Digital Sovereignty That Works in Practice: Local Control, Global Resilience

Digital sovereignty has, in a relatively short period, moved from policy rhetoric to architectural constraint. Nowhere is this more evident than in Europe, where regulatory pressure and geopolitical considerations are converging into concrete technical requirements. For public institutions, operators of critical infrastructure, and regulated enterprises, sovereignty is no longer a matter of principle. It is a condition for deployment.

At the same time, the threat landscape remains structurally global. Attackers operate across jurisdictions, exploiting distributed infrastructure and increasingly leveraging AI to compress attack cycles. Organisations are therefore required to reconcile two opposing forces: the need to anchor control locally, and the necessity to defend at global scale.

This tension is often overstated. It is not a binary choice, but it does require deliberate architectural decisions.

What sovereignty means in practice

In operational terms, sovereignty is neither abstract nor uniform. It manifests as a set of auditable requirements that vary by jurisdiction and sector, but follow a consistent logic. Organisations are typically asked to demonstrate:

• That policy enforcement takes place within defined geographic boundaries
• That telemetry and logging remain under local control
• That responsibilities between provider and customer are clearly separated
• That compliance can be evidenced through certification and audit
• That service continuity does not break these guarantees under stress

This shifts the discussion away from location alone towards control, accountability, and verifiability. Data residency remains necessary, but it is insufficient on its own.

Zscaler’s evolving sovereignty model

Recent developments from Zscaler reflect this shift from principle to implementation. The expansion of its digital sovereignty capabilities—particularly across Europe, but also in other regulated markets—centres on making sovereignty enforceable within the platform itself.

Several elements are notable.

First, the continued extension of regional control planes, including a dedicated European instance, addresses a recurring concern: where policy decisions are defined and executed. This is not merely a latency consideration, but a question of jurisdictional authority.

Second, Zscaler is expanding in-country data and logging services, allowing organisations to keep telemetry within national boundaries while maintaining integration with global detection and response workflows. This aligns with increasingly strict interpretations of data handling under European regulation.

Third, the platform introduces more granular options for localised inspection, including in-region malware analysis. This reduces the need for cross-border data movement during security processing—an area that has historically been difficult to reconcile with sovereignty requirements.

Finally, the availability of Private Service Edge deployments—single-tenant, dedicated infrastructure either customer-hosted or provider-managed—provides an option for environments that require physical or logical isolation without abandoning a consistent Zero Trust model.

Taken together, these developments indicate a maturation of the sovereignty model: from architectural possibility to operational capability.

The missing layer: cryptographic control

Despite these advances, one question remains structurally decisive: who controls the keys?

Encryption is ubiquitous in modern security architectures, but sovereignty is not determined by encryption alone. It is determined by control over the cryptographic material that governs access to data. In many cloud-delivered models, this control is shared or delegated in ways that do not fully align with stricter European requirements.

For organisations operating under frameworks that emphasise separation of duties and national control, this is a critical gap.

Extending the model with PKI and HSM

This is where the integration of PKI and Hardware Security Module (HSM) capabilities becomes materially relevant. By combining Zscaler’s Zero Trust Exchange with dedicated cryptographic infrastructure, Nomios extends the sovereignty model beyond enforcement into control.

In this combined architecture, trust is anchored locally. Certificate authorities are owned and governed by the organisation, defining identity and trust relationships on its own terms. Private keys are generated, stored, and managed within HSMs, ensuring that they never leave controlled environments and that access is tightly governed and auditable.

The effect is a clear separation of responsibilities. Zscaler delivers inspection, policy enforcement, and global scale. The organisation retains exclusive control over the cryptographic layer that ultimately governs data confidentiality.

This distinction is not cosmetic. It enables a model in which even when traffic is inspected in the cloud, the authority to decrypt remains with the customer. For regulators and auditors, this provides a level of assurance that standard cloud models struggle to demonstrate.

From design to demonstrable sovereignty

The practical outcome is an end-to-end approach in which sovereignty is not asserted, but evidenced.

Traffic can be inspected within a defined jurisdiction. Logs and telemetry can be retained locally or on-premises. Cryptographic keys remain under national or organisational control. Operational responsibilities are clearly delineated. And, critically, these properties can be validated under audit.

This addresses a persistent weakness in many “sovereign cloud” propositions, where control is implied but not technically enforced.

Sovereignty under stress: the resilience question

A sovereign architecture that fails under pressure is of limited value. European regulatory frameworks such as NIS2 and DORA make this explicit: resilience is not separate from security, but integral to it.

Overly localised designs risk introducing single points of failure and constrained recovery options. Conversely, overly centralised models dilute control and complicate compliance. The challenge lies in combining regional autonomy with global resilience.

Zscaler’s globally distributed cloud provides the foundation for this resilience, with infrastructure designed to absorb failures without cascading impact. When combined with regionally anchored controls and customer-managed cryptography, this creates a model in which failover and continuity can be engineered without breaching sovereignty constraints.

A pragmatic model for European organisations

For European organisations, the direction is becoming clearer. Sovereignty requirements are tightening, not only in terms of data location, but in terms of demonstrable control and operational integrity.

What emerges is not a single solution, but a pattern: globally distributed security platforms, regionally enforced controls, and locally governed cryptography.

The combination of managed Zero Trust services with PKI and HSM infrastructure reflects this pattern. It does not eliminate dependency on global systems, nor does it promise absolute autonomy. What it offers instead is a form of digital sovereignty that is technically enforceable, auditable in practice, and resilient under real-world conditions.

That is a more modest claim than many in the market make—but also a more credible one.