The Spectrum of Sovereignty: Why NATO Chose an Air-Gapped Cloud (and What It Means for Enterprise Leaders)
On 24 November 2025, a significant announcement came out of Google: NATO has signed a multi-million-dollar deal with Google Cloud.
At first glance, the headline reads like standard cloud procurement. Look closer and it becomes clear that NATO hasn’t just signed up for Gmail or standard cloud storage. They have purchased a version of Google’s cloud platform designed to run mission-critical AI workloads completely disconnected from the public internet.
This deal validates a massive shift in our industry. ‘Sovereign Cloud’ is no longer just a compliance checklist or buzzword for European regulators, it is now a strategic necessity for survival.
Yet for most CIOs, CTOs and security leaders, the term remains vague. Is Sovereign Cloud simply about data encryption? Is it a region-locking the data? Is it a separate data centre? Or is it all three?
The reality is that there is no single definition. Instead, Sovereign Cloud is best understood as a spectrum of risk, and organisations place themselves on that spectrum based on their tolerance, regulatory exposure and mission needs.
This blog introduces a three-tier model that helps frame that spectrum. Over our series on Sovereign Cloud, each tier will be examined in more depth, along with a comparison of how AWS, Azure and Google approach them.
The Three-Tier Spectrum of Sovereign Cloud
To simplify the conversation, Sovereign Cloud can be thought of in three positions:
Public Sovereign Cloud – the native option, using public cloud infrastructure but with strict guardrails.
Hybrid Sovereign Cloud – hardware deployed on-prem but tethered to the public cloud.
Air-Gapped Sovereign Cloud – fully disconnected infrastructure for national defence and critical industries.
Each tier represents a different balance of scalability, control, resilience and sovereignty.
Tier 1: Public Sovereign Cloud (The “Native” Option)
Who it is for
Banks, healthcare providers, insurers, and other regulated industries that must comply with frameworks such as GDPR or NIS2 but still want the full elasticity of public cloud services.
The concept
This tier is about using hyperscale infrastructure but enforcing strong sovereignty controls. These controls typically include:
Data residency: Ensuring data remains within a defined region (e.g. UK data centres).
Operational sovereignty: Restricting support access to authorised personnel (EU-only or UK-only, depending on requirements). This is not always a default setting, so it must be confirmed with the cloud provider. Many operate global 24-hour support models across regions.
Encryption boundaries: Customers retain and manage their own encryption keys, preventing the cloud provider from accessing data even if they technically could.
Vendor landscape
AWS – European Sovereign Cloud (ESC)
Launched in late 2025, ESC is a physically and operationally separate cloud located in Europe, with its own billing and identity systems. Operated exclusively by EU personnel, it provides sovereignty without giving up cloud-native services.
More here: https://press.aboutamazon.com/2023/10/amazon-web-services-to-launch-aws-european-sovereign-cloud
Azure – Microsoft Cloud for Sovereignty
Azure takes a policy-based approach. It uses Confidential Computing to keep data encrypted even while it is being processed, and Azure Policy to enforce strict residency and access rules on standard public regions. This gives customers strong sovereignty controls without moving to a separate Azure cloud.
Google – Assured Workloads
Google provides software-based sovereignty controls that can be enabled on existing regions. Organisations can lock data to a region, enforce access boundaries and manage their own keys without migrating workloads.
This tier provides the best balance of scalability and compliance, but it does not reshape the fundamental operating model of cloud.
Tier 2: Hybrid Sovereign Cloud (The “Tethered” Option)
Who it is for
Manufacturers, pharmaceutical organisations and telecommunications providers. These sectors need low-latency compute close to production systems or prefer not to place sensitive data in a public data centre, but they are comfortable with a management connection to the internet.
The concept
The cloud provider delivers a physical rack or appliance to the customer’s site. It runs a subset of cloud services locally, but management functions typically rely on a persistent connection to the public cloud.
If that connection is disrupted, the hardware may lose certain management or update capabilities. This is why the term “tethered” is appropriate.
Vendor landscape
AWS Outposts
A rack of AWS hardware installed on-premise. It offers a very consistent AWS experience but relies on a connection to a parent region for the control plane.
Azure Local (formerly Azure Stack HCI)
Runs Azure services on approved hyperconverged hardware. Deeply tied to Microsoft Arc, which expects connectivity to maintain policy enforcement and updates.
Google Distributed Cloud (Edge)
Built for running Kubernetes and AI close to where data is created (manufacturing floors, remote sites), but generally managed via Google Cloud Console.
This tier sits between compliance-driven sovereignty and full operational autonomy.
Tier 3: Air-Gapped Sovereign Cloud (The “Disconnected” Option)
Who it is for
National defence organisations such as NATO, intelligence agencies, critical national infrastructure operators (for example power grids), and organisations holding exceptionally sensitive or mission-critical IP.
The concept
This is the most sovereign end of the spectrum. The hardware sits on-prem and has zero physical or logical connection to the public internet. There is no tether. No “calling home”. No reliance on an external control plane.
It is designed for scenarios where communications may be compromised, interrupted or deliberately isolated. NATO’s purchase reflects precisely this need: survivability, even in the face of global-scale disruption.
Vendor landscape
Google Distributed Cloud (Air-Gapped)
The platform NATO selected. It offers a full suite of AI, database and analytics tools that run completely offline, with no external dependencies or control-plane connection. It can be managed by the customer or a trusted partner, and no data ever leaves the environment.
Azure Stack Hub / Azure Local (Disconnected)
Microsoft’s long-standing offering for disconnected environments such as submarines and tactical deployments. Azure Local now supports extended offline operation for edge scenarios.
AWS Snow Family
AWS Outposts is strong for on-prem deployments, but it is not fully air-gapped. For genuine air-gapped requirements, AWS typically directs customers to Snowball Edge devices or its specialised Secret Regions, which are fully disconnected AWS-operated environments for intelligence workloads.
Commercial realities
Air-gapped deployments are expensive. They often require committing to a fixed amount of compute and licensing up front. Organisations must size workloads carefully to avoid paying for unused capacity.
Summary: Where Do You Sit on the Spectrum?
Most organisations will not immediately know where they belong. That is normal. The key is recognising that Sovereign Cloud is not a single product. It is a sliding scale of operational, regulatory and geopolitical risk.
The next blog in this series will focus specifically on Public Sovereign Cloud, how each provider interprets it and what leaders should look for when evaluating their options.
If you want help assessing where your organisation should sit on the Sovereign Cloud spectrum, you can enquire here to speak with our team.
