Cloud sovereignty is fast becoming a strategic imperative as organisations look to accelerate transformation and drive AI innovation—without compromising data protection. This report sets out the five key steps along the sovereign cloud journey.
At a glance
Cloud sovereignty allows organisations to align innovation, compliance, and transformation goals.
A new generation of sovereign cloud models means that organisations can now meet sovereign demands in areas such as data residency and encryption—without losing access to advanced cloud capabilities.
The starting point for choosing the right sovereignty model—or more likely models—is gauging the data classification, residency, and access control requirements across different areas of the organisation and its third-party ecosystem.
Data and cloud are the driving forces powering digital transformation and business model reinvention. But with the data and cloud potential comes increasing risks and challenges—growing reliance on third-party service providers, more data held on external platforms, and an ever-larger surface for cyberattack.
Reaping the benefits of these technologies therefore demands confidence and control over data, infrastructure, and governance—cloud sovereignty.
Adapting faster
Regulators across Europe, the Middle East, and Africa are stepping up their focus on data residency, data protection, and other key aspects of cloud sovereignty. But sovereignty is far more than just a compliance exercise.
As organisations move beyond cloud migration to focus on optimisation, accountability, and trust, sovereignty allows organisations to innovate on their own terms. They can make the most of their rapidly advancing cloud and AI capabilities, safe in the knowledge that access to data is under their control and that their technology choices remain open.
“Cloud is gathering pace. While this opens up new opportunities for innovation and value creation, it’s also sharpening the boardroom, regulatory, and media focus on data privacy and security.”
Claudius Meyer,Partner, Cloud, Data & AI and Microsoft Leader, PwC SwitzerlandBalancing functionality and control
In an important step forward, a new generation of Sovereign Public, Private, and Partner Cloud solutions means that organisations can take charge of their data, while still benefitting from the scalability, security, and optimised performance of hyperscale cloud services.
Key advantages of these new models include agility and flexibility in assigning different types of data and workloads to the most appropriate model and level of protection. For example, organisations can deploy a Private Cloud for their most sensitive and proprietary data. Areas where faster adoption of new technology is possible could be housed within a Partner or Sovereign Public Cloud.
“The choice between Public Cloud and on premises is giving way to diversified hybrid solutions, with data allocated to Public, Private, or National Partner Clouds according to its sensitivity and criticality.”
Mauro Xavier,Partner, EMEA Microsoft Alliance Leader, PwC SpainFive key steps along the sovereign cloud journey
With so much of an organisation’s transformation and wider business goals hinging on cloud capabilities, the formulation of its sovereign cloud strategy shouldn’t be left to technology teams on their own. It calls for active input and sponsorship from business, compliance, and data management teams. To turn ambition into advantage, organisations should:
- Define the sovereign strategy
- Tailor models to strategic goals
- Set clear and realistic boundaries
- Design the cloud architecture
- Build strategic partnerships
“As organisations embrace digital transformation, clear control over where and how data is governed is a strategic imperative. By taking ownership of cloud data governance, leadership teams will not only deliver compliance, but also resilience.”
James Rashleigh,Cyber Business Leader and Cyber Security Partner, PwC UKSpotlight on Switzerland
“Switzerland’s rich digital ecosystem, spanning local startups to global cloud providers, positions the country to seize the transformative potential of cloud and AI technologies. Together, we are building an environment where innovation can flourish securely and responsibly and where customers are empowered to strategically define their digital transformation journeys.”
Marc Holitscher,National Technology Officer, Microsoft SwitzerlandSwitzerland’s focus on cloud sovereignty is shaped by a strong data‑protection culture and sector‑specific oversight (e.g., financial services). Organisations prioritise in‑country data residency, end‑to‑end encryption, and clear key ownership, while maintaining access to hyperscale capabilities. Adoption is trending toward diversified hybrid models—allocating the most sensitive workloads to Private or national Partner Clouds, and leveraging Sovereign Public Cloud for scalable innovation. Success hinges on defensible architectures, transparent governance, and careful management of third‑party risk, interoperability, and cross‑border data flows.
Starting on page 23, we highlight all Switzerland-specific findings on data and cloud priorities, key regulations, and key developments.
“PwC Switzerland offers strong advice and support right through the sovereign cloud journey, helping organisations to drive transformation while navigating continually evolving regulations in Switzerland and the EU.”
Claudius Meyer,Partner, Cloud, Data & AI and Microsoft Leader, PwC Switzerland
