A few weeks ago, I was at the Women in Tech Global Summit in Cape Town, and one topic kept coming up in almost every conversation: digital sovereignty.
I went into it expecting the usual conversations—compliance, regulations, cloud regions. And yeah, those came up.
But that’s not really what people leaned into.
The discussion felt different. It was less about frameworks and more about control.
It felt more like a question than a concept: if you don’t control your data and infrastructure, do you really control your future?
What made it even more interesting is that this wasn’t just coming from one event. Around the same time, the TDGI Africa Symposium was bringing together policymakers and technologists to talk about very similar topics—how to reduce dependence on externally defined models, how to build data protection and AI frameworks that actually reflect local needs, and how Africa positions itself as a real participant in shaping the global digital landscape.
So it didn’t feel like isolated conversations. It felt like a broader shift.
What I found interesting is that the discussion in Africa wasn’t framed as a restriction or a limitation. It was about building something more sustainable. Keeping data local wasn’t just about location—it was about governance, ownership, and making sure decisions are made in the right context, by the right people.
A lot of the conversations focused on real initiatives—fintech for underserved communities, programs helping more women move into tech, and efforts to expand digital inclusion. It felt less like theory and more like actual progress.
There was also a strong connection between policy and practice. It wasn’t just about technology—it was about aligning policymakers, innovators, and communities around a shared direction. Not importing models from somewhere else, but building something that actually works locally.
After coming back, I realized we’re having the same conversation in Europe, just in a different language.
Here, digital sovereignty shows up as GDPR, regulatory pressure, concerns around hyperscalers, and protecting critical infrastructure. It sounds more technical, maybe even more formal. But underneath, it’s the same core concern: what happens if we lose control?
And I think this is where we might be oversimplifying things.
A lot of people still equate digital sovereignty with data residency. As in, “our data is stored in Europe, so we’re fine.” But that’s not really the full picture.
Even if your data sits in a specific region, the laws that apply to it can still depend on the provider. So location alone doesn’t automatically mean control.
If anything, sovereignty is a combination of things: where your data lives, who can access it, what laws apply, whether you can move it, and maybe most importantly—whether you can still operate if something changes outside your control.
That last part is where things usually get uncomfortable.
Because the more we rely on cloud platforms, the more we need to be honest about what we’re gaining—and what we’re giving up.
Cloud has given us speed, scalability, flexibility. No question about that.
But it also introduced new dependencies that we don’t always think about upfront. Being tied to one provider, dealing with complex exit paths, relying on services we don’t fully control, and in some cases assuming that certain things are taken care of when they’re not.
This is where the shared responsibility model becomes important—because it forces a reality check.
All major cloud providers—AWS, Microsoft Azure, Google Cloud—follow this model. They’re responsible for the infrastructure, but you’re responsible for your data and how it’s protected.
And this is where a lot of assumptions break.
Just because your data is in the cloud doesn’t mean it’s backed up properly. It doesn’t mean it’s protected from accidental deletion, ransomware, or misconfiguration. It doesn’t mean you can recover it independently if something goes wrong.
That part is still on you.
Which is why, at some point, the whole sovereignty conversation naturally lands on backup.
Not because backup is exciting—but because it’s what actually determines whether you’re in control when something fails.
You can have the best architecture, the most advanced cloud setup, and still be completely blocked if you can’t recover your data on your terms.
Backup is your fallback when everything else stops working. It’s your safety net during outages, your last defense against ransomware, and your proof point when someone asks, “are you really in control of your data?”
And if your backup strategy isn’t designed with that in mind, sovereignty becomes more of an idea than a reality.
In practice, it comes down to very simple things.
Do you know where your backups are stored?
Can you control that location?
Who controls access to that data?
Who owns the encryption keys?
Can you recover if your primary provider is unavailable?
Can you move your data if you need to?
These aren’t theoretical questions. They’re the ones that tend to come up when something is already going wrong.
This is also where the tools you use start to matter especially in terms of flexibility.
Working in the Veeam ecosystem, what stands out is the ability to keep options open. Being able to move workloads between environments, choose where backups live, implement immutability, and isolate recovery when needed.
It doesn’t magically solve sovereignty, but it gives you the ability to design for it.
And I think that’s the shift we’re seeing right now.
Digital sovereignty is no longer just a policy discussion or something for regulators. It’s becoming part of how we think about architecture, risk, and ownership.
What I took from Cape Town is that this is happening everywhere—but with different entry points.
In Africa, it’s being shaped through economic growth, local ownership, and collaboration between policy and tech communities.
In Europe, it’s driven by regulation, compliance, and resilience.
But the underlying question is the same in both places:
Can we continue to operate if something outside our control changes?
Because in the end, that’s what sovereignty really comes down to.
Not where your data sits, but whether you’re still in charge when it matters most.
And if you can’t recover your data independently, you’re probably not as in control as you think.
