Digital Sovereignty: Strategic Design Decisions for Executive Leadership
Location :
In person
Audience:
CEO, CFO, CTO, CISO, CIO
Duration :
2-3 hours
Interested in this workshop for your organisation?
Overview
About the workshop
Digital sovereignty has become a boardroom imperative, yet many organisations pursue approaches that achieve the opposite of their intent. Research shows data localisation negatively impacts 13 of 14 ISO 27002 security controls, whilst sovereign cloud initiatives like Gaia-X have consumed billions in investment (including €117.4 million in German government funding alone) without delivering production-ready services. Meanwhile, European cloud market share nearly halved from 29% to 15% during Gaia-X’s existence. Leadership teams face a critical challenge: how to evaluate sovereignty proposals when the evidence contradicts conventional wisdom.
This workshop equips executive leadership with an evidence-based decision framework for digital sovereignty. Through examination of documented failures (AWS October 2025 outage, CrowdStrike July 2024, WannaCry NHS impact), quantified trade-offs (30-60% hosting cost increases, attack detection time doubling), and emerging threats (Post-Quantum Cryptography with the NCSC 2031 deadline for Critical National Infrastructure), participants will gain the tools to distinguish sovereignty theatre from practical security. The session applies a 5-axis decision matrix to attendees’ own organisational context, enabling aligned leadership decisions that balance risk, cost, and resilience.
overview
Our experts
Grant Ongers
Head of Security Practice at esynergy and former Global Chair of OWASP
Grant brings over 30 years of InfoSec experience across Dev, Ops, and Sec. He advises FTSE100 companies, start-ups, and government agencies on security strategy, risk, and compliance.
Chris Nesbitt Smith
Your session is led by our digital sovereignty specialists, bringing deep expertise in cloud architecture, executive advisory, and strategic technology risk management. With experience advising leadership teams across financial services, healthcare, energy, and regulated industries, our facilitators combine technical credibility with practical business acumen to help organisations navigate complex sovereignty decisions.
Agenda
What we'll explore
10min - Welcome and Introductions
Context setting, participant introductions, workshop objectives
15min - The Sovereignty Paradox
Why data location ≠ control, CLOUD Act implications, hidden dependencies
40min - Four Common Mistakes
Data localisation myth, sovereign cloud failures, vendor dependency reality, UK-only support costs
30min - What Actually Works
5-axis decision framework, hybrid sovereignty, progressive migration, vendor diversification
25min - Apply to Your Context
Self-assessment exercise, apply framework to participant scenarios
20min - Discussion and Q&A
Emerging threats (Post-Quantum Cryptography), ‘bring your own challenge’ (optional), open questions
10min - Wrap-up and Next Steps
Key takeaways, materials distribution, follow-up options
Total: approximately 2.5 hours with flexibility for discussion depth
Takeaways
After this session, you’ll walk away with:
- Understand why data localisation provides false security (13 of 14 ISO controls harmed)
- Recognise hidden dependencies that geography doesn’t solve (control-planes, supply chains, tooling)
- Apply the 5-axis decision framework to evaluate sovereignty proposals
- Walk away with a practical assessment of your organisation’s actual sovereignty posture
- Align your leadership team on sovereignty priorities that balance risk, cost, and resilience