惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
V
Vulnerabilities – Threatpost
H
Heimdal Security Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
TaoSecurity Blog
TaoSecurity Blog
Forbes - Security
Forbes - Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
Cisco Blogs
L
LINUX DO - 最新话题
C
Check Point Blog
博客园 - 司徒正美
T
Tor Project blog
小众软件
小众软件
博客园 - 【当耐特】
GbyAI
GbyAI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
The Blog of Author Tim Ferriss
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
L
LangChain Blog
Attack and Defense Labs
Attack and Defense Labs
Help Net Security
Help Net Security
www.infosecurity-magazine.com
www.infosecurity-magazine.com
B
Blog RSS Feed
W
WeLiveSecurity
Webroot Blog
Webroot Blog
博客园_首页
SecWiki News
SecWiki News
S
Secure Thoughts
I
InfoQ
T
Troy Hunt's Blog
G
Google Developers Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Cloudbric
Cloudbric
P
Proofpoint News Feed
Simon Willison's Weblog
Simon Willison's Weblog
T
Threat Research - Cisco Blogs
Recorded Future
Recorded Future
人人都是产品经理
人人都是产品经理
S
Security Affairs
AI
AI
酷 壳 – CoolShell
酷 壳 – CoolShell
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Google DeepMind News
Google DeepMind News
U
Unit 42
宝玉的分享
宝玉的分享
B
Blog
V2EX - 技术
V2EX - 技术
D
DataBreaches.Net
Y
Y Combinator Blog

Search Security Resources and Information from TechTarget

How to operationalize threat modeling with AI | TechTarget CISO First fully agentic ransomware attack sparks readiness concerns | TechTarget Evaluating secure enterprise browsers vs. security plugins | TechTarget The AI vulnerability storm is here: Is your security program ready? | TechTarget Perimeter to posture: A roadmap to zero trust maturity | TechTarget TLS certificate lifetime changes: What CISOs must do now | TechTarget The agentic AI 8 key aspects of a mobile device security audit program | TechTarget Why mobile security audits are important in the enterprise | TechTarget Beyond the perimeter: The shift to data-centric protection | TechTarget How agentic AI threat intelligence aids NGO cyber defense: Case study | TechTarget How to conduct a mobile app security audit | TechTarget NO FAKES Act advances: What CISOs need to know | TechTarget What CISOs should know about AI runtime security | TechTarget As Q-Day looms, 90% of systems are unprepared for PQC | TechTarget A CISO Most security pros say their culture is Zscaler lays out its vision to secure the AI era at Zenith Live | TechTarget The OpenClaw security risks every CISO needs to know | TechTarget Cloud security metrics and KPIs: A CISO Florida public sector training on SimSpace cyber range: Case study | TechTarget Reporters' Notebook — Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security It's time to update incident response for the AI era How to build AI security guardrails without blocking innovation The prosecution gap: Why cybercrimes go unpunished AI in cyberdefense: Learning from threat actors' playbooks Top identity and access management risks CISO role changes as cyber-risk appetites in the C-suite grow CISO's guide to data minimization Researchers build autonomous AI worm that can reason and adapt How to secure data at rest, in use and in motion How to find cyber-risk data sources for a FAIR analysis Lost in translation: Cybersecurity board reporting for CISOs How to prepare security controls for future AI regulations EO 14390 raises stakes for enterprise cybersecurity First month of Mythos Preview testing exposes 10K flaws OT attacks shift from recon to physical control, raising stakes For CISOs, dawn of OpenAI Daybreak brings good and bad news Gartner Security & Risk Management Summit 2026: Adapting for AI | TechTarget Inside business email compromise attacks: Real-world examples Verizon 2026 DBIR: 6 key takeaways for CISOs Identity security for AI agents: The proliferation challenge How to build a business impact analysis checklist Taking care of business: The CISO's role in a cyber crisis What CISOs need to know about AI audit logs SOC vs. MDR: What CISOs need to consider Instructure cyberattack reignites ransom payment debate Transform SIEM rules with behavior-based threat detection CISO's guide: How to test an incident response plan How to implement zero trust for AI Data after the breach: Economics of the dark web The breakup: Why CISOs are decoupling data from their SIEMs | TechTarget News brief: Security worries and warnings as AI use expands How to construct an effective security controls evaluation 5 leading enterprise password managers to consider Claude Mythos changes the AI security threat matrix Buyer 6 things to check in your cyber insurance policy fine print How cyber insurance helped with breach recovery -- or not News brief: Critical infrastructure, OT cybersecurity attacks Tape's strategic role in modern data protection Top zero-trust use cases in the enterprise What every CISO should consider before a SIEM migration CISO's guide to centralized vs. federated security models Shadow code: The hidden threat for enterprise IT How to fix cybersecurity's agentic AI identity crisis 5 top SIEM use cases in the enterprise Top 8 e-signature software providers for 2026 How do digital signatures work? News brief: AI woes continue for security leaders Deepfake era demands proof-based security, not just awareness Is SOAR dead or alive? Sort of Beyond awareness: Human risk management metrics for CISOs Cybersecurity in the age of AI means bigger, faster threats At RSAC 2026, AI optimism and anxiety -- and an MIA U.S. government Inside the SOC that secured RSAC 2026 Conference How to roll out an enterprise passkey deployment How to improve the SOC analyst experience -- and why it matters How contact centers detect and prevent fraud News brief: Iranian cyberattacks target U.S. water, energy CISO checklist: Cybersecurity platform or marketing ploy? RSAC 2026 Conference: Key news and industry analysis | TechTarget Next-generation firewall buyer's guide for CISOs Contact center monitoring best practices for CX leaders RSAC 2026: Cyber insurance and the rise of ransomware Agentic AI's role in amplifying and creating insider risks RSAC 2026 recap: AI security and network security trends Identity security at RSAC 2026: The new enterprise dynamics Meaningful metrics demonstrate the value of cyber-resiliency What to know about red team testing and the law News brief: Iran cyberattacks escalate, U.S. targets named 5 top SOC-as-a-service providers and how to evaluate them Cloud security architecture: Enterprise cloud blueprint for CISOs Contact center compliance checklist for modern workforces How AI caught a malicious North Korean insider at Exabeam Watch your words: Tim Brown's advice for CISOs News brief: U.S. absence at RSAC sparks leadership concerns Network security management challenges and best practices 10 enterprise secure remote access best practices
The push for digital sovereignty: What CISOs need to know
2026-04-23 · via Search Security Resources and Information from TechTarget

Mary K. Pratt

By

Published: 23 Apr 2026

The French government in early 2026 announced that its 2.5 million civil servants will ditch Zoom, Microsoft Teams and other video-conferencing platforms from U.S. software makers and instead will use tech developed by its own Interministerial Directorate for Digital Affairs.

The move helps France to "mettre fin à l'utilisation de solutions extra-européennes" -- or "end the use of non-European solutions" -- according to the government's official announcement.

This headline-making news is only the latest example of how the concept of digital sovereignty is changing how both public and private organizations decide what technology to use and how they architect their tech stacks.

Organizations of all kinds around the globe need to take note: "These digital sovereignty requirements are affecting companies now or will in the future," said cybersecurity expert Allie Mellen, author of Code War: How Nations Hack, Spy, and Shape the Digital Battlefield and analyst at Forrester.

Digital sovereignty is on the rise

Governments around the world are implementing laws and regulations promoting digital sovereignty, a movement that has been bubbling up for a decade.

The idea of digital sovereignty stemmed in part from data privacy regulations and, more specifically, the EU's GDPR, which dictates how EU citizens' data must be treated by businesses and other entities, regardless of where those organizations are headquartered or operate.

Such regulations gave rise to data sovereignty, the concept that information generated, processed, converted and stored in digital form is subject to the laws of the country in which it was created.

Digital sovereignty moves the needle further. It goes beyond regulating data to regulating the digital infrastructure, innovation and investments purchased, made and used by organizations within a country or government jurisdiction. The model is designed to ensure some or all of those technology sectors are locally sourced and operated.

Drivers of digital sovereignty

Governments are pushing for digital sovereignty to ensure organizations within their borders are resilient and not vulnerable to actions taken by foreign governments that could limit access to or raise the cost of computer components or services, experts said.

"It's about being independent from foreign government jurisdictions and influences on your IT stack. That's it in a nutshell. It's about the IT stack being free from foreign jurisdictions, influences and decisions," said Dario Maisto, an analyst with Forrester.

Governments also believe enabling digital sovereignty will help cushion organizations within their jurisdictions against events such as wars and pandemics that disrupt global supply chains, experts said. Governments have seen how companies in recent years scrambled to find new service providers after economic sanctions, war and other political actions shut off existing offshore vendors -- a situation that some digital sovereignty laws aim to prevent in the future.

"We're hearing about digital sovereignty being about continuity and availability of services. As the geopolitical environment gets hotter, there is a growing awareness that events have knock-on effects, and there are cases where it's reasonable for governments to think about digital dependencies," said Alexander Botting, senior director of global security and technology strategy at law firm Venable LLP.

Economic considerations drive some digital sovereignty laws as well. "There are some cases that are about straight protectionism," Botting added.

Some governments are championing digital sovereignty as a way to boost their own economies, as well as to foster technology and AI innovations, thereby ensuring they don't become overly dependent on other countries' tech sectors.

Digital sovereignty laws reshape tech stack decisions, cloud deployments and vendor selection

The number of digital sovereignty laws is increasing, as is the number of countries implementing them, experts said.

The U.S., EU, Australia, India, China and Russia all have laws promoting some level of digital sovereignty. These laws vary widely in what they govern, so the impacts they can have on organizations, their tech decisions and their operations vary significantly, too. Considered collectively, the laws impact nearly every part of an organization's digital environment, from the providers it uses to the hardware it buys and where it stores its data.

"They really take data sovereignty to the next level to incorporate things like digital and tech operations. They can impact who is able to operate, administer and maintain the systems where the data resides, where the tools you're using have been created and what you use in your tech stack," Mellen explained. "It requires a lot of architectural decisions, especially if you're a multinational, in terms of how you create and service the products you're selling, but also the way you're operating the products and services you're acquiring. You might need hybrid or multi-cloud deployments, and it might change which vendors you will allow to do [what work] because they can't be used in certain regions."

Some laws make it harder or illegal to transfer data across national borders, experts noted. And some laws affect which cloud service providers organizations can use and where the CSPs' data centers must be located. They're also influencing which SaaS vendors, outsourced providers and hardware makers companies hire.

"Global companies now are going to have to be thinking about all this," said Sushila Nair, an independent information security consultant and president of the Greater Washington, D.C., chapter of ISACA.

Nair said CIOs, CISOs, chief risk officers, chief compliance officers and corporate counsel typically lead the efforts to comply with digital sovereignty requirements.

Preparing for digital sovereignty

Organizations are already adjusting their technology operations and IT strategies to meet existing laws and in anticipation of more to come, Forrester's Maisto said.

He noted that some organizations -- such as defense companies, those in highly regulated sectors and government/public sector entities -- fall under more of these digital sovereignty laws than other commercial enterprises. But he warned that more organizations across more sectors will face such requirements in the future.

To comply with this evolving regulatory environment, Maisto said Forrester advises tech leaders to aim for minimum viable sovereignty. Maisto wrote in a 2025 post that minimum viable sovereignty is "a pragmatic, risk-based approach that balances legal requirements, budget and business needs."

He said this approach recognizes that there is no single standard that defines digital sovereignty and that some technologies "you can't even have as sovereign" because few or no vendors make alternatives to the leading makers.

The approach promotes building "workloads that are portable, containerized using Kubernetes," so they can be moved from one CSP to another or even to on-premises environments.

Maisto said he also advises organizations to consider digital sovereignty as they evaluate their supply chain and operational risks, noting that it's critical for tech leaders to identify dependencies such as APIs. Furthermore, he advises tech leaders to consider how data sovereignty impacts six domains across the digital chain: data, which sits on infrastructure, that flows through networks, is leveraged by software, is used by AI, and is managed by people.

He noted that organizations generally can't achieve equal sovereignty across all six domains. "But there are certainly areas where there is objective sovereignty you can achieve," he said, adding that moving to even minimum viable sovereignty is a multiyear journey.

Mary K. Pratt is an award-winning freelance journalist with a focus on covering enterprise IT and cybersecurity management.

Next Steps

Ignoring digital sovereignty? CIOs can't afford to

Data sovereignty compliance challenges and best practices

Dig Deeper on Risk management