Who Holds the Keys to Digital Sovereignty? It Might Not Be Who You Think

The rise of digital identity as a cornerstone of public infrastructure has turned sovereignty into a strategic priority for governments worldwide. At MOSIP Connect 2026 in Rabat, policymakers, vendors, and civil‑society actors debated how to keep national ID systems under domestic control while still leveraging cloud economies of scale. The conference highlighted a growing tension: countries want the agility of global cloud providers but fear that data residency rules alone cannot guarantee true autonomy. This debate mirrors broader geopolitical moves, with the EU drafting digital‑sovereignty frameworks and the United States urging allies to reject restrictive data‑localisation mandates.

Vendors responded with ‘sovereign cloud’ offerings designed to sit inside a nation’s own data centre while retaining the operational benefits of a public provider. AWS showcased Outposts, a fully managed rack that extends Amazon’s services into on‑prem environments for countries lacking a native region. The United Nations International Computing Centre introduced UNIQCloud, an open‑source‑driven platform that pools shared infrastructure for UN agencies and member states. Panelists, however, warned that physical location matters less than who holds the cryptographic keys; key management, rather than mere data residency, emerged as the decisive factor for genuine digital sovereignty.

The consensus was clear: technology alone cannot secure sovereign identity; a skilled talent pool and robust governance are equally essential. Morocco’s recent cyber‑attack wave forced the country to disperse data centres and adopt an Azure‑based sovereign cloud backed by Oracle security, illustrating how threat‑driven architecture can accelerate sovereign cloud adoption. Meanwhile, Singapore’s GovTech pays market‑rate engineers while running its ID platform on AWS, showing that competitive compensation can attract the expertise needed to manage outsourced infrastructure. As Europe tightens its digital‑sovereignty agenda and the U.S. pushes back on data‑localisation, nations will have to balance openness with control, making cryptographic key ownership and open‑source hardening the linchpins of future digital public infrastructure.