Guido Gerrits | Vice President, Workforce IAM
More About This Author >
Guido Gerrits | Vice President, Workforce IAM
More About This Author >
Imagine yourself on a flight, 39.000 feet in the air. Coffee in hand, laptop open, the ride feels smooth until turbulence hits. The seatbelt sign lights up. The plane shudders violently. The cabin falls quiet.
In that moment, trust in the pilots and the aircraft is what keeps fear from turning to panic.
Today’s digital world feels much the same. Geopolitical turbulence is shaking the foundations of the cloud. Data, systems, and identities are suddenly subject to forces well beyond the control of any single entity.
The old dream of a seamless, borderless digital economy is giving way to the harder realities of sovereignty and regulation. Confidence in global providers has cracked.
But here’s the good news: trust can be restored. Not by waiting for calmer skies, but by taking control and moving toward greater sovereignty. And at the center of that journey lies identity.
Identity as the cockpit of digital trust
Every plane has its cockpit, the place where control is absolute, where safety lives or dies. In the digital world, that cockpit is identity.
Identity and Access Management is no mere login screen. It’s the front door, the control tower, the safety harness. It decides who enters, who and how, which systems connect, which data stays locked away. Compromise identity, and nothing else holds. Hand it to foreign control, and sovereignty is already slipping.
That is why organisations are taking identity seriously. They’re asking the right questions: Who controls our login process? Who holds our user directory? Where are decisions around authentication made, and under which laws?
Getting identity right means taking control back. It ensures that access is granted on your terms, under your jurisdiction, and aligned with your values.
Regulations as a catalyst
Governments are not standing idle. Across Europe, the rules are tightening. The Digital Operational Resilience Act (DORA) and the NIS2 Directive are more than regulatory fine print. They are calls to act, and to act now.
At the heart of these frameworks lies an unavoidable truth: sovereignty and compliance are inseparable. You cannot claim resilience if your crown jewels are sitting in someone else’s vault.
Regulators are pushing hard. Rethink your cloud strategy. Eliminate single points of failure. Take back control of what matters most.
This does not mean cutting ties with global providers. Hyperscalers will remain part of the journey. But it does mean balance. Choosing carefully what belongs in shared global infrastructure, and what must remain sovereign under European governance.
Seen this way, regulation isn’t a constraint. It’s a catalyst, encouraging firms to modernise, diversify, strengthen their foundations & resilience.
Practical steps to restore confidence
Restoring trust is not about panic. It starts with clarity and deliberate action.
Assess dependencies: Which services are critical? Which datasets are most sensitive? Where do you rely on a single provider, and what risk does that carry? What is the impact if it becomes unavailable?
Prioritise countermeasures: Some responses are organisational: strengthening governance, accountability, and awareness. Others are technical: deploying sovereign IAM solutions, keeping control of encryption keys, or running critical workloads locally. Most often, it is both, working in unison.
Move in steps: Sovereignty doesn’t arrive in a single stroke. Even moving a handful of critical systems back home can steady the ship. Put identity under local control, and suddenly the cockpit is yours again, even if other workloads stay global. Trust isn’t rebuilt in one leap. It comes back step by step.
A positive way forward
Yes, sovereignty is defensive. But it’s more than a shield. It builds resilience. It reassures regulators. It strengthens trust with customers, employees, and partners. And it sparks innovation. Every cent spent on Sovereign alternatives fuels usability, drives competition, and raises the bar for all.
Sovereignty isn’t isolation. Nations can stand on their own and still stay connected. The same goes for digital ecosystems: open to the world but built on a hardened core. Partnerships with global providers will continue, only now on firmer ground, shaped by respect, legal clarity, and shared standards.
Trust is renewable
Trust may be fragile, but it is renewable. The turbulence we face today is not the end of the journey. It is the reminder that foresight, balance, and resilience matter.
Organisations that act now, by focusing on identity, aligning with regulation, and reclaiming control over their most critical assets, will not just survive the rough air we’re in today. They will come out stronger.
The runway is clear. The destination is not isolation, but balance. Not fear, but resilience. Not passivity, but control.
It is time to take off toward a more sovereign, more trusted digital future today.