1

Is your cloud strategy prepared for
the recent geopolitical tensions?

Your challenge

Geopolitical tensions are fragmenting the internet. Organizations now treat data as a strategic asset controlled by local laws, creating a complex and unpredictable regulatory environment. The challenge is to navigate conflicting data regulations and the risk of foreign government access to your information, moving beyond simple data residency to true digital sovereignty.

EY’s perspective

The cloud conversation has shifted from technology and efficiency to geopolitics. The ideal of a single, borderless internet is resulting in the reality of a “splinternet,” where data localization is a core component of national strategy. Cloud infrastructure is no longer a neutral utility but is intrinsically linked to the sovereignty and political stability of its host nation.

This creates a critical challenge: relying on a single hyperscale provider can create direct conflicts between its home country's laws (like the US CLOUD Act) and regulations in other jurisdictions (like the FINMA Outsourcing Circular or EU’s GDPR). The risks now extend beyond service outages to include legal data seizure, service sanctions, or being caught in a trade dispute. True business resilience now demands a cloud strategy that is as geopolitically aware as it is technologically robust.

Your data’s location is as important as its protection. Leaders must treat digital sovereignty as a central pillar of their corporate strategy to ensure resilience in an unpredictable world.

Tom Schmidt, Partner, Cyber Security Leader in Financial Services, EY Switzerland

Our recommendations

Map your dependencies and classify your data by legal exposure to define residency and access requirements.
Adopt a flexible, multi-provider approach using a mix of large-scale and regional providers.
Build for resilience and agility to enable workload portability.

For more information read our online article