Opinion: Digital sovereignty demands strategic choices in the cloud
- alissahilbertz
- 1 day ago
- 3 min read
The debate on digital autonomy in Europe touches on a fundamental question: To what extent do organizations still control their own data and IT infrastructure?
In the race for scalability and innovation, many organizations choose American cloud providers. But those who embrace convenience often give up control. The call for digital sovereignty is growing, and rightly so. Organizations that fail to fundamentally rethink their cloud strategy risk losing control over their own data, systems and future.
Big Tech: Convenience at a price
U.S. legislation such as the Cloud Act obliges providers like AWS, Microsoft and Google to hand over data to U.S. authorities under certain circumstances, even if that data is stored outside the United States. This poses a real risk for critical sectors such as energy, healthcare and government, where access to systems is vital to continuity of services. Digital sovereignty therefore goes beyond geopolitics; it directly affects business continuity.
Sector awareness: From healthcare to retail
Sectors such as healthcare and financial services are by now aware of these risks. In those sectors, the discussion takes place at board level and IT and risk management are integral to strategic decision-making.
In sectors such as retail and consumer goods, the picture is different. IT often falls under finance and is mainly viewed as a cost center. This increases dependency on vendors and limits strategic clout. That is precisely where there is an opportunity to kick-start the conversation about digital dependency, before the consequences become tangible.
A cloud strategy requires mature trade-offs
There is no one-size-fits-all cloud model. Organizations need to map which data and applications are “business-critical” and base their cloud choices on that. There is a continuum between control and convenience: from fully owned infrastructure to fully SaaS. IG&H positions itself toward the SaaS end of the spectrum, while at the same time emphasizing the importance of exit strategies and data classification.
Multicloud may sound attractive, but switching between providers is complex and expensive in practice. Vendor lock-in is not a theory; it is a daily reality.
How can you calibrate your (in)dependence?
With these five steps, you can gain control over how dependent your organization wants - and is able - to be on the American cloud:
Conduct a clear analysis: Which data is critical? What are the risks? What is your risk appetite?
Bring IT into the boardroom: Make sure HR and marketing are also involved in technology choices; data affects people and your brand alike.
Consider European alternatives: Especially in regulated sectors, it pays to explore double encryption and European providers.
Invest in awareness: Particularly in less regulated sectors such as retail, knowledge sharing and capability building are essential.
Look at hybrid models: Not everything has to be in the cloud. Sometimes on-premise is safer or more flexible.
Collaboration and open source: Promising, but not without pitfalls
Open source is often cited as a counterweight to Big Tech, but it raises questions around security, maintenance and scalability. Still, there are interesting developments, for example in sector-wide collaborations within the energy sector, where parties jointly build secure infrastructures. This could evolve into new, protected ecosystems.
Digital sovereignty is not a distant abstraction, but a direct strategic issue. Organizations that want to retain control over their IT landscape must make choices now about data, platforms and vendors. That requires mature cloud governance, clear visibility into risks and a structural place for IT in the boardroom. Only then can technology remain a source of strength rather than an invisible vulnerability.
Would you like to know more about approaches to IT strategy and Enterprise Architecture?
Get in touch
Niels van Lieshout
Principal Director Technology
T: +31 650657444
