Close your eyes and think about the digital world. You might visualize an endless stream of numbers – a wave of information flowing around the globe with little regard to national borders.

In reality, data is much more tangible than we would think. All digital information has a physical location, and processing data complies with the laws and other regulations of the country of location, regardless of which country the data originates.

Therefore, defining critical data, keeping it safe, and securely moving it around are the key factors for the secure, digital tomorrow. Organizations operating in Nordic countries and elsewhere in Europe have become increasingly aware of the immeasurable value of digital sovereignty.

Securing the value of data 

A single piece of information is rarely valuable regardless of the data or its owner, but the situation changes as the amount of data increases. It is, in fact, about a globally inexhaustible and immeasurably valuable resource whose future potential of use is limitless. Organizations and societies have a lot at stake, and therefore the assessment of both the current situation and possible future risks is essential.

The core questions are: where is the information located, where does it flow, and who controls it? If the data resides on American or Chinese servers, for example, the national laws of the organization’s country or even EU regulations are little more than words. It should be noted that as much as 92 percent of European data is located outside of Europe, and the current situation has indeed sparked a lot of discussion in the EU. With a single acquisition, data can move to foreign soil and beyond the reach of national legislation. On the other hand, data centers being located on sovereign soil is not enough either. If the metadata can be managed elsewhere, true sovereignty has not been achieved.

Thus securing information requires prioritization by the organizations themselves, even though the authorities are actively developing solutions to safeguard the sovereignty of Europeans. One of the decisive measures for the future is the safe movement of information between the EU and the United States. The vision is becoming a reality, as the first official steps towards updated data transfer policies (Data Privacy Framework) have already been taken.

Defining and classifying data

The data protection regulation GDPR defined by the EU has improved the privacy of individuals, but digital sovereignty is a much broader phenomenon. It is about ensuring the continuity of businesses and societies by keeping information where it belongs. Sorting the organization’s information plays an important role: it is necessary to differentiate which data can be classified as critical according to national and regional security standards, and as for companies themselves.

There are different classifications of data: public, confidential, or restricted, for example. In addition, there may also be country-specific differences in classification methods, which must also be taken into account. This is why the first thing to do is a complete data and application assessment. Once the data has been evaluated and classified, the solutions in order to protect critical information can be applied. As the leading Nordic operator of digital solutions, Tietoevry’s vision is to secure the digital sovereignty of the Nordic countries by developing and providing the necessary services.

In addition to security, responsible digital leadership is also about environmental sustainability. According to the European Commission’s estimate, the amount of data produced globally is growing rapidly: while 33 zettabytes were produced in 2018, the number is expected to rise to 175 zettabytes by 2025. The amount of data will therefore double every year and a half. In addition, the European Commission estimates that currently, up to 80% of industrial data remains completely unused.

While classifying data to secure critical information, organizations also have the opportunity to evaluate the quality of their data and to minimize the amount of unnecessary data. “Excess” information creates an unnecessary burden on the environment if not utilized, because extra data centers and equipment are needed to maintain it.

Innovation is key

In the global data economy, information is harnessed by businesses to derive value. The information can, for example, consist of user insight or industrial output, which are further utilized in various information systems, artificial intelligence solutions, or even robotics. These are just examples of the limitless possibilities of data. Digital sovereignty is about providing incentives to promote innovation and growth as well. In the long term, innovation is the basis of the growth and well-being of society as a whole. By harnessing new technologies and growing competence, we can also pave the way for the benefit of future generations.

When digital sovereignty is ensured, companies, organizations, and even individuals can manage their own digital resources and information more independently. When the sharing of protected information takes place in an infrastructure based on trust, there are great conditions for growth and innovation.

In the Nordics, there is generally a high level of maturity and great innovative force in digitalizing services for citizens and society. However, the challenge is that small and medium-sized companies must have the same operating conditions as large ones.
Responsibly ensuring a level playfield in the data economy enables further opportunities and innovation. Let’s consider Artificial Intelligence, which has enormous potential. The European Commission’s proposal for the Artificial Intelligence (AI) Act is expected to be finalized this year. Its goal is to regulate AI applications and align them with EU values and fundamental rights. At the same time, it would be a predictive tool for enabling growth based on the responsible use of AI technologies. To remain innovative, organizations need to stay abreast of new and emerging technologies and relevant regulatory requirements.

Despite new challenges, we should remain optimistic: with the support of experts, the organization can get a good basis for evaluating its situation. This groundwork is the foundation of digital sovereignty. No matter how big the challenges seem now, the future is full of new opportunities.

A sovereign solution to the challenge

The challenges we face are getting more complicated, but the available solutions are also developing. New dynamic cloud services make it easier for companies to balance between innovation and set requirements. Cloud services act as efficient platforms, and one of the most significant tools for achieving sovereignty is the sovereign cloud. 

Sovereign cloud is not a new concept. It has just become very topical due to a changing geopolitical landscape and new regulations that affect the control of data. To put it simply, when the cloud is sovereign, it allows access to the information within the framework of local laws and regulations. The solution also brings along the other key benefits of cloud services, such as agility, sustainability, and automation.

As with the different types of data, there are also differences between clouds, for example, in the value they create. No matter what the organization’s digital solutions contain, organizations have to compare alternatives and build a functional whole - in accordance with a multi-cloud strategy. A truly sovereign cloud, as part of a multi-cloud strategy, ensures that information remains secure and prevents foreign access to data.

A sovereign cloud is a reliable environment for data storage and processing. Information can also be transferred safely across borders so that we remain under one and the same jurisdiction. However, in addition to securing data storage - and its movement - companies must also take care of their competitiveness on global playing fields. Therefore, the requirements and regulations regarding cloud service providers must also be made as clear as possible. The European Union is currently defining the sovereignty requirements for cloud services, and the results will be announced in the near future.

Companies and organizations must continue to work together in order to grow and innovate in a changing digital market environment, where regulations define the boundary conditions of operations.

Let’s keep businesses and societies digitally sovereign. That is what technology is for.