Data sovereignty in 2026: why a Frankfurt data centre isn't European enough.

Data residency is satisfied when your data is stored on servers inside a given jurisdiction. It is a configuration choice: pick the EU region, and the bytes sit in the EU. Data sovereignty is satisfied when those bytes are subject only to the laws of that jurisdiction, which is a property not of where the data sits but of who holds it and which legal system binds that holder. A US-headquartered cloud provider can give you residency by region selection alone, and it cannot give you sovereignty by the same means, because the corporate entity, its sub-processors, its key custodians and its support engineers remain reachable by the legal regime of its home country. The contract clauses that deliver each are different, and a buyer who specifies residency and assumes sovereignty has bought the weaker of the two without knowing it.

The cost of the confusion is concrete. A 2026 industry survey found roughly a third of organisations had experienced a sovereignty-related incident in the prior year, despite many describing themselves as well prepared, and reports tracking cross-border transfer enforcement have recorded fines rising year over year, driven substantially by organisations that mistook residency for sovereignty. The reason the error is so common is that residency is visible and reassuring, a region dropdown, a data-centre address, a map with a pin in Germany, while sovereignty is invisible and legal, a question about which courts can compel which entity. The pin on the map feels like the answer, and for a regulated workload it is the start of the question. The discipline is to treat "where is the data?" and "who can be compelled to hand it over?" as two separate questions with two separate answers, because the gap between them is exactly where the audits and the incidents land.

The residency illusion is the assumption that storing data in a Frankfurt or Dublin region owned by a non-EU corporation satisfies European sovereignty requirements. It is comfortable because it is concrete: there is a data centre, it is on EU soil, there is an address you can point to. The illusion holds right up until the question shifts from where the data sits to who can be compelled to produce it, at which point the EU address becomes irrelevant to the answer, because the compulsion attaches to the entity rather than the location. Organisations in healthcare, banking, education and government have discovered that the residency arrangement which passed procurement does not pass an audit that asks the sovereignty question, and the discovery has tended to come at the audit rather than before it.

This is not a hypothetical exposure waiting for a test case, because the test cases have arrived. Data protection authorities in several member states, Austria, France and Italy among them, have ruled that certain US cloud arrangements violate the GDPR, turning the residency-versus-sovereignty distinction from an academic point into enforced supervisory practice. The financial stakes are concrete in two directions: GDPR penalties reach up to four percent of global annual turnover, and the NIS2 regime layers management accountability and, in some national transpositions, personal liability on top, so the cost of the residency illusion is no longer just a remediation project but a fine and a governance failure with names attached. The practical lesson practitioners draw is to record data residency and transfer paths properly in the Article 30 records of processing, including sub-processors and backup flows, and then to ask of each one the sovereignty question explicitly, because the arrangements most likely to fail are the ones nobody examined past the reassuring data-centre address.

Chapter V of the GDPR prohibits transferring personal data outside the EU unless a specific mechanism applies, and the mechanisms are layered. An adequacy decision under Article 45 is the cleanest: the Commission has found a destination country offers essentially equivalent protection, and as of 2026 adequacy covers a set including the UK, Switzerland, Japan, South Korea, Canada for commercial data, and others, plus the US under the Data Privacy Framework for organisations that self-certify and appear on the official list. Where no adequacy decision applies, Standard Contractual Clauses under Article 46, paired with a transfer impact assessment that evaluates the destination's legal environment, are the workhorse mechanism. Binding Corporate Rules cover transfers within a corporate group, and the Article 49 derogations cover narrow, specific situations. The mechanism you rely on determines how stable your transfer is, and one of the most-used is the least stable.

The Data Privacy Framework is the 2023 adequacy decision for the US, and it is the third attempt at this bridge after the Court of Justice struck down Safe Harbor and then Privacy Shield, each time over the same underlying concern about US government access. Schrems III, the litigation challenging the Framework, is already pending before the Court of Justice, with a decision expected in late 2026, and the pattern of the two prior rulings is not reassuring for anyone betting their architecture on the Framework surviving. The competent posture, the one most advisers now recommend, is to use the Framework where it applies but never to rely on it alone: sign Standard Contractual Clauses alongside it and keep the transfer impact assessment current, so that if the Framework is invalidated, the transfer falls back onto SCCs rather than becoming instantly unlawful. Building on the Framework without an SCC fallback is building on a bridge that has been demolished twice, and the architecture that does not depend on any US transfer mechanism at all is the one that is indifferent to how Schrems III is decided.

At one end, the global hyperscalers have built sovereign configurations that tighten the boundaries of their standard EU regions. AWS launched its European Sovereign Cloud in early 2026, with an initial region in Germany operated by EU-resident staff under a separate European legal entity, and Microsoft offers sovereign public and private variants of its cloud. These are real improvements: the operational and legal boundaries are meaningfully tighter than a standard EU region, with EU-resident operations and separate legal structuring designed to limit foreign reach. The honest caveat is that the ultimate corporate parent remains non-EU, so whether the separation is sufficient depends on how completely the legal and operational ring-fencing holds against the parent's home jurisdiction, a question that is partly legal, partly architectural, and reasonably debated. For many regulated workloads they are a strong and pragmatic answer; for the most sensitive, the residual parent question is why some organisations look further.

At the other end sit the EU-native providers, headquartered and operated wholly within the EU with no non-EU parent in the chain, names like OVHcloud and Scaleway in France, Hetzner and IONOS in Germany, UpCloud in Finland, among others. Their jurisdictional answer is the cleanest available, because the entity, its staff and its infrastructure are all under EU law and no foreign compelled-access regime reaches them, which is why EU-native deployment is one of the architectural controls genuine sovereignty rests on. The trade-offs are practical rather than legal: a narrower catalogue of managed services than the global hyperscalers, smaller geographic footprints, and more engineering carried by your own team where a hyperscaler would have offered a turnkey service. For an organisation whose sovereignty requirement is strict, that engineering is the price of removing the parent-jurisdiction question entirely, and it is increasingly a price the regulated sectors are choosing to pay, which is part of what is driving the renewed interest in EU-native infrastructure and in self-hosting across European IT in 2026.

Sovereign AI extends the residency-versus-sovereignty distinction across the entire AI stack: not only where the training and inference data sit, but where the model weights live and who controls the infrastructure running them. Model weights are uniquely sensitive because training can cause a model to memorise fragments of its training data, so weights derived from sensitive personal data can themselves contain that data in latent form. Weights stored on infrastructure subject to a foreign compelled-access regime therefore carry the same exposure as the raw data, concentrated into the most valuable artefact the organisation owns. The shift the field is making, from data residency to technical sovereignty over the whole stack, is driven by exactly this realisation: securing where the training data sits while the weights run on exposed infrastructure secures the wrong thing.

For an organisation deploying AI in a regulated function, two regimes now have to be answered together. The EU AI Act governs how AI systems may be built and used, with obligations escalating through 2026 toward full enforcement of the high-risk requirements and their conformity assessments, while data sovereignty governs where the data and the weights those systems depend on may lawfully sit and who can reach them. A high-risk AI system processing sensitive data raises both at once, the AI Act's governance and conformity duties and the sovereignty of the stack the model trains and runs on, and answering them in separate workstreams is how the sovereignty gap opens, a model that satisfies the AI Act's documentation while its weights sit on infrastructure a foreign authority can compel. The principle that genuine sovereignty requires the provider, the infrastructure and the operational staff to share one jurisdiction applies with particular force to AI, because the stack is deeper, the sensitive artefact is the weights, and the consequence of getting it wrong is measured against the GDPR's turnover-based penalties. Sovereign AI is data sovereignty applied to the part of the system that is hardest to see and most expensive to get wrong.

Think of sovereignty as applying separately to each layer of the stack, because a foreign reach into any one of them defeats the others. Data sovereignty is the base: where the data sits and who can compel it. Operational sovereignty is the layer above: who runs the infrastructure day to day, who has privileged access, who can be instructed by a foreign parent to act on the data, the support engineer with a console and a directive from headquarters being the access route that contractual residency never mentions. Technical sovereignty covers the software and the keys: whether the encryption keys are yours, whether the platform itself can be inspected and controlled, whether the stack can be operated without dependence on a foreign-controlled component. And legal sovereignty is the layer that binds the rest: which entity, under which jurisdiction, holds the contract and the ultimate control. A system is only as sovereign as its weakest layer, and the residency-only model is sovereign at none of them except, arguably, the location of the bytes.

This layered view explains why the architectural controls come in the set they do, each one closing a different layer. Customer-held keys close the technical layer, so that even if the data layer is compromised by compulsion the data is unreadable. EU-native deployment closes the legal layer, putting the controlling entity under EU jurisdiction. Operational-layer control, EU-resident staff with privileged access under EU law, closes the operational layer that is the most commonly overlooked and the most commonly exploited, because access in practice is granted by people, not by warrants alone. Enforced geofencing keeps the data layer from leaking by default. A serious sovereignty assessment walks the layers one at a time and asks, for each, which jurisdiction governs it and who can be compelled within it, rather than accepting a single reassuring answer about the data centre. The gaps that audits find are almost never at the data layer everyone thinks about; they are at the operational and legal layers nobody put in the procurement questionnaire, the offboarded sub-processor still in the chain, the support team in a third country, the parent entity that can lawfully direct the subsidiary. Sovereignty fails at the layer you did not check, which is the argument for checking all of them deliberately rather than trusting the layer that happens to be visible.