combined 75% of organisations in Europe now consider digital sovereignty to be more important (source: IDC EMEA, FERS Survey Europe, Wave 4, May 10–25, 2022).

As a result, they are either adjusting their operations or changing their IT strategies.

When asked what actions their business and IT leaders were taking due to their increased digital sovereignty concerns, many of the top results seen in the graph below are evidence of the Sovereignty Stack in action.

Source: IDC EMEA, FERS Survey Europe, Wave 4, May 10–25, 2022

While improving privacy measures is the foundation of data sovereignty, supply chain management and enhancing resilience in the face of geopolitical volatilities are examples of the “self-sufficiency” and “survivability” layers as depicted in the stack.

Supply chain issues were already highlighted during the COVID-19 pandemic.

Organisations now want to get on top of this and also know the sources of their IT services and goods to ensure business continuity because digital sovereignty is ultimately about operational resilience.

Find out more:

Why Does Digital Sovereignty Matter in Cloud Buying Decisions?

European Digital Sovereignty

Spread the love