AWS maps out ‘practical digital sovereignty’ as global debate intensifies

Digital identity sovereignty is a complex issue with a variety of answers. Practical concerns around security and cost — and political concerns around geopolitics and diplomacy — means the issue should lay squarely within a nuanced discussion.

Amazon, a significant operator with AWS and the cloud market, is exploring digital sovereignty in a series of blog posts. Similar to conversations had at MOSIP Connect 2026 in Rabat, Morocco, the first blog post in the AWS series looks at control, among other pillars.

A notable point made in Rabat came from a digital sovereignty panel that discussed the relative importance of data residency, access and cloud sovereignty. The panelists said that keeping your own cryptographic keys can be of greater importance to sovereignty than some of the other measures.

In “Practical digital sovereignty,” AWS outlines the concept as three pillars: control, continuity and compliance. Control gathers the parts of data location, protection and access, and oversight as well as processing and legal considerations around data handling.

Continuity focuses on business survivability and resilience to threats. Such threats are very real. Morocco faced a wave of cyberattacks on its public sector systems, which were mentioned at MOSIP Connect 2026. Being able to weather the attacks of bad actors is key to sovereignty.

The last of the three pillars – compliance – emphasizes cybersecurity standards, privacy regulations, industry rules and adherence thereof. Establishing monitoring to verify ongoing compliance is part of this pillar along with setting out remediation processes for non-compliance. Regulations continue to evolve.

Cambridge professor Ellis Ferran, for example, has described the “multi-dimensional balancing act” of regulating DPI and digital ID. The professor of companies and securities law says such regulations are not designed to get rid of risk and innovation from the system, but to ensure the delivery of the intended social and economic benefits. Cambridge University launched a new initiative, the “Cambridge DPI Regulatory Programme: Digital Identity,” to encourage effective regulation of digital identity around the world.

In addition to introducing the three pillars of practical digital sovereignty, AWS has highlighted how to understand what your own sovereignty requirements could be. “Understanding sovereignty requirements is a foundational step before building any environment, particularly regarding workload requirements and data handling obligations,” the blog post says.

Like the three pillars, this understanding is also grouped into three components, which are  discovery, cataloging and establishing ownership. The AWS post outlines a systematic approach to supporting a thorough identification and classification process of data. This includes mapping data flow as cross-border transfers can affect residency compliance.

It is an in-depth guide that AWS has published online, which is free to read. DPI and digital identity systems have layers of components and significant issues related to the public’s data. While the AWS guide does lean into AWS’ services and products, it offer a way of thinking about digital sovereignty, with a step-by-step approach that can be adapted.

For countries heavily invested in digital transformation, digital sovereignty has become increasingly urgent. For example, in Africa, statistics showed that only about two percent of all data produced by Africa is stored in Africa. African leaders and European leaders are prioritizing sovereignty on many levels.

To further aid policymakers and stakeholders, AWS produced a visualization, a visual guide to help those getting through the many parts. The graphic represents digital sovereignty as a layered stack, with “foundational security” as the core stack; “Policies, automated checks and attestations” is layered atop this, while the stack of “additional workload protection” builds on that. The final stack is “visibility, transparency, resiliency, portability.”

Complexity is formed of depth. Navigating data systems is complex but treating anything as a step-by-step process should help those trying to navigate a tricky path. Once navigated, the hard path is always rewarding, with the expertise and experience gained a valuable resource for those looking to walk the same road.

Article Topics

Amazon Web Services (AWS)  |  cross-border data sharing  |  data privacy  |  data protection  |  digital identity  |  digital public infrastructure  |  digital sovereignty