Digital Sovereignty That Works in Practice: Local Control, Global Resilience

Digital sovereignty has shifted from a policy aspiration to an operational requirement. For organizations around the world - governments and international organizations, critical infrastructure operators, and regulated enterprises – questions like where security decisions are made, where transactions are processed, and where telemetry is stored now determine what technology can be deployed and how risk is managed. This trend will continue and those requirements are becoming more specific as policies and regulations proliferate across regions.

At the same time, another truth hasn’t changed: adversaries don’t respect borders. Attacks traverse global infrastructure, supply chains, and third parties without regard for jurisdiction. The explosion of AI has only increased the volume and sophistication of these attacks. So public and private organizations are being asked to reconcile two needs at once:

• Keep sensitive data under local authority and within local jurisdictions.
• Maintain security effectiveness, performance, and uptime at global scale.

Too often, the market frames this as a trade-off. From my perspective as Chief Reliability Officer and global cloud builder, both are possible and not opposing forces if architected correctly. Sovereignty only matters if it’s enforceable in architecture and sustainable in operations, especially under stress.

That’s why we’re expanding Zscaler’s digital sovereignty capabilities globally, powered by the Zscaler Zero Trust Exchange™ platform, to help customers meet strict local requirements without sacrificing global reach, speed, security, or uptime.

What customers really mean when they say “sovereignty”

Sovereignty isn’t a one-size-fits-all term. Different countries, industries, and risk teams define it in similar but locally nuanced ways - and for many organizations it’s best understood as a spectrum of requirements that varies by industry and evolves over time rather than a single one dimensional checkbox.

In practice, when customers come to us to operationalize sovereignty, the requirements usually center on practical, auditable control:

• Local authority over where users transact and their policy is enforced.
• In-country handling of security data and telemetry with assurances that content is not stored or shared.
• Clear separation of responsibilities and boundaries between regions.
• Proof through independent validation and certifications that the design matches the claim.
• Service continuity assurances - defined failover, recovery, and operational processes that preserve sovereignty during disruptions.
• Confidence that the service will remain predictable and available, not become fragile simply because it’s “localized”.

That last point matters more than people realize. If sovereignty is implemented in a way that introduces regional single points of failure or limits recovery options, it can increase operational risk. And customers don’t have the luxury of choosing between compliance and continuity.

Residency is not the same as control

A common misconception is that sovereignty can be satisfied by simply keeping some data “in-country.” Data residency is necessary, but it’s just the beginning.

Customers also need clear answers to questions like:

• Where is the control plane located and operated?
• Where are security decisions executed?
• Where are logs and telemetry stored and retained?
• When security services analyze content, does anything cross borders?
• Under outage conditions, what fails over - where, and under whose authority?

These are the questions that show up in procurement language, audit evidence requests, and business continuity planning. They’re also exactly why Zscaler was built from inception with a platform architecture that separates control, data, and logging planes.

That separation enables a decentralized model: customers can keep sensitive operations within a region while still benefiting from a cloud platform designed to operate globally at scale.

What we’re expanding

With this announcement, we’re expanding and unifying sovereignty and resilience capabilities on our AI-powered Zero Trust cloud platform. We already offer global and in-region services across markets such as the UK, the European Union, Switzerland, India, Singapore, Australia, and Japan. We’re extending these capabilities further, including:

• Extending our dedicated European control plane.
• Introducing in-country data and logging services to new regions, including a forthcoming deployment in Canada.
• Continuing to invest in regional capacity and local operational support as sovereignty requirements evolve.

We’re also deepening the controls customers need in practice, including:

• Keeping sensitive inspection in-country. With in-region malware analysis, customers can already choose where to analyze suspicious content locally, reducing cross-border exposure and helping align inspection workflows with national handling requirements.
• Meeting mandates that require dedicated infrastructure. Private Service Edge options provide certified, single-tenant deployments (customer-hosted and Zscaler-managed), giving customers a path for environments that require specific hardware, accreditation, or isolated operations, without giving up a consistent Zero Trust architecture and seamless options to integrate with the global Zero Trust Exchange.
• Region-specific expertise to meet letter and spirit. Dedicated technical expertise helps customers translate national regulations into practical policies and configurations, so data handling, logging, retention, and access controls match the intent of local requirements, not just the language.

Sovereignty isn’t a one-time deployment. It’s an ongoing capability that has to work across policy, architecture, operations, and validation.

Compliance is only credible when it’s provable

Sovereignty requirements are enforced by audits, assessments, and certifications - not promises.

Zscaler’s approach is backed by rigorous third-party validation, including verification that the platform handles sensitive data securely, encrypting and decrypting traffic without writing data to disk, and supporting confidentiality for sensitive transactions. We also support the practical controls customers rely on to operationalize compliance including:

• Customer-controlled keys, integrated with hardware security modules (HSMs), ensuring only authorized parties can decrypt traffic. This supports stricter separation-of-duties models (e.g., where the cloud provider operates the service, but the customer retains cryptographic control), with clear audit evidence around key custody, access, and rotation.
• Our patent pending “collect once, certify all” approach designed to streamline compliance across major frameworks and regional standards. By designing controls and evidence collection to be reusable, customers can reduce duplicated audit work when they need to demonstrate alignment across multiple regimes (for example, national cloud requirements plus industry certifications).
• Flexible logging, including options for on-premises log servers to support strict regional mandates. Customers can choose where logs are stored and who can access them, so telemetry can stay in-country (or on-prem) while still feeding the security operations workflows teams rely on for detection, investigations, and compliance reporting.

For customers, the goal is straightforward: faster time to compliance, fewer architectural compromises, and fewer exceptions that become tomorrow’s risk.

Here’s the reliability reality: sovereignty without resilience is a fragile promise and not fit for purpose for the modern enterprise. Leaders need confidence that sovereign configurations won’t trade away availability. They need to know the platform won’t become a single point of failure. They need continuity plans that work in practice, not just in diagrams and decks.

Zscaler owns and operates its cloud infrastructure, designed to withstand failures at multiple levels without turning localized disruption into widespread outage. For customers running essential services, that resiliency isn’t a nice-to-have, it’s the foundation of business continuity.

That’s why I often say:

“The true measure of a security cloud isn’t just performance on sunny days—it’s resilience when storms hit.”