The concept of digital sovereignty is not new. However, the issue has gained renewed urgency. We are in many ways currently witnessing digital sovereignty on steroids, prompting business leaders to ask a critical question: can we still trust our technology partners to safeguard our data?
The new US administration’s ‘America First’ agenda has resulted in many European organisations scrutinising their technological dependencies, particularly their relationships with US technology providers.
“Since 20 January 2025, we’ve seen an unprecedented acceleration in the focus on the necessity of digital sovereignty in Europe,” explains Casper Klynge, VP of European government affairs at Zscaler. “The mindset today versus five or six months ago is completely different.”
“It’s not only the CIOs or the CISOs having these discussions. This is in the CEO’s office, it’s in the boardroom. This is existential.”
Digital sovereignty demystified
As the term ‘digital sovereignty’ gains currency, its definition to date has remained somewhat nebulous. “You’ll probably find as many versions of what sovereignty means in the digital context as people you ask,” says Klynge.
However, he outlines three core elements that define the current European discussion: data storage location, data control and protection against unauthorised access.
Data localisation
Knowing where your data is stored and processed.
Data control and monetisation
Ensuring organisations can innovate and extract value from their own data.
Protection from external access
Preventing foreign parties, like nation states, competitors, or cybercriminals from accessing critical information.
“You can in principle be agnostic on data localisation and still be laser-focused on whether your infrastructure is protected from outside access. That third point is essential for every organisation in Europe,” says Klynge.
Outside of any current concerns regarding US tech providers, national demands - such as those governing critical infrastructure - may impose additional localisation requirements or stricter data handling rules. This regulatory complexity has only intensified with the rise of global SaaS and cloud services, which often involve cross-border data transfers and third-country access risks.
Elsewhere, protection goes beyond the intelligence agencies that dominated past debates. Industrial espionage is now front and centre. “If you take the European automotive industry, for example, they’re not only worried about governments accessing their data – they’re deeply concerned about competitors gaining access to those datasets,” says Klynge.
As a result, many organisations are moving away from centralised security systems, towards architectures such as zero trust technology pioneered by Zscaler, which can be configured to better meet local requirements.
The technology response: Zscaler’s approach
Zscaler’s role is to provide secure access without compromising digital sovereignty. But what differentiates the company in the European debate is what it doesn’t do.
In today’s geopolitical climate, digital sovereignty is being reframed
“We do not store or own customer content. That’s a fundamental part of our commitment to sovereignty,” says Klynge.
While Zscaler inspects encrypted traffic to detect threats, it does so in real time, without saving the data. This means customers benefit from the power of Zscaler’s security stack, without relinquishing ownership or privacy.
Beyond the non-storage principle, Zscaler enables customers to keep both data storage and transaction processing within the EU. This flexibility addresses a major requirement of many European CISOs.
“You can choose to keep your data and workloads entirely within the EU if that’s what you need, ” says Klynge. “Others may be more relaxed, but the key is that the option exists. That’s how you give customers assurance and control.”
Sovereignty and zero trust: a natural fit
While digital sovereignty isn’t synonymous with any one technical architecture, zero trust has emerged as one of the most compelling responses to the sovereignty challenge.
“Zero trust architecture is conceptually a very different approach,” says Klynge. “It’s about not trusting anything by default – not users, not devices, not networks – until verified. That’s exactly the level of control digital sovereignty demands.”
Zscaler’s zero trust model anonymises users’ IP addresses and limits exposure by ensuring users only connect to applications they’re authorised to access, not the entire network. The result is a massive reduction in attack surface, something increasingly critical in an environment where cybercriminals are using AI to scale attacks against all targets, including small and mid-sized enterprises.
“Today, bad actors can afford to attack everyone, not just high-profile targets. That’s the impact of generative AI,” says Klynge. “In that world, you need a security provider you can trust 100%.
“Zscaler has a track record in defending customer data, and a long history of resisting access requests. Our transparency report shows we’ve never disclosed data on the basis of external requests.”
Practical guidance for CISOs
For CISOs or CIOs building a digital sovereignty strategy, Klynge offers three key recommendations:
Review existing tech with new eyes
“There’s a pre-2025 due diligence framework and a post-2025 one,” he says. “Take a hard look at whether your current technology truly supports sovereignty and control.
Demand transparency and configurability
“Can your provider offer control over where data is stored and processed? Do they provide legal protection from foreign access? Scrutinise these claims carefully.”
Choose technology that reduces risk and cost
Zero trust approaches can also save money by reducing the need for expensive, legacy hardware. “It’s definitely not a bad thing that you can increase security and reduce costs at the same time.”
In today’s geopolitical climate, digital sovereignty is being reframed – not as a call for isolation, but as a matter of clarity, visibility and control. By understanding their data, choosing the right technology partners and implementing robust zero trust architectures, organisations can protect their most valuable digital assets while maintaining the agility needed to compete in a global marketplace.
For more information please visit zscaler.com
The concept of digital sovereignty is not new. However, the issue has gained renewed urgency. We are in many ways currently witnessing digital sovereignty on steroids, prompting business leaders to ask a critical question: can we still trust our technology partners to safeguard our data?
The new US administration’s ‘America First’ agenda has resulted in many European organisations scrutinising their technological dependencies, particularly their relationships with US technology providers.
“Since 20 January 2025, we’ve seen an unprecedented acceleration in the focus on the necessity of digital sovereignty in Europe,” explains Casper Klynge, VP of European government affairs at Zscaler. “The mindset today versus five or six months ago is completely different.”
