Digital Sovereignty

Why Managing Data and Algorithms Is Becoming a Leadership Responsibility

The discussion surrounding digital sovereignty has noticeably changed. What was long considered an abstract buzzword, a purely symbolic debate with high emotional appeal, or a purely regulatory issue, is now part of very concrete business decisions. Many organizations are facing questions that touch the core of their business:

What constitutes our business-critical data?
Do we always have access to it?
Can we always deploy the technologies we absolutely need to differentiate ourselves in the market?
And can we always operate reliably within a stable legal framework?
Can we even actively manage "sovereignty"?

At Atos, we encounter these questions daily in our interactions with companies from industry, the public sector and regulated industries. Digital sovereignty is rarely an isolated goal. Rather, it is a framework of capabilities that helps to consciously shape digital developments, proactively manage critical dependencies, and remain reliable even under changing conditions.

What Digital Sovereignty Means – and What it Doesn't.

Digital sovereignty is often misunderstood. It does not stand for complete self-sufficiency, isolation or technological independence at any cost. Nor is it about questioning existing ecosystems or replacing proven platforms across the board.

Digital sovereignty is the ability to actively manage critical dependencies in a data- and AI-driven IT environment.

This refers to a thoughtful approach to critical dependencies in IT, its foundations, and its multifaceted connections: with data, with platforms, and with the legal conditions under which they are used. Digital sovereignty means understanding these connections, being able to classify dependencies, and making conscious decisions instead of silently following them for years. I therefore understand digital sovereignty as the ability to recognize dependencies (even complex ones), to understand them, to maintain choices in important areas, to make autonomous decisions, and to actively participate in developments instead of having to react later and perhaps too late.

Why Data and AI Are at the Heart of the Sovereignty Debate

Data is now a key resource for virtually every business model. It flows through numerous systems, is used in diverse contexts, and increasingly shapes operational decisions. With this growing importance comes the responsibility to maintain transparency in these relationships.

Modern AI-powered application systems clearly demonstrate how closely intertwined the underlying technical foundations are. In our projects, we repeatedly see that the more these interdependencies grow, the more important it becomes to clearly understand how data is used and what technical foundations underpin it.

Future applications will use AI far more intensively than today. They will often operate without a traditional user interface but will instead rely on APIs and agent-based layers as interfaces, dynamically optimizing themselves for personalized user experiences. These applications will be continuously adapted, depend on sensitive data sets (such as domain-specific data and specially trained AI models) and require automated compliance management. Monitoring and automated policy enforcement will be essential to consistently meet sovereignty requirements. Manual assurance of compliance and security conformity in an era of complex multi-cloud, agent-based, AI-driven IT environments is no longer feasible.

Sovereignty therefore requires compliant application and infrastructure architectures, as well as security concepts aligned with a new paradigm: sovereignty as the ability to actively manage critical IT dependencies becomes an inherent characteristic of the infrastructure, data, and application platform itself. At Atos, we call this “managed sovereignty,” and our “Atos sovereign IT stack” describes and provides precisely such a compliant platform architecture along with the necessary services across the full spectrum of sovereignty requirements.

Sovereign Systems Need More Than Good Guidelines.

The responsible use of data-driven technologies cannot be achieved solely through guiding principles or policy papers. It requires robust structures – both technical and organizational. This includes clear responsibilities and architecture designed to be sustainable from the outset.

At Atos, we therefore rely on flexible models that are tailored to different requirements. Sensitive applications need different frameworks than standardized processes. This differentiation is crucial to enabling innovation while simultaneously ensuring reliability.

Cloud as an Enabler – and Why Conscious Design Is Essential

Cloud technologies have accelerated the digital transformation of many companies. They offer scalability, access to new features, and high dynamism. These advantages are undisputed and remain central to modern IT landscapes.

At the same time, operational dependencies become more complex. In our work, we see that digital sovereignty here primarily means one thing: the conscious design of the entire infrastructure continuum, from the public cloud to on-premises private clouds. Organizations that strategically build and develop their infrastructure, particularly their multi- or hybrid cloud landscapes, can remain flexible and keep their options open.

For us, the cloud is therefore not an either-or proposition, but rather a design space that requires structure and oversight and is indispensable as a key pillar across the entire spectrum of infrastructure options. At the same time, there will continue to be applications that cannot or should not run in the cloud. Sovereignty means seamlessly integrating these applications into the infrastructure continuum so that they can be managed together with clouds under a unified "managed sovereignty" layer.

How Companies Assess Digital Sovereignty in Practice

In conversations with customers, we often find that digital sovereignty is widely recognized as relevant. What is often missing, however, is a clear framework for realistically assessing one’s own status.

Typical criteria companies use to evaluate their application stacks and underlying infrastructure environments include:

Transparency: Is it clear where data is processed, which systems are involved, and how operations are organized?
Flexibility: Can applications and data be adapted or migrated when needed—without fundamental redesign?
Dependencies: How tightly is the IT landscape bound to individual platforms, services, or proprietary features?
Operational reality: Are responsibilities, security requirements, and operating models clearly defined in day-to-day practice—or merely described conceptually?
Auditability: Can regulatory requirements and security standards be consistently demonstrated without constructing special workarounds?

These questions can rarely be answered with a simple yes or no. Digital sovereignty is not an absolute state, but rather manifests itself in the conscious handling of precisely these issues. In particular, the question of the flexible mobility of data and applications plays a leading role in the AI age from a sovereignty perspective – because this necessitates a very close connection between infrastructure and data, models, algorithms, and platforms that are not easily separable and that extend across numerous layers of the usual IT infrastructure.

Where Digital Sovereignty Stalls in Practice

In practical implementation, the limiting factors are less about technological boundaries and more about structural friction points. Typical challenges that repeatedly emerge in discussions include:

Historically developed landscapes with limited overview
Different security and operational logics per platform
Distributed responsibility without clear operational anchoring
Cost structures that are known but remain difficult to control
Regulatory requirements that are met in specific instances but not systematically integrated

This clearly demonstrates that digital sovereignty is not achieved through individual measures, but through structure, clarity, and consistent operational decisions.

From Regulatory Requirement to Entrepreneurial Added Value

Regulatory requirements are a key driver of the current debate. However, digital sovereignty reveals its true value when it goes beyond mere compliance. Companies that clearly structure their digital infrastructure gain orientation – both internally and externally.

We see that this creates new opportunities, for example, for collaboration and further business development. Clear structures help to sharpen the focus on effort and risks. Digital sovereignty thus acts as a stabilizing force – not as a constraint, but as a basis for long-term decisions.

How Companies Can Get Started Pragmatically

Digital sovereignty cannot be mandated or achieved in one fell swoop. It begins with simple but honest questions:

Which data and applications are particularly relevant to our business?
Where do strong ties and critical dependencies exist today?
And where do we need greater agility for our most important data and applications?

In our experience, a differentiated approach is crucial. Not every area requires the same level of security or creative freedom. It's important to set priorities and develop your own path step by step.

Conclusion: A Leadership Task in A Data-Driven Economy

Digital sovereignty is not a peripheral technical issue. It touches upon how companies make decisions, invest and evolve. Especially in an economy where data and automated processes play an increasingly important role, it becomes a top management responsibility. At Atos, we therefore see digital sovereignty not as a final goal, but as an ongoing task. "Managed sovereignty" provides guidance in a complex digital world – quietly, pragmatically and with a focus on long-term sustainability.

Posted 20/02/26