What Does a 'Sovereign Cloud' Mean? (www.techpolicy.press)

Canadian leaders are debating what a true “sovereign cloud” would look like after Prime Minister Mark Carney flagged a Canadian initiative and hyperscalers immediately rolled out tailored offerings—most notably Google’s “Sovereign Cloud” with a Google Data Boundary for Canadian residency and access controls. The debate matters because U.S. providers, no matter where their data centers sit, remain subject to U.S. law (notably the 2018 CLOUD Act, which lets U.S. authorities compel data access abroad), calling into question whether vendor-branded “sovereign” clouds can deliver real legal control or just “sovereignty-washing.” This is a national-security and AI-policy issue: dependence on foreign CSPs affects who can access government and sensitive datasets and who captures value from the AI stack. Practically, Canada’s options are threefold: shift procurement to non-U.S. vendors (Europeans like OVH or the existing non-U.S. ThinkOn partnership), invest to scale domestic CSP capacity, or build a public cloud (a Crown corporation) for the most sensitive workloads. Trade-offs include higher cost, lower energy efficiency versus hyperscalers, the need to protect competition (avoid creating new domestic oligopolies), and regulatory alignment (the EU’s EuroStack offers a playbook). Whichever path is chosen will require significant public investment and policy design to balance sovereignty, security, cost, and Canada’s ability to compete in AI and cloud value chains.