Telefónica Tech and Google Cloud have announced a strategic partnership to offer sovereign cloud solutions to Spanish businesses and public administrations, with a special focus on highly regulated sectors. The proposal combines Google’s regional cloud infrastructure in Madrid with operational and encryption controls managed by Telefónica from within Spain.
The agreement comes at a time when digital sovereignty has shifted from a political or legal concept to a specific technological decision. Organizations not only want to know where their data resides but also who can access it, under which jurisdiction, with what encryption keys, who manages those keys, and how any changes affecting compliance are audited.
Google Cloud Data Boundary arrives in Spain with Telefónica as a sovereign partner
The new offering relies on Google Cloud Data Boundary, a set of capabilities aimed at controlling data residency, information protection, and personnel access to cloud environments. Google Cloud has selected Telefónica as a trusted partner on sovereignty matters in Spain to deliver this service and manage the associated controls over data sovereignty.
The technical core of the model is encryption. Information stored by organizations in Google Cloud will be encrypted using keys generated and stored by Telefónica in its own sovereign cloud. In other words, the keys are neither generated nor stored within Google’s public cloud environment but in an infrastructure controlled by a Spanish operator.
This detail is particularly relevant for public entities, banking, insurance, healthcare, energy, industry, defense, telecommunications, or any organization subject to strict compliance requirements. In these environments, the question isn’t just whether a cloud provider has a region in Spain but also whether external control over encryption keys exists and whether verifiable policies on data residency, access, and protection can be established.
The proposal doesn’t eliminate all the inherent tensions of cloud sovereignty but adds a layer of local control over hyper-scale infrastructure. For many organizations, this combination can be appealing: access to advanced Google Cloud services—including data analytics and artificial intelligence—along with additional controls managed by Telefónica.
| Element | Role within the alliance |
|---|---|
| Google Cloud | Local cloud infrastructure, Madrid region, and advanced services |
| Telefónica Tech | Sovereign partner, key management, supervision, and local controls |
| Google Cloud Data Boundary | Controls over data residency, protection, and access |
| Telefónica’s sovereign cloud | Generation and custody of encryption keys from Spain |
| Target clients | Public administrations and regulated sectors |
| Main value | Cloud innovation with greater control over data and access |
Digital sovereignty without abandoning the public cloud
The partnership aims to address a common tension in many Spanish organizations. On one side, the public cloud enables faster modernization, data analysis, artificial intelligence, scalability, and resilience. On the other, regulated sectors need guarantees regarding privacy, access, auditing, continuity, and legal control.
Isaac Hernández, General Manager of Google Cloud for Iberia, summarizes this clearly: there should be no conflict between Spain’s digital sovereignty and its economic competitiveness. The company argues that collaboration with Telefónica allows clients not to choose between autonomy and innovation.
For Telefónica Tech, the proposal aligns with its strategy to position itself as a provider of advanced digital services, not just as an operator or integrator. Sofía Collado, CEO of Telefónica Tech, emphasizes that the offering enables precise policies regarding data residency, access control, and protection through keys generated and managed outside of the public cloud environments. The company also provides 24/7 support and oversight, along with continuous auditing to detect potential policy changes that could jeopardize compliance.
This aspect can be decisive in public procurement processes and for companies where traceability is mandatory. In a sovereign cloud architecture, deploying a workload in a Spanish region isn’t enough; organizations must demonstrate what controls are in place, how they are applied, who manages them, how audits are conducted, and what happens if technical or contractual conditions change.
AI, analytics, and modernization under local control
The collaboration also has implications for artificial intelligence. Many companies want to adopt advanced models, data analytics, and automation but face internal limits on where certain data can be processed. If that data is sensitive, personal, financial, medical, or strategic, deciding to move it to a public cloud can be complex.
A sovereign cloud offer can facilitate projects that were previously blocked or only executed partially. An administration could modernize data systems while maintaining reinforced controls. A financial institution could explore advanced analytics with greater guarantees on keys and access. An industrial company could combine cloud, edge, and AI without losing sight of data residency and protection.
The alliance also comes at a time when Telefónica is reinforcing its message around distributed and sovereign digital infrastructure. Its Edge Plan, based on converting old copper exchanges into edge nodes, aims to bring processing, storage, and data control closer to where data is generated. The collaboration with Google Cloud covers another layer: the advanced public cloud with additional sovereign controls.
Combining sovereign cloud, edge computing, 5G, fiber, cybersecurity, and managed services can create a powerful offering for sectors requiring low latency, regulatory compliance, and innovation capacity. The challenge will be turning this architecture into easily accessible, integrable, and governable services.
The key distinction: sovereignty is more than just location
The announcement also highlights the need to nuance the debate. Digital sovereignty isn’t achieved solely because data is hosted in Spain or because encryption keys are managed by a local provider. These elements help but don’t completely solve the problem. Jurisdiction over providers, technological dependence, used software, exit capabilities, real auditing, portability, identity management, and service continuity also matter.
Therefore, the Telefónica and Google Cloud alliance should be viewed as part of a broader strategy, not a universal solution for all scenarios. Some workloads will fit well within this model, while others with extreme sensitivity may require private cloud, dedicated infrastructure, on-premise environments, or more closed hybrid architectures.
Nevertheless, the movement is significant. Google Cloud strengthens its presence in Spain with a solution tailored to local demands, while Telefónica Tech positions itself as a sovereign intermediary between hyperscale cloud and organizations seeking more control. In a market where AWS, Microsoft, Oracle, Google, and European providers compete for regulated cloud, such alliances can create competitive advantages.
Sovereign cloud is no longer just marketing; it’s evolving into a concrete architecture based on encryption, key control, auditing, residency, operational access, and compliance. The key question for each organization will be: what level of sovereignty do they truly need, and what combination of providers, infrastructure, and controls will enable them to achieve that without hindering their technological modernization?
Frequently Asked Questions
What have Telefónica and Google Cloud announced?
They announced a partnership to provide sovereign cloud solutions in Spain, aimed at public administrations and regulated sectors.
What role will Telefónica Tech play?
Telefónica Tech will act as a sovereign partner in Spain, managing encryption keys, access controls, oversight, and audit processes for the service.
What is Google Cloud Data Boundary?
It is a set of Google Cloud capabilities to establish verifiable controls over data residency, protection, and personnel access.
Why is local key management important?
Because it allows encryption keys to be generated and held by a Spanish operator outside the public cloud environment, adding an extra layer of protection against unauthorized access or external jurisdictions.