In a fast-changing and unpredictable geopolitical landscape, policymakers and business leaders increasingly talk about the need for digital sovereignty. But this high-level concept can be slippery; it means different things to different people.
Depending on the context, digital sovereignty is generally used to refer to some combination of data sovereignty, operational sovereignty and technological sovereignty. While inter-related, each of these terms focuses on a distinct part of an organization’s digital estate. In this blog post, I am going to focus on operational sovereignty and how it builds on data sovereignty before exploring technological and AI sovereignty in subsequent posts.
“At F5, we see digital portability as the key to unlocking operational sovereignty.”
The importance of data sovereignty—full control over an organization’s data and who can access it—is now well understood, particularly as robust real-world data is the raw material of artificial intelligence (AI).
As AI becomes a source of competitive advantage, business leaders are paying much closer attention to where the underlying data is stored and processed, and under which legal jurisdiction it falls. As a result, sensitive data sets are being transferred from public clouds to on-premises data centers or so-called sovereign clouds that are clearly under the full legal control of the national jurisdiction.
We are seeing our customers take advantage of the seamless support provided by the F5 Application Delivery and Security Platform (ADSP) for both on-premises and public cloud deployments, to relocate their data as they see fit.
Looking beyond data sovereignty
For most organizations, data sovereignty remains a work in progress. But business leaders are becoming aware that for some achieving data sovereignty isn’t sufficient, given the potential for unexpected events (both natural and geopolitical to disrupt digital infrastructure and processes.
What happens to your digital services and applications if the undersea cables serving a data center fail or are deliberately cut by a malicious actor? Or if power outages during a natural disaster disrupt crucial connectivity and computing infrastructure? Perhaps most critically, what happens if a geopolitical shift or policy change leads your cloud or managed services provider to terminate your service, withdraw from your region, or restrict access to key capabilities? The risk of disruptions like these are creating growing awareness of the need for operational sovereignty—an organization’s ability to maintain full control, visibility, and autonomy over how its IT systems and digital infrastructure are managed and operated, regardless of whether these resources are hosted in-house or outsourced to third parties. Beyond boosting resilience, operational sovereignty can have other positive side effects. For example, greater control and transparency over your digital estate and processes may help you identify opportunities to reduce waste and inefficiencies.
From a practical standpoint, achieving operational sovereignty means reducing your dependence on specific infrastructure and individual vendors. A multicloud strategy, for example, is prudent because, in the current geopolitical landscape, there is a risk that policymakers suddenly intervene in what they regard as a strategically important market. A government might decide to restrict who has access to specific AI models or advanced semiconductors. In the case of such disruption, you need to be able to quickly move applications and other digital workloads from one data center to another or from one cloud provider to another.
Delivering operational resilience
From a compliance standpoint, operational sovereignty can help underpin “resilience,” which is rising as a top priority on the policy agenda, as highlighted by the EU’s Digital Operational Resilience Act (DORA). Now in force, DORA seeks to ensure that banks, insurance companies, investment firms, and other financial entities can withstand, respond to, and recover from digital disruptions, such as cyberattacks or system failures.
In August, the European Central Bank (ECB) issued guidelines stressing that financial institutions need to ensure they can transfer their digital services to another cloud provider, if necessary. In the case of cloud services supporting critical or important functions, the ECB calls on financial entities to ensure they have multiple active data centers in different geographical locations with independent power supply and network connections, as well as using hybrid cloud architecture and multiple cloud service providers.
Indeed, at F5 we see digital portability as the key to unlocking operational sovereignty. We have ensured that our platform makes it straightforward for our customers to port applications and other digital assets from one cloud environment to another or to an on-premises data center, if necessary. Crucially, we also make it easy for organizations to port the application delivery and security policies that sit in front of their applications, ensuring that the security posture of these applications does not change while migrating to a different environment.
Achieving operational sovereignty is increasingly important, but also increasingly feasible, as technologies advance and become more versatile. If they have the right tools in place, organizations can stay one step ahead in an unpredictable world.
That said, the right approach looks different for every organization, and the best way to determine the optimal solution is through conversation. At MWC 2026 in Barcelona from March 2-5, we're hosting many working discussions including a session explaining how F5’s platform delivers consistent policies across all hybrid multicloud environments. We encourage you to stop by our booth in Hall 2 or contact us to set up a meeting.
Stay tuned for future blog posts, in which we’ll take a closer look at the concepts of technological and AI sovereignty and how to implement these concepts in a pragmatic way.
In the meantime, you can learn more about the F5 Application Delivery and Security Platform here.
About the Author
Related Blog Posts
Responsible AI: Guardrails align innovation with ethics
AI innovation moves fast. But without the right guardrails, speed can come at the cost of trust, accountability, and long-term value.
Best practices for optimizing AI infrastructure at scale
Optimizing AI infrastructure isn’t about chasing peak performance benchmarks. It’s about designing for stability, resiliency, security, and operational clarity
Datos Insights: Securing APIs and multicloud in financial services
New threat analysis from Datos Insights highlights actionable recommendations for API and web application security in the financial services sector
Tracking AI data pipelines from ingestion to delivery
Enterprise data must pass through ingestion, transformation, and delivery to become training-ready. Each stage has to perform well for AI models to succeed.
Secrets to scaling AI-ready, secure SaaS
Learn how secure SaaS scales with application delivery, security, observability, and XOps.
How AI inference changes application delivery
Learn how AI inference reshapes application delivery by redefining performance, availability, and reliability, and why traditional approaches no longer suffice.