Digital sovereignty options for on-prem deployments

France made headlines recently when it announced it would ditch Microsoft Teams and Zoom for government use in favor of the French-made Visio platform. The decision followed a similar move by Austria’s Ministry of Economy, Energy, and Tourism, which rejected Teams in favor of an open-source collaboration suite running on the Ministry’s own servers.

A large factor underlying both decisions is digital sovereignty. Especially in Europe, laws and regulations require organizations to exercise strict control over not just data but also the applications and infrastructure used to process it.

Geopolitics also plays a role. In Austria, the Ministry decided Teams posed an unacceptable risk that calls and message data could be subject to access requests from the U.S. government. “If a security agency from the U.S. wants to force a U.S. vendor to pull out data, then they have to do this,” said Florian Zinnagl, the Ministry’s CISO, told Computerworld.

While much of the digital sovereignty discussion focuses on cloud-based services that meet strict privacy criteria, for some the remedy involves on-premises infrastructure. It’s a strategy that puts all IT resources—network, compute, and data—firmly in the organization’s control.

“Sovereign on-premises solutions make sense when enterprises need control not just over data location, but over who governs execution, policy, and AI decision-making inside a specific jurisdiction,” says Stephanie Walter, practice leader for AI stack at HyperFRAME Research. “Hyperscalers can satisfy residency requirements, but they typically retain ownership of the control plane. Think about feeding prompts and data into a [large language model]. Who owns the data now? In regulated sectors, that’s often the real constraint.”

In terms of what makes one approach better than another, Walter favors those that “treat sovereignty as a full-stack architecture problem rather than a compliance feature layered onto existing infrastructure. Notable offerings include Fortinet and Versa Networks, and IBM at the infrastructure level.”

When it comes to choosing among the sovereign computing offerings, “enterprises should prioritize transparency of model behavior, data lineage, inference execution, and access,” Walters says. “If the enterprise cannot independently audit or govern AI operations within its jurisdiction, the solution is sovereign in name only.”

With that in mind, here’s a rundown of premises-based sovereign computing offerings from four vendors: Cisco, IBM, Fortinet, and Versa Networks.

Cisco targets Europe with sovereign infrastructure

Cisco launched its Sovereign Critical Infrastructure portfolio in September 2025, to address European customers’ needs for more control and autonomy over their digital infrastructure and data, according to the vendor.

The portfolio spans Cisco’s core product lines, including routing, switching, wireless, collaboration, and select endpoint devices, as well as Cisco and Splunk security solutions. Notably absent is the Cisco Unified Computing System (UCS), the company’s integrated data center platform that combines computing, networking, storage, and virtualization capabilities.

Products under the Sovereign Critical Infrastructure portfolio run under a special license, in air-gapped environments on customer premises, meaning they are physically isolated from outside networks, including the internet. As such, Cisco cannot connect to the systems.

“Cisco will not be capable of remotely disabling products. This puts control in the hands of customers,” as Cisco puts it.

The solution addresses a number of security and privacy issues, including control over encryption keys, a primary concern for sovereign computing. It also addresses the Austrian CISO’s concern that a U.S. company can unilaterally pull out data. On the other hand, given Cisco cannot connect to the systems, the onus is on the customer to implement software updates, including security patches.

That’s a responsibility that organizations may have to accept in the name of digital sovereignty.

“Operational resilience is key for these organizations, who seek the extra controls, protections, and autonomy that genuine digital sovereignty solutions can bring,” said Rahiel Nasir, research director for European cloud and lead analyst for worldwide digital sovereignty at IDC, in a statement accompanying Cisco’s announcement. “This is especially true when it comes to network sovereignty—a challenge that few network infrastructure providers thus far have been able to address.”

Cisco says its offering aligns with “key foundational, EU and country certifications and standards.” The company also says it has a roadmap for achieving the new European Union Cybersecurity Certification (EUCC), a unified security benchmark for IT products and services. To gain the voluntary certification, companies must complete an evaluation that assures is products comply with the framework.

IBM puts AI front and center in “principled” sovereignty approach

In January of this year, IBM announced its Sovereign Core software. IBM frames the issue in terms of artificial intelligence, which it says extends the sovereignty discussion beyond its initial focus on data residency.

To address AI issues, IBM says, sovereignty must include: who operates the platform and under which authority; where AI models run and how inference is governed; who has administrative access and how it is enforced; and how compliance can be demonstrated continuously, not just documented.

IBM’s announcement differs from Cisco’s licensing-focused approach. “A fundamental architectural shift is required: one where sovereignty is an inherent property of the platform itself, not a contractual promise or deployment variant,” IBM says.

The approach IBM espouses is based on three principles it laid out, beginning with the notion that sovereignty is a platform capability, and it must be provable.

“With IBM Sovereign Core, sovereignty is enforced architecturally, not contractually,” IBM says. It is built on what is calls “transparent technologies” like Red Hat OpenShift. Sovereign Core likewise operates in an air-gapped environment that functions like SaaS but is fully under the customer’s authority.

“Identity, encryption keys, logs, telemetry and audit evidence remain entirely within the sovereign boundary. Ongoing compliance capabilities are embedded directly into the software, enabling organizations to produce regulator-ready proof on demand, without manual, audit-driven processes,” IBM says.

IBM’s second principle is that AI sovereignty is a first-class system property. Its approach enables organizations to deploy CPU- and GPU-based clusters, and approved open or proprietary models, all governed through controlled gateways. “AI inference and agent-based applications run locally, without exporting data or telemetry to external providers,” IBM says. Operational activity is continuously monitored and recorded, “creating a clear audit trail for AI systems operating in high-impact and regulated domains.”

Thirdly, sovereignty is to be operationalized for speed and scale. A single customer-operated control plane enables customers to centrally operate “thousands of cores and hundreds of nodes with different sovereign requirements,” IBM says. Automated configuration is built in, ensuring identity, security, and compliance, while self-service provisioning for CPU, GPU, VM, and AI inference environments eases deployment.

Fortinet tackles sovereignty on the SASE front

Secure access service edge (SASE) vendors are likewise getting into the sovereignty game. Sovereign SASE can help organizations control access, handle policy, and enforce security boundaries, notes HyperFRAME Research’s Walter.

But, without sovereign infrastructure underneath it, enterprises still don’t control how workloads actually execute. “True sovereignty is about owning the control plane, particularly with AI,” Walter says. “Organizations need to think about who defines policy, governs models, audits behavior, and controls operational visibility.”

Fortinet announced its sovereign SASE offering back in August 2024. Overall, SASE is a key driver of Fortinet’s 15% rise in fourth-quarter 2025 revenue, driven in no small part by sovereign SASE, Fortinet co-founder and CEO Ken Xie told analysts on a recent earnings call.

“We are seeing strong demand in sovereign SASE,” Xie said on the call. Ultimately, “I believe the sovereign SASE market [is] probably even bigger than the current public SASE [market].”

FortiSASE Sovereign is a turnkey private SASE solution that enables organizations to provide a customized SASE service in a private cloud or on-premises. Users maintain full control over all SASE features, architecture, and deployment, Fortinet says.

To address data sovereignty requirements, Fortinet’s solution ensures data is stored within user-specified geographic regions. It offers granular access control and identity management protocols to ensure only authorized users can access sensitive data, as well as regional encryption key management options, enabling organizations to meet their specific data protection requirements while mitigating the risk of unauthorized access. And, like IBM, FortiSASE Sovereign provides continuous monitoring and auditing mechanisms.

Versa Sovereign SASE gives enterprises full control

In February of last year, Versa likewise announced a sovereign version of its SASE service. Versa Sovereign SASE enables enterprises to deploy the VersaONE Universal SASE Platform on their own infrastructure and networks in a customizable manner.

“With Versa Sovereign SASE, enterprises get all the benefits of the VersaONE Universal SASE Platform along with complete control in design, implementation, and operations,” the company says. For example, Versa Sovereign SASE enables organizations to maintain full control over data flows, access policies, and user activities, including in air-gapped deployments. Features including configurable geofencing and language localization help customers meet sovereignty and compliance requirements, Versa says.

The solution builds on a partnership with Lumen announced in 2024 through which the Versa SASE platform is deployed on dedicated gateways in Lumen’s global points of presence or on customer premises.