Bangalore, India, September 18, 2025 – Pure Storage® (NYSE: PSTG), the IT pioneer that delivers the world’s most advanced data storage technology and services, today released new insights on data sovereignty in collaboration with the University of Technology Sydney (UTS). The analysis reveals how geopolitical uncertainty and regulatory evolution are transforming data sovereignty from a compliance issue into a fundamental business risk affecting competitiveness, innovation, and customer trust.
A qualitative pulse-survey of industry leaders across nine countries revealed unanimous concern about the risks of inaction around data sovereignty:
- 100% confirmed sovereignty risks, including potential service disruption, have forced organizations to reconsider where data is located
- 92% said geopolitical shifts are increasing sovereignty risks
- 92% warned inadequate sovereignty planning could lead to reputational damage
- 85% identified loss of customer trust as the ultimate consequence of inaction
- 78% are already embracing different data strategies, such as implementing multi service provider strategies; adopting sovereign data centers; and embedding enhanced governance requirements in commercial agreements
The survey identifies a “perfect storm” where service disruption risks, foreign influence concerns, and evolving regulations converge to create unprecedented exposure for businesses and nations. Organizations now face potential revenue loss, regulatory penalties, and irreparable damage to stakeholder trust if these risks are not proactively addressed.
Navigating Data Sovereignty Risk
The solution to the sovereignty challenge is not a binary choice between detaching from all public cloud services or an outright disregard for all risks associated with data sovereignty. Pure Storage recommends a more intentional assessment of organizations’ strategic objectives. This requires a proactive and thoughtful process that analyses the risk landscape to identify which services and data sets are most critical and sensitive, and places these workloads in sovereign environments, while leveraging public cloud for less crucial functions. This balanced approach enables organizations to maintain compliance and control without sacrificing the innovation and agility that organizations need to remain relevant in today’s fast-paced business environment.
“The Access Group handles sensitive end-user data for our customers across the world, from the National Health Service in the UK to the Tax Department in Australia. Data sovereignty is an absolutely critical issue for us and our customers. In fact, they ask that it be written in our contracts. With Pure’s help, we are able to deliver sovereign Enterprise Data Clouds in each of our data centers around the world,” said Rolf Krolke, Regional Technology Director, APAC, The Access Group.
“The potential consequences of not having a modern and realistic data sovereignty strategy are acute. Loss of trust, financial damage and competitive disadvantages are possible outcomes that cannot be ignored. We recommend a hybrid approach to data sovereignty: start with a risk assessment across workloads, keep critical workloads sovereign, and use the public cloud for the rest. A balanced strategy optimizes reducing risk while maintaining speed of innovation and organizational resilience,” said Alex McMullan, Chief Technology Officer, International, Pure Storage.
Pure Storage’s perspective on data sovereignty is presented in a position brief which emphasizes that successful navigation requires strategic risk assessment, hybrid approaches that combine sovereignty with innovation, and proactive preparation for regulatory evolution. Organizations taking action now position themselves for competitive advantage as sovereignty requirements expand globally.
“These are wake-up call numbers. Every single leader we interviewed is rethinking data location. The message is clear: sovereignty is no longer optional, it is existential,” said Gordon Noble, Research Director at UTS’s Institute of Sustainable Futures.
“Data sovereignty has evolved from a technical challenge to a critical business issue. Organizations that don’t address where their most important data and services are located risk service disruption, regulatory non-compliance, and reputational damage. We expect to see data sovereignty treated as a strategic priority in 2025 and beyond, safeguard long-term business continuity and trust. Organizations that focus on pragmatic strategies to enhance data resilience, control and strategic autonomy can minimize dependencies, risks, and exposures,” said Archana Venkatraman, Senior Research Director, Cloud Data Management, IDC Europe.