Omdia: Fragmented global regulatory approach to data sovereignty poses significant compliance challenges

LONDON, April 10, 2026: Omdia’s new report Digital Sovereignty: Data Protection, Residency, and Localization Policies and Regulation reveals that sovereignty is increasingly becoming a key strategic priority for telecom operators and is also shaping regulatory discussions regarding AI, cloud, and data protection. The report, which focuses on one crucial aspect of the sovereignty agenda - data sovereignty - finds that ensuring data sovereignty presents several challenges for businesses, including additional operational costs and difficulties in implementing new processes.

“Data sovereignty raises questions about the use of cloud services and imposes operational expenses on businesses, requiring them to train employees on sovereignty laws, design new technologies, recruit staff, and implement new processes,” explained Sarah McBride, Principal Analyst, Regulation, at Omdia. 

When it comes to government policies and regulations, the EU has attempted to set the blueprint for others to replicate, having announced its European Cloud Sovereignty Framework in October 2025. One aspect of the framework focuses on data sovereignty. However, it is not only the EU that is advancing data sovereignty measures; many Asian countries, such as India, Vietnam, and Indonesia, are also following suit. 

“Despite many jurisdictions incorporating some form of sovereignty into their data protection regulations, there is no universally agreed definition, making compliance challenging.  This has resulted in the growing fragmentation of regulatory frameworks worldwide,” said McBride. 

More than 100 countries have adopted some form of data sovereignty or localization laws, but Omdia’s report shows that the requirements vary significantly. Countries with the strictest requirements include Russia, China, Vietnam and Indonesia. While the EU’s General Data Protection Regulation does not strictly mandate data localization, it restricts data transfers to countries that do not have adequate data protection standards. Meanwhile, the US has sector-specific rules, so these requirements are limited to sectors such as healthcare or finance, rather than being covered under a single federal law. According to the report, the overall global trend, however, is towards increasing data localization.

“Not only are there differences between countries, but even at a national level, data sovereignty is often regulated through several different laws, rather than just one standalone regulation. As a result, businesses are facing diverse and sometimes conflicting rules on data protection, localization, and cross-border data flows. The fragmented landscape also raises compliance costs and operational complexity which multinational businesses must navigate,” concluded McBride.