Data sovereignty became a major topic last year, at least in the Philippines, partly due to the opening of new data centers in the country. Worries about data safety, privacy, and economic impact are pushing governments and companies to take stronger control of important information.
In October 2025, the Public Data Centers Act of 2025 (House Bill No. 5169) was filed in the House of Representatives. The bill proposes creating a national network of public data centers across provinces to boost digital infrastructure and national data control. It frames this network as essential for data sovereignty, e-governance, and local economic growth.
For context, data sovereignty means that your data is governed by the laws of the country where it’s created, stored, or used. It’s not just about physical location, what matters is which country’s rules apply. This affects privacy, access, and national security, making it a legal and accountability issue, not just a technical one.
Data residency means it is where data is physically stored, like a data center in the Philippines or Singapore. It doesn’t create legal rules itself, but the location influences which country’s laws apply. Data localization goes further: it is a legal rule that certain sensitive data, like personal or financial information, must stay in the country where it originated. Some countries enforce this to make sure critical data follows local regulations.
Sovereign cloud is a type of cloud service built to meet these rules. It keeps data local when needed, controls who can access it, and ensures compliance with local laws. This allows organizations to stay in control while still using cloud technology.
“Data sovereignty refers to how digital data is handled, specifically where it is processed, stored, and moved, because that determines which laws and regulations apply,” said Arun Kumar, regional vice president for Asia Pacific at ManageEngine, in an interview with Back End News.
He explained that it’s about understanding “where the data gets processed and where it goes,” which defines the legal rules.
AI, edge computing, and 5G
The issue has become more important with digital transformation. Moving systems to the cloud means relying on third-party providers, so data no longer sits within the organization. The increase of AI use adds another layer: generative AI (GenAI) and large language models (LLMs) require data to move through these systems to train them and deliver accurate predictions or automation.
“Companies are already on the cloud, and now they are connecting their data to language models,” Kumar said. “While these technologies drive innovation, they also create risks. Data moves across systems and borders.”
Emerging technologies like AI, edge computing, and 5G create both challenges and opportunities. AI relies on global datasets, making control harder, while edge computing and 5G push data across many devices and locations. But these technologies can also support sovereignty: processing sensitive data locally, and using hybrid or multi-cloud setups to control where workloads sit and who can access data.
Data sovereignty is especially important for governments and large organizations that handle sensitive information, from citizen records and health data to defense information. Private companies face similar stakes, as customer trust depends on responsible data handling.
“The core idea is that ‘my data should reside within my land,’ with clear rules on who processes it, how it’s used, and how it’s monitored,” Kumar said. “With so much critical information in motion, countries and organizations are prioritizing data sovereignty to maintain control, protect data, and support long-term stability.”
Balancing sovereignty and competitiveness is not about choosing one over the other. It’s about control and flexibility.
“Data sovereignty gives countries and organizations the ability to protect sensitive information, comply with local rules, and build trust with citizens and customers,” said Matthew Oostveen, CTO and VP APJ of Pure Storage in an email interview. “But too much restriction can slow innovation and limit access to global technologies.”
Oostveen recommends a risk-based, hybrid model. Not all data needs to stay local. Governments and businesses should identify which data is sensitive and requires full sovereignty, and which can benefit from global cloud services. Hybrid and multi-cloud setups allow tight control where it matters while still taking advantage of global platforms. Done right, this balance protects critical data while keeping countries competitive in the digital economy.
Growth of data centers
The growth of data centers and cloud infrastructure is closely tied to government priorities on data sovereignty and cybersecurity.
“It’s directly proportional,” Kumar said. “Governments prioritize keeping sensitive data local while ensuring security and compliance. This drives demand for local data centers and cloud services.”
In the Philippines, the DICT’s “cloud-first” strategy has been paired with rules to protect government data.
“We’re seeing strong regional examples of this collaboration in action. In the Philippines, for instance,” Oostveen said, “Now Corporation and TCS Partners are developing sovereign cloud infrastructure to strengthen governance and resilience.”
These partnerships show how global technology can be combined with local oversight, noting the need for transparency around data ownership, access, and exit controls.
Data localization also strengthens cybersecurity. It gives organizations control over where data is stored, which laws apply, and who can access it, which may reduce risk. Oostveen cited a recent data sovereignty study in which 100% of respondents said security concerns and potential service disruptions made them rethink where data sits.
“But if you make localization too rigid, you can make systems less secure,” he said. “You might lose access to global threat intelligence, limit resilience, or get locked into a smaller ecosystem. The smarter move is hybrid, encrypted, multi-cloud architectures that keep control without blocking innovation.”
However, not all data carries the same level of risk.
“Data localization should start with what matters most to national security, citizen privacy, and essential services,” Oostveen said.
This includes government and defense data, citizens’ personal and financial records, and information tied to strategic infrastructure.
“But not everything needs to stay within national borders,” he added.
Routine operational data, like logistics or customer engagement data, can sit in trusted global environments if well-governed and encrypted.
“Sovereignty isn’t just about location, it’s about control,” he said. “With the right frameworks, such as encryption, customer-held keys, and governance policies, organizations can manage who accesses data and how it’s used, even across borders.”
To protect locally stored data, countries need strong governance combining clear policies, technical standards, and accountable oversight. Governments should set national standards, enforce resilience, and ensure infrastructure can withstand disruptions. Organizations must comply with local and international rules, such as the Philippines’ Data Privacy Act, Singapore’s PDPA, Indonesia’s PDP Law, and frameworks like GDPR, DORA, and the EU AI Act.
“When policy, technology, and accountability come together, countries can build trusted, resilient data ecosystems that protect sensitive information, strengthen sovereignty, and support digital growth,” Oostveen said.
Measuring success goes beyond compliance. Countries should track security, resilience, and economic impact, including fewer breaches, faster incident response, recovery from outages, and growth in local data centers and cloud adoption.
“The biggest measure of success is trust,” Oostveen said. “When citizens and businesses feel confident their data is secure and under control, sovereignty is working. The future of data sovereignty is being sovereign by design, embedding control, security, and visibility into every layer of technology. This ensures trust, resilience, and competitiveness in the digital economy.”