Geopolitical shifts and regulatory changes raise data sovereignty concerns among 22 industry decision-makers

Through semi-structured interviews, decision makers from nine countries provided current qualitative views on data sovereignty challenges and strategic data management.

Based on a qualitative pulse survey conducted through 22 semi-structured interviews with industry decision-makers across nine countries from July to August 2025 by a data storage platform, some casual findings on data sovereignty risks have been shared with the media.

First, 100% of respondents had cited concerns about data sovereignty risks, including the potential for service disruption, that had caused their organizations to reconsider where data is located and managed.

Second, 85% of respondents had cited their opinion that failing to adequately address data sovereignty issues could lead to loss of customer trust.

Other findings

Third, 78% of respondents cited adopting varied data strategies that include multiple service providers, sovereign data centers, and embedding data governance requirements into commercial agreements. Also:

• 92% of respondents indicated opinions that geopolitical shifts had increased perceptions of data sovereignty risk.
• 92% also cited concerns about inadequate data sovereignty planning potentially leading to service disruptions.
• Nearly one-third of interviewees had raised “foreign government access and surveillance” as risk factors impacting ethical, privacy, and national security considerations.
• Qualitatively, respondents had cited regulatory developments such as the EU’s Digital Operational Resilience Act (DORA), General Data Protection Regulation (GDPR), Japan’s Act on Protection of Personal Information (APPI), and Singapore’s Personal Data Protection Act (PDPA) as influencing their data governance approaches.
• 92% of respondents cited the opinion that geopolitical uncertainty was driving increased attention on data sovereignty as a business risk.
• Respondents described the challenge of balancing sovereign control over data with access to financial, operational, and technological innovations.

According to Alex McMullan, Chief Technology Officer, Pure Storage, the firm sharing its pulse survey findings, “the potential consequences of not having a modern and realistic data sovereignty strategy are acute”, including “loss of trust, financial damage and competitive disadvantage” as possible outcomes.

*The survey involved a qualitative methodology consisting of semi-structured interviews with a limited sample (22 participants deemed as experts and practitioners, including CEOs, CIOs, and leaders in data, IT, and AI governance from across industry and the research sector) across Australia, France, Germany, India, Japan, New Zealand, Singapore, South Korea, and the United Kingdom. All research activities were approved by the University of Technology Sydney-ISF research ethics program, overseen by the UTS Human Research Ethics Committee.