Data sovereignty rules reshape global telecom strategies

Data sovereignty is becoming a central strategic priority for telecom operators, while increasingly shaping global regulatory discussions around artificial intelligence, cloud computing and data protection.

A report from market intelligence firm Omdia, titled ‘Digital Sovereignty Data Protection Residency and Localisation Policies and Regulation’, found that data sovereignty is emerging as a critical component of the broader sovereignty agenda, with significant implications for businesses worldwide.

According to the findings, ensuring compliance with data sovereignty requirements presents multiple operational challenges, including higher costs and the need to adapt internal processes.

“Data sovereignty raises questions about the use of cloud services, and imposes operational expenses on businesses requiring them to train employees on sovereignty laws, design new technologies, recruit staff and implement new processes,” said Sarah McBride, principal analyst for regulation at Omdia.

The report highlighted that the European Union has taken a leading role in shaping global data sovereignty policies, particularly through its European Cloud Sovereignty Framework announced in October 2025.

A key element of this framework focuses specifically on data sovereignty and the protection of sensitive information within EU borders, setting a potential benchmark for other regions.

However, the EU is not alone in advancing such measures, as countries across Asia including India Vietnam and Indonesia are also implementing data sovereignty regulations, reflecting a broader global shift.

“Despite many jurisdictions incorporating some form of sovereignty into their data protection regulations, there is no universally agreed definition, making compliance challenging this has resulted in the growing fragmentation of regulatory frameworks worldwide,” McBride explained.

The report mentioned that more than 100 countries have introduced some form of data sovereignty or localisation laws, although the scope and requirements vary significantly between jurisdictions.

Among the strictest regimes are Russia, China, Vietnam, and Indonesia, where data localisation requirements are more rigidly enforced.

In contrast, the European Union’s General Data Protection Regulation (GDPR) does not mandate strict localisation, but instead restricts data transfers to countries lacking adequate data protection standards, creating a different compliance model.

Meanwhile, the United States applies sector-specific data sovereignty rules, with requirements limited to areas such as healthcare and finance rather than a single overarching federal law.

Despite these differences, the report stated that the global trend is clearly moving towards increased data localisation, adding further complexity for multinational companies.

“Not only are there differences between countries, but even at a national level data sovereignty is often regulated through several different laws rather than just one standalone regulation,” McBride said.

“As a result, businesses are facing diverse and sometimes conflicting rules on data protection localisation and cross-border data flows, she added.

“The fragmented landscape also raises compliance costs and operational complexity which multinational businesses must navigate,” she concluded.