FR Request a demo
PlatformPlatform overviewLakehouse & catalogData warehousingData engineering
AI & analyticsAI & machine learningBusiness intelligenceNotebooksCompute
Govern & integrateGovernanceSecurity & sovereigntyBring your own cloud
SolutionsDefense & armamentHealthcare & life sciencesFinanceBankingInsuranceManufacturing & industryPublic sectorSee all industries
DocsOverviewQuickstartAPI referenceSDK & CLIAuthenticationCore concepts
PricingBlog
Request a demo

The logbook

What a sovereign data platform actually means (and what it doesn't)

#sovereignty #architecture

“Sovereign” has become the most overloaded word in European cloud marketing. Every provider now has a sovereign offer, a sovereign region or a sovereign partnership. Most of them are useful improvements. Few of them survive a precise definition. This article proposes one.

A working definition

A data platform is sovereign when no entity outside your chosen jurisdiction can access, block or seize your data, and you can leave the platform without losing it. That single sentence implies five testable properties.

1. Jurisdiction of the operator, not location of the metal

The question is never “where are the servers?” It is “who can be legally compelled, and by whom?” A platform operated by a US-owned entity is subject to the Cloud Act wherever the servers sit. Sovereignty starts with the ownership chain of every operator in the stack: the cloud provider, the platform vendor, the subprocessors.

2. Keys you hold

Whoever can decrypt your data can be ordered to. If the platform vendor holds your encryption keys, your sovereignty is a policy promise. If the keys stay in your own account and credentials are encrypted at rest, it is an architectural fact.

3. Residency you can prove

“EU data residency” should not be a contractual clause you trust. It should be a property you can verify: this bucket, this region, these files. When an auditor or a customer asks where the data lives, the answer should be a query, not a meeting.

4. Open formats

Proprietary table formats turn sovereignty into dependence with extra steps: your data may be in Europe, but only one vendor’s engine can read it. Open standards like Apache Iceberg and Parquet mean any engine, today or in ten years, can read your tables. Format lock-in is jurisdiction lock-in with better branding.

5. A real exit

The final test is brutal and simple: cancel the contract in your head and watch what happens. If your data, your pipelines and your history remain usable on infrastructure you control, the platform was sovereign. If they do not, you rented sovereignty, and the lease just ended.

What sovereignty is not

It is worth being honest about the inverse, because overclaiming hurts the whole European ecosystem:

  • Sovereignty is not a region name. An EU region on a non-EU cloud changes latency, not jurisdiction.
  • Sovereignty is not a partnership press release. A local reseller in front of a foreign operator does not change who can be compelled.
  • Sovereignty is not isolation. A sovereign platform can still pull open models from the Hugging Face Hub or serve dashboards to Power BI. What matters is the direction of dependence: things may flow in; your data does not flow out.

The five-question test

Before you sign anything, ask:

  1. Who owns every operating entity in the chain?
  2. Who holds the keys?
  3. Can I point at the exact bucket and region where my data lives?
  4. Can another engine read my tables without this vendor?
  5. What survives if I leave tomorrow?

A sovereign platform answers all five in one breath. Polnor’s answers: European entities only; your keys in your account; your OVHcloud or Scaleway bucket in the region you chose; open Apache Iceberg anyone can read; and everything survives, because it was always yours.

If you want to run the test against your current stack, request a demo and bring the hard questions.

← All articles Request a demo