Data technology has changed significantly in the past 10 years, but so too has the regulatory and geopolitical environment. A steady stream of regulations for data privacy, emerging regulations on AI, and geo-political tensions (even between friendly nations) have since conspired to make data policy and architecture increasingly complex.

Digital and data sovereignty is a legal construct, but with significant physical implications on the way technology and data assets are implemented and managed. The agenda is driven in part by security, but also political ambitions for digital independence, which can be thought of much like energy independence. The EU in particular has concerns about over-reliance on technology services by foreign providers, plus the extent to which they fall under the legal jurisdiction and political influence of their home governments. However, this is not a uniquely European concern, with governments across Asia-Pacific also pushing for sovereignty rules.

The developments in data privacy, data residency rules, and concerns about data sovereignty conspire to challenge the ability of banks and payments processors to operate effectively across multiple regions. Lest data and cloud sovereignty be seen as a nebulous or abstract area of concern, the experience of Swift back in 2006 should bring the risks into sharp focus!

Banks and solution vendors must be aware of the growing challenges of complying with digital and data sovereignty rules, and the overlay of regulations relating to data privacy, data localization, resilience, and portability. This will impact data center strategy, data storage locations, and AI. Even domestic US banks need to know where their data is being managed, and what juridictions it falls under - especially when solutions are hosted as a service.