Technology sovereignty is becoming a huge issue for enterprises as geopolitical uncertainty and climate change alter the risk landscape for enterprises and governments across the world. The most immediate and obvious take on sovereignty is “make and assemble everything here!” which isn’t possible or even realistic with today’s highly integrated just-in-time international supply chains.
The reality today is twofold: first, that it is possible to manage sovereignty risks today despite the physical and software supply chain in the country; second is the reality of technology hardware manufacturing and related IP-related issues. Some of the processes used to create the most advanced chips are not only restricted by the IP-owning countries, but the facilities to make them are highly complex. Top-end chip foundries require billions of dollars of investment, years to set up, and ongoing commitments to improvement – and that is assuming the technology is available to be used locally.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
Enterprises should look at the problem more incrementally. Complying with data sovereignty first, then moving on to software, services, and finally hardware sovereignty. Software and services, which include SaaS and cloud services, are the most crucial. Right now, most of the major international cloud providers assume that the legal and technical steps they have taken to make their out-of-country operations sovereign in the local area are sufficient to calm worries from enterprises.
The truth is that if the proverbial ‘off’ switch can be accessed from the provider’s home country, it’s not enough. Companies will obey government orders, even if they engage in legal and PR campaigns to object. Enterprises will and should look at local and regional providers to ensure sovereignty. Promises and legal structures mean nothing if the service can be turned off with a government order from another country. “That would be illegal” will be poor solace when a service is shut off or restricted anyway.
Use of local and regional providers as much as possible, combined with an embrace of open standards, including hardware open standards, is the way for an enterprise to manage sovereignty risks. When it comes to hardware, it will take time and may not ever achieve more than partial sovereignty. But software and services can be adjusted to mitigate sovereignty risks, and that level of risk mitigation can be increased over time.
