Sovereignty Is Expanding Beyond Data Residency
For years, digital sovereignty was largely viewed as a compliance issue centered on data residency and regulatory requirements. Organizations focused on where data lived, who could access it, and whether workloads met regional regulations. That definition is changing rapidly.
As cloud adoption, AI initiatives, and geopolitical uncertainty continue to reshape enterprise technology strategies, sovereignty is evolving into a broader discussion around resilience, portability, and long-term control of critical infrastructure. Organizations are increasingly evaluating not only where their data resides, but also how dependent they are on specific vendors, platforms, and technology ecosystems.
In this episode of AppDevANGLE, I spoke with Andreas Prins, Global Head of Sovereign Solutions at SUSE, about the growing importance of digital sovereignty, workload portability, open-source infrastructure, and the implications of the European Union’s newly released Tech Sovereignty Package. Our conversation explored how enterprises are balancing modernization, AI adoption, cloud strategy, and regulatory requirements while maintaining flexibility for the future.
According to Prins, many organizations are still focusing too narrowly on the data layer. “Data is the oil. Data is the gold. Data is who we are,” said Andreas Prins, Global Head of Sovereign Solutions at SUSE.
However, he argued that data sovereignty represents only one piece of a much broader transformation. “The data aspect is just one of the four bigger transformations that need to go on,” Prins explained. “Companies need to revisit their entire technology stack, their architecture, their exit strategy, and their pivotability.”
What emerged from the discussion is a clear shift: sovereignty is no longer simply a public-sector concern. It is becoming an enterprise architecture strategy.
Workload Portability Is Becoming More Important Than Repatriation
One of the most interesting themes from the discussion was that sovereignty does not necessarily mean abandoning cloud platforms or repatriating every workload back on-premises. Instead, many organizations are prioritizing optionality.
As Prins explained, enterprises increasingly want the ability to move workloads if business conditions, regulatory requirements, or geopolitical circumstances change. The focus is shifting away from where workloads run today and toward ensuring organizations have flexibility tomorrow.
“Companies are becoming much more aware of their tech stack and making decisions, but not necessarily to repatriate workloads,” said Prins. “Much more to drive portability of workloads. When necessary, they can move rather than stick into it.”
This is particularly visible in industries such as government, healthcare, financial services, telecommunications, defense, and critical infrastructure, where operational disruptions can have significant consequences.
Prins noted that these sectors are among the most active in sovereignty planning because the impact of infrastructure failures extends far beyond individual organizations. “If you take down any of these verticals, literally the country might stop in minutes, in hours, and definitely in days.”
The result is growing interest in open architectures, virtualization alternatives, and infrastructure platforms that reduce dependency on any single vendor. Rather than pursuing wholesale migration strategies, organizations are seeking greater portability and operational control.
This aligns closely with broader application modernization efforts, where flexibility increasingly outweighs pure infrastructure optimization.
Infrastructure Modernization and Sovereignty Are Converging
Another notable trend is the growing overlap between sovereignty initiatives and modernization programs. Historically, these conversations occurred independently. Infrastructure teams focused on virtualization, platform modernization, and operational efficiency, while compliance teams focused on governance and regulatory concerns.
Today those discussions are converging. Organizations evaluating virtualization alternatives, Linux platform strategies, and cloud deployment models are increasingly incorporating sovereignty requirements into architectural decisions. Prins highlighted growing interest in migration approaches that allow organizations to modernize infrastructure while simultaneously improving workload portability and reducing long-term dependency risks.
At SUSECON, the company announced new capabilities and partnerships focused on helping organizations migrate virtualized workloads, modernize Linux environments, and move workloads across infrastructure environments while maintaining operational continuity.
“Companies that say, ‘I want to become more sovereign’ can run various transformations at once while moving workloads to a new destination,” Prins explained. This creates a more strategic view of modernization. Instead of asking whether a platform is simply faster or less expensive, enterprises are beginning to ask whether it preserves future flexibility and supports evolving business requirements.
AI Is Accelerating Executive-Level Sovereignty Conversations
AI is adding another layer of urgency to these decisions. Organizations are simultaneously modernizing infrastructure, implementing AI initiatives, addressing regulatory requirements, and managing increasingly complex technology environments. These efforts are no longer separate initiatives.
According to Prins, many of these discussions have moved beyond IT leadership and into executive-level conversations because they directly impact long-term business resilience. “These bigger transformations are no longer happening at the director level, not even at the VP level,” said Prins. “We’re having a lot of executive C-suite conversations because ultimately all of these elements are about the company’s existence in the longer term.”
The challenge is that organizations cannot afford to delay AI adoption, but they also cannot ignore the architectural consequences of infrastructure decisions made today. This is forcing leadership teams to evaluate platforms through a different lens.
Questions about vendor lock-in, workload mobility, software supply chains, and operational independence are becoming part of broader AI readiness discussions. The organizations making the most progress are treating sovereignty and AI as complementary priorities rather than competing initiatives.
Prins believes executives increasingly recognize that AI readiness and sovereignty readiness are deeply connected. “If you’re not investing in your AI journey, it might take another five or ten years, but you will be out of business because the productivity of your workforce will go down.”
The result is a growing realization that AI transformation, infrastructure modernization, and sovereignty planning must be approached together rather than as separate programs.
Open Source Is Emerging as a Foundation for Digital Resilience
Perhaps the most significant development discussed was the European Union’s newly released Tech Sovereignty Package.
For the first time, open-source software receives dedicated recognition as a strategic component of Europe’s digital future. The initiative emphasizes open technologies, software supply chains, regional technology ecosystems, and greater technological independence.
Prins views this as a major milestone. “For the first time in history, open source got its own chapter in new and upcoming regulations,” he said. “The acknowledgement that open source is a very important driver to become autonomous or sovereign is now a given.”
This represents a meaningful shift. Open source has traditionally been associated with innovation, developer ecosystems, and cost efficiency. Increasingly, it is also being viewed as a mechanism for transparency, auditability, portability, and resilience.
Prins noted that the package introduces discussions around software supply chains, open-source sustainability, and ecosystem development, signaling a broader effort to strengthen regional technology capabilities. “We expect that open source will also be maintained much more. The proposal includes a fund focused on open source maintenance.”
For application development leaders, this could influence future platform selection decisions, particularly as organizations seek technologies that balance innovation with long-term flexibility.
Digital Sovereignty Is Becoming a Long-Term Strategic Requirement
One of the strongest conclusions from the discussion is that digital sovereignty is unlikely to be a short-term trend. While the terminology may evolve, the underlying objectives—resilience, portability, flexibility, and operational control—are becoming permanent priorities for organizations around the world.
As Prins noted, future architectures will likely involve a mix of cloud providers, regional infrastructure, open-source platforms, and workload-specific deployment strategies rather than a single standardized approach. “I do think we move more and more, like the telco industry has done for years, to a dual-vendor strategy.”
The future is less about choosing one platform and more about maintaining the ability to choose. Organizations are increasingly recognizing that workload placement decisions should be based on business requirements rather than platform limitations.
“I do expect that a lot of workloads will remain on the hyperscaler because you’re a global company. But some of the most critical ones might come closer to home.”
Perhaps most importantly, Prins believes the broader movement is ultimately about resilience. “Whether or not the word sovereignty will remain, that’s the question. But digital resilience is definitely a theme that will last much longer than the next one or two years.”
Analyst Take
Digital sovereignty is following a trajectory similar to cybersecurity over the past decade. What began as a specialized concern for highly regulated industries is rapidly becoming a strategic consideration for nearly every enterprise. The conversation is moving beyond compliance and into architecture, platform strategy, and operational resilience.
The most important takeaway is that sovereignty should not be interpreted as isolation. Organizations are not trying to disconnect from global technology ecosystems. They are trying to reduce dependency risk while preserving access to innovation, and that distinction matters.
As AI adoption accelerates and regulatory environments become more complex, enterprises will increasingly prioritize architectures built around portability, open standards, and operational flexibility. The goal is not to eliminate dependencies entirely, but to ensure they remain manageable.
Over the next several years, it is likely that digital sovereignty becomes a standard factor in platform selection, infrastructure modernization, and AI strategy discussions. Much like cybersecurity reviews became embedded in every major technology decision, sovereignty assessments are likely to become a routine part of enterprise architecture planning. The organizations that invest in flexibility today will be better positioned to adapt to whatever technology, regulatory, or geopolitical changes come next.
