Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News
      Liquid secures nearly R10-billion in new funding - Liquid Intelligent Technologies

      Liquid secures nearly R10-billion in new funding

      27 February 2026
      MTN Nigeria in dramatic full-year turnaround - Karl Toriola

      MTN Nigeria in dramatic full-year turnaround

      27 February 2026
      Global GPU shortage set to deepen gaming industry woes

      Global GPU shortage set to deepen gaming industry woes

      27 February 2026
      Netflix walks away from Warner Bros deal

      Netflix walks away from ‘irrational’ Warner Bros deal

      27 February 2026
      Hold the doom: the case for a South African comeback

      Hold the doom: the case for a South African comeback

      26 February 2026
    • World

      Stripe mulling bid for PayPal: report

      25 February 2026
      Xbox chief Phil Spencer retires from Microsoft

      Xbox chief Phil Spencer retires from Microsoft

      22 February 2026
      Prominent Southern African journalist targeted with Predator spyware

      Prominent Southern African journalist targeted with Predator spyware

      18 February 2026
      More drama in Warner Bros tug of war

      More drama in Warner Bros tug of war

      17 February 2026
      Russia bans WhatsApp

      Russia bans WhatsApp

      12 February 2026
    • In-depth
      The last generation of coders

      The last generation of coders

      18 February 2026
      Sentech is in dire straits

      Sentech is in dire straits

      10 February 2026
      How liberalisation is rewiring South Africa's power sector

      How liberalisation is rewiring South Africa’s power sector

      21 January 2026
      The top-performing South African tech shares of 2025

      The top-performing South African tech shares of 2025

      12 January 2026
      Digital authoritarianism grows as African states normalise internet blackouts

      Digital authoritarianism grows as African states normalise internet blackouts

      19 December 2025
    • TCS
      Watts & Wheels S1E4: 'We drive an electric Uber'

      Watts & Wheels S1E4: ‘We drive an electric Uber’

      10 February 2026
      TCS+ | How Cloud On Demand is helping SA businesses succeed in the cloud - Xhenia Rhode, Dion Kalicharan

      TCS+ | Cloud On Demand and Consnet: inside a real-world AWS partner success story

      30 January 2026
      Watts & Wheels S1E4: 'We drive an electric Uber'

      Watts & Wheels S1E3: ‘BYD’s Corolla Cross challenger’

      30 January 2026
      Watts & Wheels S1E4: 'We drive an electric Uber'

      Watts & Wheels S1E2: ‘China attacks, BMW digs in, Toyota’s sublime supercar’

      23 January 2026

      TCS+ | Why cybersecurity is becoming a competitive advantage for SA businesses

      20 January 2026
    • Opinion
      The AI fraud crisis your bank is not ready for - Andries Maritz

      The AI fraud crisis your bank is not ready for

      18 February 2026
      A million reasons monopolies don't work - Duncan McLeod

      A million reasons monopolies don’t work

      10 February 2026
      The author, Business Leadership South Africa CEO Busi Mavuso

      Eskom unbundling U-turn threatens to undo hard-won electricity gains

      9 February 2026
      South Africa's skills advantage is being overlooked at home - Richard Firth

      South Africa’s skills advantage is being overlooked at home

      29 January 2026
      Why Elon Musk's Starlink is a 'hard no' for me - Songezo Zibi

      Why Elon Musk’s Starlink is a ‘hard no’ for me

      26 January 2026
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CambriLearn
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • IQbusiness
      • Iris Network Systems
      • LSD Open
      • Mitel
      • NEC XON
      • Netstar
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Vodacom Business
      • Wipro
      • Workday
      • XLink
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Financial services
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Satellite communications
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Sections » AI and machine learning » The data sovereignty paradox

    The data sovereignty paradox

    Promoted | Altron explores why absolute data sovereignty remains elusive across cloud and AI-driven digital ecosystems.
    By Altron Digital Business27 February 2026
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    The data sovereignty paradox - Altron Digital Business

    Data sovereignty has become a top boardroom issue. Regulators demand it, customers expect it, and CIOs and chief technology officers are tasked with delivering it. The assumption is simple: if your data resides locally, under your jurisdiction, you control it.

    However, as explored in episode 5 of Altron’s Local Logic podcast series — in which technology leaders discuss how South African organisations can harness AI, data and digital innovation to deliver meaningful customer value — this assumption may be flawed.

    AI expert Steven Sidley and Bongani Andy Mabaso, CTO of Altron Group, discussed how this results in a paradox: the more organisations chase absolute data sovereignty, the more they discover how elusive true control really is.

    The illusion of complete control

    At the heart of the sovereignty debate is the belief that local data residency equals control. Sidley challenges that premise: “I’ve always considered the concept of data residency being in this day and age, utterly, utterly absurd.”

    His argument is not that jurisdiction doesn’t matter, but that modern digital infrastructure makes the idea of purely local control almost impossible. Cloud systems are, by design, distributed and redundant.

    As he explained: “Many of the big cloud providers have started building data sovereign, safe data centres. I don’t fully believe it, because all of those big hyperscalers have to have backup data centres. That’s their entire model. If Google or Amazon’s data centres in Africa go down under a flood or a bomb or anything else, they are backed up elsewhere in the world.”

    Many of the big cloud providers have started building data sovereign

    The global architecture that makes hyperscale cloud resilient is the same architecture that complicates sovereignty. Resilience depends on geographic distribution. Distribution complicates jurisdiction.

    Mabaso adds another layer of complexity: extraterritorial legal reach.

    Extraterritorial reach

    He highlights the implications of the US Cloud Act, which states that, if for whatever reason, law enforcement in the US decides that they want to investigate an organisation in South Africa, if they are provided with data services by any American companies, then the FBI or Interpol can actually compel that organisation to reveal your data sets.

    Even if the data sits in a South African data centre, the corporate structure of the provider may expose it to foreign legal processes. When challenged, cloud providers acknowledge the possibility. “If you go and you challenge a cloud service provider on that, they’ll tell you, well, it’s true, but they’ll give you all sorts of reasons on why it’s very unlikely to happen, but it is a real risk that actually exists.”

    The paradox becomes clear: you can localise infrastructure, but you cannot fully localise legal exposure in a globally interconnected system.

    The data sovereignty paradox

    Security versus sovereignty: a false choice?

    Another persistent confusion in the debate is the conflation of data security with data sovereignty.

    Sidley invokes the original architect of AWS, Willem van Biljon, who argued that “people who think that residency is important, do not realise that if you go to Amazon to store your data, notwithstanding the fact that it lives in another country, your actual data at Amazon Web Services is the safest in the world because they have spent US$50-billion on perimeter control and encryption”.

    From a pure cybersecurity perspective, hyperscalers may offer stronger protection than most on-premises environments. Few enterprises can match the billions invested in encryption, perimeter defence and monitoring.

    Security protects against breaches, while sovereignty addresses jurisdiction

    Mabaso agreed but drew a clear distinction.

    “Steven has raised an important point around cybersecurity and how secure your data is in whatever environment. And I think it would be difficult for anyone to argue that hyperscalers have not invested more than anybody else in making sure that security in that environment is as strong as it can possibly be. However, I think it’s a slightly different argument regarding laws.”

    Security protects against breaches, while sovereignty addresses jurisdiction.

    To listen to the podcast series, click here

    Consider the entire landscape

    Mabaso frames the decision more holistically. “I do think that you do have to consider the entire landscape end to end. Yes, there’s the technological risk, and how do you secure that? But there’s also the geopolitical risk and how do you make sure that you’ve got the right mix?”

    Sovereignty is only one factor among several. “One is security, two is cost, because depending on the solution that you go with, it will have a very different cost profile. Three is the regulatory environment in which you operate in.”

    The regulatory environment is particularly complex in South Africa. As TransUnion’s CEO Lee Naik explained in episode 2: “Popia (the Protection of Personal Information Act) is stronger than GDPR (General Data Protection Regulation). GDPR only protects consumer data. It does not protect corporate data. Popia protects consumer data and corporate data.”

    The data sovereignty paradox - Altron Digital Business

    Moreover, he said: “The South African law says if you’re going to use Popia, if you’re going to put the data somewhere else, it has to have a set of regulations that are at least as stringent as the local ones. And right there we’ve got a problem, because it’s telling you you can’t put your corporate data in Europe.”

    Here, sovereignty is not simply a philosophical ideal. It creates practical constraints. Local law may restrict cross-border transfer, while global cloud economics incentivise it. Security and sovereignty are not interchangeable, and optimising for one does not automatically solve the other.

    AI’s data sovereignty challenge

    If cloud computing complicates sovereignty, AI fundamentally transforms it. Sidley described what he calls a “dirty little secret” of large language models.

    “AI has brought a complicating wrinkle into this. One of the dirty little secrets of AI, which is unknown to most people, even those who use it, is that the data … you don’t find any data, you find a set of statistical relationships in a matrix,” he said.

    Traditional data governance assumes identifiable datasets that can be located, deleted or transferred. LLMs don’t store data conventionally. They encode patterns.

    If cloud computing complicates sovereignty, artificial intelligence fundamentally transforms it

    This creates a new risk vector.

    “If you are building an AI system which is going to use the vernacular language capability of the LLMs in order to be able to chat casually with a user, you are in danger in having all the data about that chat, all the data that’s provided as context, being sucked in as training and it becomes ungovernable once it’s pulled in as a training data set.”

    He warned: “There is not only a danger, in my view, there is an absolute certainty of data leakage if one is using some of the frontier LLMs.”

    Mabaso echoed the sentiment. “Corporations have gone all in on using these large public LLMs in production, or even proof of concept, for some of their workloads. But the problem with that is data leakage is almost always guaranteed.”

    The solution, he argued, lies in proximity and control. “The best thing for corporates around AI adoption is how do I ensure that I can use a language model or any type of model that’s contextual, that’s smaller, that’s more efficient and generally runs as close as possible to where your data resides.”

    The data sovereignty paradox - Altron Digital Business

    AI makes sovereignty even harder to define. Once data is absorbed into model weights, it becomes statistically embedded rather than geographically located. It cannot simply be “brought home”.

    Living with the paradox

     The data sovereignty paradox is not about choosing between global cloud and local control. It is about recognising that complete sovereignty is an illusion in distributed digital ecosystems.

    Jurisdiction, security, cost, resilience, compliance and AI governance all intersect. Sovereignty is no longer a binary state. It is a spectrum of risk management decisions.

    The organisations that navigate this successfully will not chase absolute control. They will design for informed trade-offs: understanding that in a world of hyperscalers and AI, sovereignty is less about geography and more about governance.

    To listen to the podcast series, click here

    • Read more articles by Altron Digital Business on TechCentral
    • This promoted content was paid for by the party concerned
    Follow TechCentral on Google News Add TechCentral as your preferred source on Google


    Altron Altron Digital Business Amazon AWS Bongani Andy Mabaso Lee Naik Steven Sidley TransUnion Willem van Biljon
    WhatsApp YouTube
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleMTN Nigeria in dramatic full-year turnaround
    Next Article Cell C to SMEs: We’ll be your partner, not just a provider

    Related Posts

    Altron flags strong year as annuity revenue tops 65%

    Altron flags strong year as annuity revenue tops 65%

    24 February 2026
    Netstar and Sunshine Tour team up on data-driven golf analytics

    Netstar and Sunshine Tour team up on data-driven golf analytics

    24 February 2026
    The human side of AI - Altron Digital Business

    The human side of AI

    23 February 2026
    Add A Comment

    Comments are closed.

    Company News
    Cell C to SMEs: We'll be your partner, not just a provider - Cell C Business

    Cell C to SMEs: We’ll be your partner, not just a provider

    27 February 2026
    The data sovereignty paradox - Altron Digital Business

    The data sovereignty paradox

    27 February 2026
    The gap between AI hype and CX reality is widening CallMiner

    The gap between AI hype and CX reality is widening

    26 February 2026
    Opinion
    The AI fraud crisis your bank is not ready for - Andries Maritz

    The AI fraud crisis your bank is not ready for

    18 February 2026
    A million reasons monopolies don't work - Duncan McLeod

    A million reasons monopolies don’t work

    10 February 2026
    The author, Business Leadership South Africa CEO Busi Mavuso

    Eskom unbundling U-turn threatens to undo hard-won electricity gains

    9 February 2026

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Latest Posts
    Liquid secures nearly R10-billion in new funding - Liquid Intelligent Technologies

    Liquid secures nearly R10-billion in new funding

    27 February 2026
    Cell C to SMEs: We'll be your partner, not just a provider - Cell C Business

    Cell C to SMEs: We’ll be your partner, not just a provider

    27 February 2026
    The data sovereignty paradox - Altron Digital Business

    The data sovereignty paradox

    27 February 2026
    MTN Nigeria in dramatic full-year turnaround - Karl Toriola

    MTN Nigeria in dramatic full-year turnaround

    27 February 2026
    © 2009 - 2026 NewsCentral Media
    • Cookie policy (ZA)
    • TechCentral – privacy and Popia

    Type above and press Enter to search. Press Esc to cancel.

    Manage consent

    TechCentral uses cookies to enhance its offerings. Consenting to these technologies allows us to serve you better. Not consenting or withdrawing consent may adversely affect certain features and functions of the website.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}