The sovereign cloud is no longer a conversation reserved for governments, defense, or highly regulated sectors. The new edition of The Forrester Wave: Sovereign Cloud Platforms, Q2 2026 confirms that the market has entered a much more mature but also more complex phase: it’s no longer just about choosing a cloud provider, but about deciding what level of control, isolation, data residency, operational autonomy, and legal protection each organization needs.
The report analyzes 15 relevant providers in sovereign cloud platforms and groups them into three categories: leaders, strong performers, and contenders. Among the leaders are Google Cloud, Microsoft, Amazon Web Services, Oracle, and Tencent Cloud. The “Strong Performers” include T-Systems, STACKIT, NxtGen Cloud Technologies, and SAP. The “Contenders” are Aruba, S3NS, IBM, Vultr, OVHcloud, and Huawei Cloud.
There Is No Single Sovereign Cloud
The most important idea from the report is that a sovereign cloud isn’t a closed product or a plug-and-play solution. Forrester emphasizes that organizations don’t simply buy “a sovereign cloud,” but instead combine different architectures and deployment models to achieve the level of sovereignty they require.
Practically, this means a company could use a public cloud with data residency limits, a private cloud, an isolated region, disconnected infrastructure, or a hybrid mix. The model depends on the data types, sector, country, budget, risk tolerance, and regulatory requirements.
This perspective is significant because it debunks part of the marketing surrounding digital sovereignty. A platform isn’t sovereign just because data resides in a specific region. Operational independence, key control, applicable jurisdiction, third-party access, local support, supply chain management, and the ability to operate under crisis conditions also matter.
| Forrester Wave Category Q2 2026 | Included Providers |
|---|---|
| Leaders | Google Cloud, Microsoft, Amazon Web Services, Oracle, Tencent Cloud |
| Strong Performers | T-Systems, STACKIT, NxtGen Cloud Technologies, SAP |
| Contenders | Aruba, S3NS, IBM, Vultr, OVHcloud, Huawei Cloud |
Google and Microsoft Are Leading an Increasingly Strategic Race
In the visual representation of the report, Google Cloud appears at the top of the evaluation, with a prominent position in both strength of offer and strategy. Over recent years, Google has strengthened its sovereignty portfolio through various models: data residency and processing controls in public cloud, Google Cloud Dedicated, and air-gapped solutions for disconnected environments.
Google states that its approach aims to offer sovereignty options without sacrificing advanced services, including Artificial Intelligence. This is key: many organizations want greater control over their data and operations but don’t want to be without access to modern analytics, automation, or AI models. The tension between sovereignty and innovation remains one of the market’s major dilemmas.
Microsoft also appears as a leader. Its strategy relies on a broad portfolio combining Azure, Microsoft 365, Azure Local, Azure Arc, and partnerships with local providers like Bleu in France and Delos Cloud in Germany. These models aim to meet different requirements: from data residency controls in public clouds to instances managed by independent local entities.
Microsoft’s case exemplifies the current complexity. Many European organizations depend on Microsoft for productivity, collaboration, identity, security, and cloud services. This makes sovereignty not only a question of infrastructure but also of operational continuity and functional dependence.
AWS, Oracle, and Tencent Complete the Leadership Group
Amazon Web Services is also among the leaders, with a strategy based on multiple models of isolation and deployment. In 2026, AWS launched its AWS European Sovereign Cloud, aimed at providing infrastructure operated and governed within the European Union. Its approach combines technical controls, European entities, resident personnel, and existing security capabilities within the AWS ecosystem.
The challenge for AWS, according to the report, is harmonizing a broad catalog of solutions designed for different needs: government regions, dedicated local zones, isolated environments, European sovereign cloud, and new AI factories. This breadth is an advantage but can also increase complexity for clients.
Oracle holds a solid position thanks to its wide offering of dedicated and sovereign deployments. These include isolated regions, OCI Dedicated Region, Oracle Alloy, Exadata Cloud@Customer, and Compute Cloud@Customer. This enables Oracle to serve clients needing to bring cloud capabilities into their own data centers or very controlled environments, especially for databases and critical enterprise workloads.
Tencent Cloud, meanwhile, stands out as the only Chinese hyperscaler in the leadership group. Its solutions are particularly significant in China and regulated sectors, supported by Tencent Cloud Enterprise. However, its international expansion faces regulatory, geopolitical, and trust barriers, especially in Europe and other regions where digital sovereignty also means reducing external dependency.
Europe Gains Prominence but Remains Fragmented
The report also offers some uncomfortable insights for Europe. While there are relevant European providers, such as T-Systems, STACKIT, SAP, Aruba, S3NS, and OVHcloud, many still don’t match the depth of offerings from major U.S. hyperscalers. Local sovereignty provides control, regulatory proximity, and less exposure to foreign jurisdictions, but often comes with fewer managed services, automation options, or advanced capabilities.
STACKIT, driven by the Schwarz group, emerges as one of Europe’s most interesting players due to its focus on data hosted in Germany and Austria, open standards, and transparent pricing. T-Systems maintains a strong position in the DACH region, with Germany as its core market. S3NS, a joint venture between Thales and Google Cloud, exemplifies a European model: combining hyperscaler technology with local operational control and certifications.
OVHcloud offers a particularly noteworthy case. Although it remains one of Europe’s most prominent cloud infrastructure providers, the report highlights the challenges in proving full sovereignty when a company has international presence and may be subject to legal requirements in other jurisdictions. This illustrates that sovereignty isn’t solely achieved through data centers in Europe.
Sovereignty as an Ongoing Evaluation, Not a Label
The rise of reports like Forrester’s coincides with the launch of sovereignty assessment services by major consulting and integration firms. Kyndryl, for example, has introduced its Sovereignty Readiness Assessment, which evaluates dependencies, risks, data exposure, operational control, and architectural options for organizations seeking greater resilience and technological autonomy.
This shift signifies an important change: sovereignty is no longer just about compliance but about managing operational risk. Organizations need to understand where their data resides, who can access it, under which jurisdiction they operate, what would happen in a geopolitical crisis, how encryption keys are managed, and what alternatives exist if a provider stops operating or alters its terms.
Thus, sovereign cloud is about building an architecture tailored to each workload, not simply picking the “most sovereign” provider. A customer service system may have different requirements than a healthcare database, a public administration platform, an AI environment, or a critical financial application.
The core message is clear: companies no longer have to choose solely between innovation and control, but they must understand the trade-offs. The more isolated and sovereign an environment is, the fewer advanced services may be available. Conversely, the broader the functions catalog, the more critical it becomes to scrutinize legal, technical, and operational controls.
In 2026, cloud sovereignty isn’t just a marketing promise; it’s an architectural, legal, and strategic decision. The new Forrester report confirms that major providers, European operators, and tech integrators are competing to define what truly means having control in the cloud.
Frequently Asked Questions
What is a sovereign cloud platform?
A sovereign cloud platform is a cloud environment designed to provide greater control over data, operations, jurisdiction, encryption keys, regulatory compliance, and service continuity. It can be deployed as a public cloud with controls, a private cloud, a hybrid environment, or disconnected infrastructure.
Which providers lead sovereign cloud according to Forrester in 2026?
In the The Forrester Wave: Sovereign Cloud Platforms, Q2 2026 evaluation, the leading providers are Google Cloud, Microsoft, Amazon Web Services, Oracle, and Tencent Cloud.
Is data residency alone sufficient to claim digital sovereignty?
No. Data residency is only part of the picture. Operational control, legal independence, key management, local support, supply chain integrity, applicable jurisdiction, and crisis operational capacity are equally important.
Why is sovereign cloud important for Europe?
Because Europe aims to reduce dependence on critical technologies, protect sensitive data, comply with regulations like GDPR, and ensure operational continuity across sectors such as public administration, healthcare, finance, industry, defense, and critical infrastructure.
via: the Forrester