The Microsoft Cloud for Sovereignty represents a significant advancement at the intersection of global demand for innovation and evolving national policies regarding data privacy and control. It ushers in a new era for governments worldwide, providing a secure avenue for modernizing their technology infrastructure and workflows.
Today, we are announcing public preview of the Microsoft Cloud for Sovereignty. Furthermore, we are announcing our planned general availability of the Microsoft Cloud for Sovereignty for this December. This solution will enable governments to meet their compliance, security and policy requirements while harnessing the cloud to deliver value to their citizens.
Since the inception of the cloud, government customers have faced limitations with digital transformation, in part because of the need for controls to meet specific national and regional requirements. Over recent years, innovators within global governments have asked for alternatives to the heavy capital expense and operational costs of a legacy approach, both to reduce the overhead of owning and operating datacenters and to facilitate modernization. Additionally, evolving policy decisions such as the European Commission’s EU-U.S. Adequacy Decision in July 2023 under the EU General Data Protection Regulation (GDPR) now provide legal support for continued adoption of hyperscale cloud computing by government customers within the EU.
With these two trends converging in the public sector, and with specific requirements varying by country, Microsoft Cloud for Sovereignty is grounded in a repeatable best-practice approach that can be leveraged to assist with complex regulation achievements. This solution features industry-leading data sovereignty and encryption controls, enabling governments to easily create solutions tailored to help address regional and national requirements.
A principled approach to digital sovereignty
At Microsoft, we believe in transparency so that people and organizations can control their data and have meaningful choices in how it’s used. We empower and defend the data privacy choices of every person who uses our products and services.
Our principled approach to digital sovereignty in the cloud builds on our principled approach to data privacy in the cloud. We understand that sovereignty can mean different things for different scenarios, and as we work with customers and partners around the world the common thread is a need to determine for themselves where their data resides and how it’s protected, including who has access to that data.
For most government needs, the security, privacy and compliance capabilities of the Microsoft Cloud already deliver on their requirements, regulations and standards — the additional capabilities we’re providing with the Microsoft Cloud for Sovereignty are designed specifically for countries with jurisdictional requirements around sensitive data. With all Microsoft Cloud solutions, customers benefit from industry-leading cybersecurity, along with the broadest compliance and more regions than any other cloud provider.
A keystone offering for national requirements
Our collaboration with partners who deeply understand national requirements enables us to provide a global solution for local requirements. These requirements are often complex due to a layered landscape of evolving policy, trends and regulations. The solutions Microsoft Cloud for Sovereignty delivers have been validated by governments and their partners as a preferred way to unlock cloud value. I’ve had the opportunity to talk with many of our pilot customers and wanted to share a glimpse into how two of them are using this solution.
In the Netherlands, the National Cyber Security Centre (NCSC), a leader in cyber security guidelines and advisories, including those related to secure cloud adoption, is working to establish a cloud center of excellence enabling compliant and rapid cloud adoption. To this end, NCSC is currently piloting Microsoft Cloud for Sovereignty with sovereign landing zones and built-in policy initiatives to meet the Dutch BIO regulation. In the NCSC’s own words,
“The National Cyber Security Centre (NCSC) is piloting avenues to adopt and use secure, robust public cloud offerings,” says Arnoud van Petersen, CIO & Head of IT Services at NCSC-NL. “Microsoft Cloud for Sovereignty, with its specialized features like sovereign landing zones, and well-developed security and AI capabilities provide a solution that fits our strategy of enabling cloud innovation without compromising sovereign controls.”
InSpark, (a subsidiary of Royal KPN), is a fully dedicated Microsoft Cloud Incubator for mission-critical infrastructures for the government and enterprises. InSpark is working to provide a compliant and repeatable approach to meet the demands of Dutch public sector customers, such as the Municipality of Amsterdam, with Microsoft Cloud for Sovereignty.
“At Municipality of Amsterdam, Cloud for Sovereignty will enable us to leverage cloud capabilities for processes that use or create sensitive information. By migrating from an on-premises datacenter to the cloud in compliance with the relevant classification within the Dutch BIO regulation, this enables us to efficiently offer modern services and ultimately improve the experiences of our citizens,” says Patrick Scholte, Director Platforms & Development, Municipality of Amsterdam.
A sampling of other regional and global partners:
- In Sweden, Atea is at the forefront of exploring new potentials of leveraging technology and functionality through the public cloud while incorporating additional security measures provided by Microsoft Cloud for Sovereignty. With these enhanced capabilities for managing sensitive data in the cloud, Atea is empowering public customers to deliver digital services and assisting government agencies in improving citizens’ digital experiences. Additionally, Atea supports customer use cases enabling advanced predictive healthcare by utilizing Microsoft Cloud for Sovereign technology to analyze highly sensitive data.
- In the United Arab Emirates, G42 enables the UAE public sector and regulated industries clients to use new platform capabilities for securing data and workloads, providing access to the latest cloud and AI features available on Azure and helping them comply with local privacy and regulatory requirements.
- In Italy, Leonardo is part of the consortium that delivers the Polo Strategico Nazionale (PSN), which translates as “National Strategic Hub,” that aims to provide a centralized, secure and compliant set of cloud services for public administrations in Italy, ranging from central entities like the ministries, down to regional and local governments such as health agencies and Leonardo is using Microsoft Cloud for Sovereignty to deliver solutions for multiple customers that leverage the economies of scale, security levels and pace of innovation that today are only available with hyperscale clouds.
- According to recent research from Accenture, European enterprises are increasingly embracing sovereign cloud, with 37% already invested and 44% planning to invest in the next two years. With 137 countries enacting some form of data protection and sovereignty laws, Accenture can use Microsoft Cloud for Sovereignty to support governments with a sound sovereign cloud strategy to establish control of their data while unlocking new sources of value in the digital realm.
Landing tailored policies with sovereign controls
Our intent with the Microsoft Cloud for Sovereignty is to unlock cloud innovation for governments through tailored sovereign controls, and our technical approach is grounded in repeatable best practices designed to help customers achieve their regional and national requirements.
With the start of the public preview today, we’re releasing:
- The Sovereign Landing Zone and policy initiative now available on GitHub, which instantiates guardrails for sovereign cloud environments for customer workloads, enabling customers to leverage best practices for secure and consistent environments while supporting their efforts to meet evolving local regulations.
- Support for Italy’s ACN requirements and Netherlands BIO regulation which help customers more easily monitor, guard and report on their compliance in Azure.
- Transparency Logs, available to eligible customers, provides customers with visibility into key operational activities of Microsoft engineers to support customer service and service reliability issues.
- Automated workload templates for Azure Confidential Computing and Azure Lighthouse as examples for building workloads using these technologies for sovereign environments to speed learning and adoption.
- Technical documentation on Microsoft Learn.
Learn more:
Start exploring the new capabilities today and get started with the Sovereign Landing Zone. Stay tuned for more updates on Microsoft Cloud for Sovereignty by bookmarking microsoft.com/sovereignty.
As we turn the corner into a new era for government innovation in the cloud, we look forward to continuing to serve customer needs for preferred solutions that facilitate innovation while helping meet their various compliance, security and policy requirements.