For the better part of the last decade, the mantra in every C-suite across Singapore and the Asia Pacific has been “Cloud-First.” It was a race to the public cloud, driven by the promise of infinite scalability, rapid innovation, and a shift from CapEx to OpEx. But as we move into February 2026, that mantra is being replaced by a much more complex, and frankly, much more urgent one: “Sovereign-First.”
The latest data from Gartner confirms a trend I’ve been seeing on the ground for months. Worldwide spending on Sovereign Cloud Infrastructure as a Service (IaaS) is forecast to reach a staggering $80.4 billion in 2026. That’s a 35.6% jump in just one year. But the number itself isn’t the story; the story is the fundamental structural shift it represents—a shift we’ve begun calling “Geopatriation.”
As someone who has advised VPs and Directors at major financial institutions and government agencies through multiple waves of digital transformation, I can tell you that this isn’t just about where your data sits. It’s about who has jurisdiction over it.
Geopatriation: The Digital Reshoring
“Geopatriation” is a term that has quickly moved from academic circles to the boardroom. Think of it as the digital counterpart to industrial reshoring. Just as manufacturers are moving critical supply chains closer to home to mitigate geopolitical risk, enterprises are now moving their most sensitive digital workloads closer to home—or at least into jurisdictions they can trust.
We’re not just talking about moving data out of the public cloud and back to on-premises servers (though that is happening in some highly regulated sectors). We’re talking about a move toward “Sovereign Clouds”—platforms that offer the same scalability and performance as the global hyperscalers but operate under local laws, local ownership, and local operational control.
Gartner estimates that 20% of current workloads will shift from global hyperscalers to local, sovereign providers by the end of this year. This isn’t a retreat from the cloud; it’s a refinement of it. It’s an acknowledgment that not all workloads are created equal, and some simply cannot afford the risk of being subject to foreign “extraterritorial” laws.
The Legal Collision: Why Data Residency Isn’t Enough
For years, many of my clients felt that “Data Residency”—ensuring the data physically sits in a Singaporean or Australian data centre—was enough to satisfy regulators.
Frankly, that was an illusion.
The collision between the US CLOUD Act of 2018 and the more recent EU Data Act has shattered that illusion. Under the US CLOUD Act, the US government can compel an American company—think AWS, Azure, or Google—to provide access to data it holds, regardless of where that data is physically stored. If an American company operates the data centre in Singapore, that data is, in the eyes of the US legal system, subject to US jurisdiction.
On the other side, the EU Data Act and the newly proposed EU Cloud and AI Development Act of 2026 mandate that data be protected from exactly this kind of “undue external interference.” This isn’t just about privacy; it’s about industrial espionage and strategic autonomy. The EU now requires that any provider handling “critical national data” must be immune to extraterritorial warrants. This has effectively created a two-tier cloud market: global hyperscalers for general workloads and sovereign providers for critical ones.
The bottom line is that in 2026, jurisdiction trumps geography. If your cloud provider is subject to the US CLOUD Act, your data isn’t truly sovereign, no matter which city the server is in. This realization is what’s driving the $80 billion surge. Enterprises are moving to providers that are not only local but are also legally immune to foreign subpoenas. We are seeing a massive shift in how legal teams evaluate cloud contracts, moving beyond “where is the data” to “who is the parent company and what laws are they subject to.”
The Sovereign AI Mandate
The shift is being accelerated by the sudden, massive demand for Sovereign AI.
I remember a conversation with a CISO at a major regional healthcare provider late last year. They were eager to deploy Large Language Models (LLMs) to analyse patient data for better outcomes. But they hit a wall. They couldn’t send that data to a foreign-owned cloud for processing without violating a dozen different national privacy laws.
The solution wasn’t to abandon AI; it was to find a “Sovereign AI” environment—a local cloud where they could train and run their models without the data ever leaving the jurisdiction or being accessible to foreign entities.
Governments now view data as a strategic national asset—the “oil” of the 21st century. They are increasingly unwilling to see that asset exported to foreign clouds where it can be used to train models that they don’t own or control. We are seeing a massive rise in Small Language Models (SLMs)—domain-specific AIs that are small enough to be run in these local, ring-fenced environments.
Regional Hotspots: The Global Map of Sovereignty
While China remains the largest spender in this space ($47.4 billion), the growth in other regions is explosive. Europe is currently the fastest-growing major market, driven by its aggressive regulatory stance. But look closer at the Asia Pacific and the Middle East, and you’ll see growth rates of 87% and 89% respectively.
In the Middle East, we are seeing a “Sovereign-by-Default” mandate for all new government and energy sector projects. Nations like Saudi Arabia and the UAE are investing billions in their own local cloud infrastructure, viewing it as a critical component of their post-oil economic strategies. They aren’t just buying cloud services; they are building a national digital foundation that is entirely under their control.
In Mature Asia/Pacific—countries like Japan, South Korea, and Australia—the shift is being driven by the banking and healthcare sectors. In Australia, for instance, the “Protected” level of data classification now virtually mandates the use of sovereign providers. Global hyperscalers are responding by partnering with local firms to create “Sovereign Regions,” but for many VPs and Directors I speak with, the preference is still for a purely local provider to ensure absolute jurisdictional clarity.
In Singapore, we’ve always been ahead of the curve in terms of digital governance. But even here, the shift toward sovereign-first architecture is palpable. The partnership between HTX and Microsoft to build a sovereign cloud for Singapore’s Home Team is a perfect example. It acknowledges that for the most sensitive national security workloads, a standard public cloud—even one with local data centres—is simply not enough.
This hybrid, multi-cloud model is the new standard. It’s not an “all or nothing” proposition. It’s about being strategic. It’s about knowing which 20% of your workloads need the protection of a sovereign cloud and which 80% can thrive in the global public cloud. For a major regional bank, this might mean keeping the core banking ledger and customer identity data on a sovereign platform, while using a global hyperscaler for its customer-facing mobile app and marketing analytics.
The Architecture of Trust
So, how does a modern enterprise navigate this $80 billion shift? Based on my experience advising at the VP and Director levels, it comes down to three pillars:
1. Jurisdictional Mapping
Stop asking where the data is stored and start asking who owns the provider. Do a deep dive into the legal obligations of your cloud partners. Are they subject to the US CLOUD Act? If so, what is your fallback plan for workloads that require jurisdictional immunity?
2. Sovereign-First Design
When building net-new digital solutions—especially those involving AI—start with a sovereign-first mindset. It is infinitely harder to “geopatriate” a workload after it’s been built on a global hyperscaler than it is to architect it for sovereignty from day one.
3. Data as a Strategic Asset
Treat your data with the same level of protection as your intellectual property. If you wouldn’t send your secret sauce to a foreign competitor, why would you send the data that trains your company’s “brain” to a foreign-owned cloud?
Looking Ahead: The End of the “Wild West”
The era of the “Wild West” in cloud computing—where we prioritized speed and cost over everything else—is over. The $80 billion sovereignty shift is a sign that the industry is maturing. We are entering an era of “Digital Autonomy,” where nations and enterprises alike are taking back control of their digital destinies.
Geopatriation isn’t a trend; it’s a structural correction. It’s the market’s way of responding to a world that has become more fragmented, more regulated, and more geopolitically complex.
For the C-suite in APAC, the choice is clear. You can either stay on the “Cloud-First” path and hope the legal collisions don’t hit your enterprise, or you can embrace the “Sovereign-First” mandate and build a foundation of trust that will last for the next decade.
The $80 billion is already moving. The question is: are you moving with it, or are you being left behind in a cloud that isn’t truly yours? In the end, sovereignty is not just a compliance checkbox; it is the ultimate competitive advantage in an increasingly complex digital world.