All news with #data sovereignty tag

🗂️ AWS Transform now supports customer-owned Amazon S3 buckets, letting customers control where transformation artifacts are stored and how they are secured. You can configure your own S3 bucket, optionally encrypt artifacts with your AWS KMS key, and manage access policies in your account. Migration teams can upload files directly and centralize artifacts across accounts to support regulated industries and data sovereignty requirements. This capability is available in all Regions where AWS Transform is offered.

⚖️ California Attorney General Rob Bonta reached a $12.75 million settlement with General Motors after an investigation found GM collected and sold Californians’ driving and location data through OnStar and the Smart Driver program without proper notice or consent. The probe identified transfers to brokers Verisk and LexisNexis between 2020–2024. In addition to a record civil penalty, GM must stop sales for five years, delete retained data absent consent, require brokers to purge received records, and bolster privacy compliance with periodic assessments.

🌍 Amazon has expanded CloudWatch RUM to the AWS European Sovereign Cloud, enabling customers subject to strict data residency and sovereignty rules to collect client-side performance data within the sovereign boundary. The feature captures page load times, JavaScript errors, HTTP failures, and mobile signals to help teams triage issues faster. It is intended for enterprises, public sector organizations, and regulated industries operating in Europe.

🔒 Google Cloud has been named a Leader in The Forrester Wave™: Sovereign Cloud Platforms, Q2 2026. The company emphasizes a sovereignty-by-design approach across three offerings: Google Cloud Data Boundary with Assured Workloads, Google Cloud Dedicated, and Google Distributed Cloud. Forrester highlighted Google’s roadmap and AI sovereign development capabilities as key differentiators. These options address data residency, operational autonomy, and fully air-gapped deployments for regulated organizations.

🔐 On March 23, 2026, Hong Kong authorities amended enforcement of the National Security Law, allowing police to demand passwords or other assistance to access personal electronic devices, including phones, laptops, and hard drives. The U.S. Consulate General issued a security alert on March 26 warning that refusal to comply is now a criminal offense. Authorities may also seize and retain devices they allege are linked to national security offenses. The change applies even to travellers transiting the airport.

🔐 At the World Economic Forum’s Industry Strategy Meeting in Munich, leaders explored how rapid AI deployment and rising data sovereignty pressures are reshaping digital infrastructure and investment. The piece argues that cybersecurity must be embedded from day zero to enable trusted data exchange, interoperability between sovereign systems, and secure distributed AI. It highlights the shift from large general models toward specialized, context-aware architectures and notes Fortinet’s role in public-private collaboration to operationalize secure systems.

🔒 Proton Mail disclosed subscriber payment metadata to Swiss authorities, who in turn shared the records with the FBI. The released material appears to be billing- and payment-related information rather than message contents, but such metadata can still link an account to an individual. The case highlights that privacy-focused services may be compelled by legal process to produce stored user records.

🛡️ Google Cloud outlines its expanded Sovereign Cloud portfolio—Google Cloud Data Boundary, Google Cloud Dedicated, and Google Cloud Air‑Gapped—to help governments and organizations retain control of unencrypted data, comply with local law, and sustain critical services. The announcement details regional infrastructure and workforce investments worldwide and legal, technical, and operational controls to limit or challenge external data access. It emphasizes open-source compatibility, client-side encryption options, and flexible deployment models that enable third‑party operators and avoid vendor lock‑in.

🔒 TikTok USDS Joint Venture LLC was formed to allow TikTok to continue operating in the U.S. under a majority-American ownership while ByteDance retains 19.9%. U.S. users' data and a retrained recommendation algorithm will be hosted in Oracle's secure U.S. cloud and protected under defined safeguards for algorithm security, content moderation, and software assurances. An independent, audited cybersecurity and privacy program will follow standards such as NIST CSF, NIST 800-53, ISO 27001, and CISA requirements.

🛡️ Microsoft announced expanded sovereign cloud offerings aimed at helping governments and enterprises meet regulatory and resilience requirements across Europe and beyond. The update includes end-to-end AI data processing within an EU Data Boundary, expanded Microsoft 365 Copilot in-country processing to 15 countries and additional rollouts through 2026, plus a refreshed Sovereign Landing Zone for simplified deployment of sovereign controls. Azure Local gains increased scale, external SAN support, and NVIDIA RTX Pro 6000 Blackwell GPUs for high-performance on-prem AI, along with planned disconnected operations. A new Digital Sovereignty specialization gives partners a way to validate and badge their sovereign-cloud expertise.

🔒 The article argues that data sovereignty commitments like Project Texas must be supported by auditable, technical evidence rather than marketing promises. It prescribes five concrete, testable controls — brokered zero‑trust access, in‑region HSM keys, immutable WORM logs, continuous validation, and third‑party attestation — plus measurable metrics to prove compliance. A 90‑day blueprint and emerging AI automation are offered to operationalize verification and produce regulator‑ready, reproducible evidence.

📘 The AWS re:Invent 2025 attendee guide highlights the conference's digital sovereignty program, detailing sessions, workshops, and code talks focused on data residency, hybrid and edge deployments, and sovereign infrastructure. Key topics include the AWS European Sovereign Cloud, AWS Outposts, Local Zones, and security features such as the Nitro System. Practical workshops and chalk talks demonstrate RAG, agentic AI, and low-latency SLM deployments with operational controls and compliance patterns. Reserve seating via the attendee portal or access sessions with the free virtual pass.

🔒 AWS clarifies five key points about the CLOUD Act, stressing it does not grant automatic or unfettered access to customer content and that U.S. law requires judicial process for compelled disclosures. AWS reports no disclosure of enterprise or government customer content stored outside the U.S. since 2020. The company notes the Act applies to any provider with a U.S. presence and aligns with international law, while technical controls like AWS Nitro and AWS KMS limit operator access.