In a context marked by increased regulatory control and geopolitical tensions, data sovereignty is increasingly gaining weight on the business agenda. In this scenario, regulatory compliance is no longer seen as a formal requirement and becomes a business priority, especially with regard to data management and protection.

This is stated by Matías Cascallares, OEM Technologist at Confluent, who warns that “the location and control of information and data are already decisive factors in the choice of suppliers and the design of systems.” According to Cascallares, “this paradigm shift is leading companies to rethink what they really consider a data risk and how they guarantee their operational resilience in the face of new regulatory frameworks such as the Digital Operational Resilience Act (DORA) and data protection.”

Furthermore, the scope of data sovereignty is no longer limited to the most critical information, but now also includes data that was traditionally considered secondary, such as emails, system logs, usage data or metadata. The objective is clear: to guarantee comprehensive control over all data, and not only over the most sensitive ones, thus reinforcing data governance.

Data sovereignty goes beyond your location

Data sovereignty has become an operational challenge for companies, especially in international environments where activity is distributed across different countries and data flows. The current approach moves beyond the physical location of data to focus on how information is accessed, who can manage that data, and under what conditions the data is processed.

This new reality is reflected in everyday situations such as global services that operate continuously, where managing a case from another jurisdiction can raise questions about regulatory compliance, even when the data is not physically moved. Thus, remote access to data, in itself, has become a risk factor to consider.

These issues become relevant in key decisions such as supplier selection or contracting processes, while, in parallel, the lack of regulatory clarity on data is pushing companies to seek greater legal and operational security in data management.

As a result, regulatory compliance has escalated to a strategic level and is now part of the management agenda, with technology providers coming under increasing scrutiny over their data management and data protection practices.

This change is also evident in the evaluation processes, where companies are no longer satisfied with general mentions in compliance questionnaires, but rather require specific analyzes on data residency, cross-border access to data and operational data control. “At Confluent we have seen that interest in these issues has multiplied in the last year, going from being a secondary aspect to becoming the central focus of any evaluation of data providers,” says Cascallares.

Regulatory compliance becomes a business priority

In the financial sector, the growing demand for data sovereignty has intensified significantly. Today, this factor determines decisions from the initial phases, even before evaluating the technical capabilities of a data-driven solution.

Increasing regulatory demands, driven by frameworks such as the DORA Act, are forcing organizations to strengthen their control over technological risks and risks associated with data, especially when third-party providers are involved, reflecting a greater requirement for operational resilience in an environment increasingly dependent on third parties and data sharing.

In this context, the adoption of managed platforms introduces a new balance, since, although companies delegate the daily management of the infrastructure, the ultimate responsibility continues to fall on them, maintaining as their own obligations the supervision of data access, data traceability or the ability to demonstrate controls over the data independently of the provider.

As a consequence, new internal dynamics are being generated. As technology teams drive global and distributed data-driven models, legal and compliance are demanding greater assurance and control over data, giving rise to a new role for providers, increasingly acting as intermediaries to close that gap in data management.

Regulatory requirements redefine business operations

All of this reflects a fundamental change: compliance with regulations has ceased to be a secondary requirement and has become part of the daily operations of companies, especially with regard to data. The pressure to ensure data transparency and control is forcing providers to strengthen their processes, from certifications to auditing systems and data governance.

The impact on the organization is direct. Compliance is no longer just a legal issue, but a function that requires resources, specialized equipment, and conditions the way data-driven services are designed and operated.

In this sense, companies must take a more active role in managing their data. Thus, knowing what data they handle, where that data is stored and who can access it is no longer a good practice and has become a necessary condition in an increasingly demanding regulatory environment regarding data.

Governance as a new point of control

Beyond the policies, what really differentiates is how access, traceability and responsibility for data are managed in practice. Thus, data governance ceases to be a theoretical framework and becomes a key tool for operational data control.

This requires greater internal coordination and a more demanding relationship with suppliers, where the actual data operations weigh as much as the certifications. In this sense, the ability to demonstrate control over data is becoming consolidated as a clear indicator of the degree of maturity of market players. As Cascallares points out, “what we are seeing is that organizations are no longer differentiated by what they say in their policies, but by their ability to demonstrate how they really manage their data.”

Although it may be perceived as a regulatory burden, this new scenario responds to the evolution of the cloud model towards more demanding environments, integrating data governance into the day-to-day life of organizations and their positioning in the market.

Regulatory compliance has escalated to a strategic level and is now part of the management agenda

In addition, the regulatory focus will continue to evolve with new data-related areas, such as post-quantum cryptography, which anticipate that data requirements will continue to expand.

The market is already reacting: providers are strengthening their data-related processes, improving data transparency and raising data governance standards, in a movement that points towards a more robust and prepared ecosystem, in which the ability to manage these data requirements can become a differentiating factor.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.