What is digital sovereignty?

EXPERT INSIGHTSTIPS
Written By Marvel Consulting Team

Digital and data sovereignty and artificial intelligence 

What does digital sovereignty mean?

Digital sovereignty means digital independence. In the context of companies and organizations, digital sovereignty refers to an organization's ability to control its own data, systems, and technological dependencies. In practice, it is about where the data is located, who processes it, and under what conditions.

Digital sovereignty refers to an organization's ability to control its own data and digital systems. It has become a central theme due to, for example, the use of cloud services and artificial intelligence, as well as the tightening of regulations. Digital sovereignty has also been featured in the media. Recently, for example, Tivi wrote about Finland's plan for digital sovereignty; the goal is to seek alternatives and prepare for changes. 

Data sovereignty and artificial intelligence are also often mentioned in conjunction with digital sovereignty. But what do these have in common and how do they affect each other? Read more in this blog article!

Digital sovereignty vs. data sovereignty

Digital sovereignty and data sovereignty can easily get confused. And not without a reason: digital and data sovereignty are closely linked. 

  • Data sovereignty focuses on where data is located, who controls it, and how it can be used. It is particularly related to legislation, data protection, and the transparency of data processing.

  • Digital sovereignty is a broader term. In addition to data, it also covers systems, infrastructure, and supplier relationships. It is about an organization's ability to make independent technological choices and maintain control over its IT environment.

Data sovereignty can be seen as a part of digital sovereignty.

Why is digital sovereignty relevant now?

Digital sovereignty has become more relevant for several reasons, such as the rapid growth of cloud service use, stricter legislation (for example, GDPR, Data Act and AI Act), and the current geopolitical situation. All these factors have increased interest in technological self-sufficiency and risk management. Digital sovereignty is important to consider for business continuity, especially if a foreign service used by a company could suddenly be discontinued. For example, Microsoft cut off its services from the UN International Court of Justice at the request of the Trump administration

However, digital sovereignty does not mean isolation or even necessarily rejecting all foreign services. Its essence is in increasing control and making informed choices. 

The importance of digital sovereignty is also emphasized for these reasons:

Supplier dependency is growing, sometimes unnoticed

Cloud services and SaaS solutions accelerate development, but often tie the organization to a single supplier and its offering. Exiting or replacing the service can be slow, expensive, or technically challenging.

Increasing demands are placed on data management

Organizations need to know exactly:

  • where their data is located,

  • who processes their data, and

  • under what conditions their data is processed (especially for international services). 

Differences in legislation between different countries and regions affect data and its processing. For example, US legislation (such as the Cloud Act) may affect a US company more than EU legislation (such as the GDPR), regardless of where the data is physically stored. If US authorities require a US company to hand over data, the company may be forced to do so even if the data is not physically located within the US.

Information security and risk management are emphasized

Outsourcing services does not eliminate responsibility. Organizations must still understand the risks and ensure that critical data and systems are under control at all times.

Business continuity requires flexibility

Changes in suppliers, pricing, or the geopolitical situation can directly impact a business. The more inflexible the environment, the more difficult it is to respond quickly to changes.

In light of questions and concerns about digital sovereignty, many companies and organizations have returned to, or are planning to return to, domestic data centers. For example, the City of Helsinki is building a new core information system based on Finnish service UpCloud (more information on the subject can be found e.g. on the Kauppalehti pages).

The impact of artificial intelligence on digital sovereignty

The widespread use and adoption of artificial intelligence brings its own dimension to digital and data sovereignty. When using AI, in addition to the location of the data, it is particularly important to consider:

  • how the data is used and

  • what conclusions can be drawn from the data with the assistance of AI. 

Organizations must understand what data is used to train AI models, where these models are located, and who controls them. For example, in generative AI services, a key question is whether the organization's data can end up as training data for the service provider's models.

Legislation and artificial intelligence

Legislation also affects the use of artificial intelligence. For example, the EU's artificial intelligence regulation, the AI Act, emphasizes the need to manage data and to take into account the risks and liabilities associated with the use of AI. The AI ​​Act categorizes AI systems based on their risks and even completely prohibits AI systems that are intended to exploit human vulnerabilities. 

Organizations must be able to demonstrate how AI is used, what kind of data is utilized, and how risks have been taken into account.

cartoon character with a happy expression and their finger pointing at a light bulb

The development of digital sovereignty can be started by assessing your current situation.

How can a company develop its digital sovereignty?

The development of digital sovereignty can be started by assessing your current situation, identifying and prioritizing risks, and drawing up a development roadmap. The assessment should take into account at least data, infrastructure, supplier dependence and procurement procedures, strategy, legislation, and compliance.

A guide to digital sovereignty: map your situation and read expert Q&A

We have prepared a digital sovereignty guide to help you on your journey. The guide is available in Finnish, and from the guide you can find the basic information on digital sovereignty in a downloadable format, as well as a guide for assessing your company’s situation. You also find an extensive Q&A with Janne Kalliola, a digital sovereignty expert and chairman of the Code from Finland association. Janne offers comprehensive and thoughtful answers to commonly asked questions about digital sovereignty.

Marvel Consulting Team
Next

What does a digital identity wallet mean for you and your business — and what is a business wallet?