Cisco has announced the launch in Europe of Sovereign Critical Infrastructure, a configurable portfolio of hardware and software designed for customers who need to build and operate their own sovereign infrastructure in on-premises and disconnected (air-gapped) facilities. The company, a global leader in networks and security, frames this proposition within a clear continental trend: more control and autonomy over digital infrastructure and data, with compliance with EU and national certifications.
The package covers Cisco core lines —routing, switching, and wireless networks—, collaboration, and certain endpoints, complemented by security and observability solutions from Cisco and Splunk. The key innovation is that everything can run in isolated environments and under customer-managed control, with an air-gap licensing model that ensures Cisco cannot remotely disable products. The portfolio has been available in Europe since September 2025, through Cisco and strategic partners.
“Our customers want control over their infrastructure and data, with the freedom to choose the deployment model that best fits their operations, security, and objectives,” emphasized Gordon Thomson, President of Cisco EMEA. “Today’s announcement offers that combination: technology and flexibility to build secure and resilient systems.”
What does “sovereign critical infrastructure” mean in practice?
Behind this term lies a concrete operational promise: the ability to build, audit, and operate the digital infrastructure that underpins essential services — ranging from public administration, banking, and healthcare to energy operators, transportation, and emerging AI factories — within the perimeter of each organization or country. It’s not just about repatriating workloads from the cloud but about a model that allows:
- On-prem deployment: the portfolio can be operated entirely within customer data centers, under their own management and policies.
- Air-gapped mode: the solution is ready to operate in offline environments or with strict segmentation.
- Air-gap licensing: Cisco states that the portfolio is configured to function in isolated mode and that it will not have the ability to remotely disable products.
- Configurability: from client-managed encryption to specific integrations, with the option of hybrid operation (on-prem with select cloud services where viable).
- Compliance: alignment with certifications and key standards of the EU and each country; most on-prem solutions are IPv6-Ready and Common Criteria, with Cisco outlining a roadmap towards the future EUCC (the new European Cybersecurity Certification).
The goal is to address a growing dilemma in Europe: how to leverage cloud and AI innovation while maintaining sovereign control over infrastructure and data, and complying with increasingly strict regulatory frameworks — from NIS2 and DORA to sector-specific requirements in healthcare, finance, and defense.
Who is it for: from the public sector to Europe’s AI factories
Cisco outlines a broad beneficiary landscape:
- Governments and public agencies: mission-critical operations under direct control, within national or sovereign domains, with audits and controls that do not depend on third parties.
- Regulated industries (banking, insurance, fintech, healthcare, pharmaceuticals): architectures that enable sovereignty and compliance with sensitive data.
- Critical infrastructure operators (utilities, energy, water, transportation, telecom): operational resilience with extreme segmentation and recovery capacity without Internet dependence.
- AI factories and AI data centers: the network, security, and observability layer as foundations of a European sovereign AI, combining local compute and governance compliant with regulations.
“Digital sovereignty requires connectivity. In organizations responsible for critical infrastructure, operational resilience is key; they seek controls and autonomy that only solutions of genuine sovereignty can provide, especially in networks,” noted Rahiel Nasir, Director of Research for Europe at IDC and Lead Analyst for Digital Sovereignty. According to this analyst, the shift to on-prem observed by IDC in European budgets does not eliminate the sovereignty challenge; quite the opposite, it intensifies.
For partners and integrators, the announcement also marks a turning point. NTT DATA called it a “significant advance” and highlighted the value of combining air-gapped infrastructure with deep configurability and compliance to meet the growing demand for control and autonomy among European customers.
What does it include: networks, collaboration, endpoints, and the security/observability layer with Splunk
The portfolio covers Cisco’s core families —routing, switching, wireless— and collaboration, along with certain endpoints. All these are enhanced by security and observability solutions from Cisco and Splunk. In practice, this enables:
- Traffic segmentation and control in critical environments.
- Event monitoring and telemetry with deep visibility from the network layer to applications.
- Threat detection and response without reliance on external services, tailored for isolated environments.
- Collaboration with traceability and local policies — useful in government and regulated sectors — within the perimeter defined by each customer.
The combination of robust hardware and security/observability software aims to equip operations teams with integrated tools to monitor, correlate, and remediate incidents onsite, maintaining sovereignty over records and metadata.
Why “air-gap licensing” matters (beyond the slogan)
One of the most discussed aspects of the announcement is the air-gap licensing model: the portfolio is prepared to operate in isolated environments and Cisco will not have the capacity to remotely disable products. In a European context where critical infrastructure and public entities demand technical and legal guarantees of autonomy, this clause introduces a shift in balance:
- Reduces the risk of interruptions caused by remote mechanisms (intentional or accidental).
- Boosts confidence for sensitive operations that rely on full continuity.
- Aligns the portfolio with sovereign frameworks that require local control and traceability.
In environments where disconnection (temporary or permanent) is a requirement, or where network perimeters are hermetically sealed, this model prevents licensing friction from “calling home” or degrading without a connection.
Certifications and standards: Common Criteria, IPv6-Ready, and EUCC roadmap
Conformance with European standards is another key pillar. Cisco states that most of its on-prem solutions in the portfolio are IPv6-Ready and Common Criteria, and that a roadmap exists toward EUCC (the new European Cybersecurity Certification scheme). These seals help shorten approval and public procurement procedures and facilitate audits of controls and processes.
The EUCC — underway — aims to harmonize cybersecurity certification across Europe, providing common references for products and ICT services for EU member states and operators. For a sovereign on-prem portfolio, tracing a path toward this scheme adds certainty in the medium term.
Why now? The European background: NIS2, DORA, Sensitive Data, and the AI race
Digital sovereignty has become a state strategy in Europe. With NIS2 (networks and information systems), DORA (digital operational resilience in finance), EHM/EUCS/EUCC (cybersecurity and certification), and sectoral data regulations, critical operators and regulated entities are being pushed to strengthen their infrastructure. Additionally, the AI race emphasizes the need to build data centers and AI factories within European territory, combining capacity, energy efficiency, and governance over data and models.
Within this context, Cisco’s proposal seeks to respond to a specific demand: how to operate networks, security, and observability in a sovereign manner, even when operating models are disconnected, hybrid, or edge-based. The pragmatic message is that not all workloads will move to the cloud, nor should they stay entirely on-prem; the key is to be able to choose without sacrificing compliance, control, or resilience.
What this means for IT teams: operational sovereignty without sacrificing flexibility
For CIOs/CTOs and CISOs across Europe, the portfolio promises to restore control:
- Localized operational model (and auditable) with telemetry and records under own governance.
- Integration with security and observability tools for on-site detection and response.
- Hybrid options where appropriate — for example, cloud analytics with anonymized data or without sensitive payloads — maintaining core functions on-prem.
- Clear compliance pathway supported by recognized certifications and standards from regulators and public procurement authorities.
The approach does not replace good practices: designing segmentations, automating patches, planning energy resilience, and conducting regular testing. But Cisco’s promise is to provide a comprehensive toolkit —networks, security, observability, collaboration, and endpoints— without dependencies on remote connections that conflict with sovereignty policies.
Risks and limitations: a realistic perspective
As with any “sovereignty” proposal, it’s crucial to manage expectations:
- Sovereignty ≠ absolute isolation at all times: many customers will seek a balance between local control and selective cloud services.
- Compliance: aligning with certifications does not exempt from audits or adapting to specific regulatory or national requirements.
- Operational complexity: managing air-gapped environments demands discipline and processes (offline patch management, controlled artifact exchange, etc.).
- Ecosystem: observability and security gain value when covering entire the stack; integrating third parties into a sovereign environment may require extra work.
Nonetheless, the announcement provides a clear framework for sovereign projects that previously had to customize solutions ad hoc with higher costs and risks.
Availability and channels
Cisco Sovereign Critical Infrastructure will be available in Europe starting from September 2025, via Cisco and key partners. The company refers to its Blog and an Executive Blog by Gordon Thomson to detail how this offering fits into “a tipping point in how Europe builds and protects its sovereign critical infrastructure in the AI era.”
Conclusion: More options for genuine digital sovereignty
Cisco’s move arrives as many European organizations are rethinking their spending toward on-prem solutions without abandoning hybrids and multicloud. Analysts point out that sovereignty is not just a label but a set of decisions about where data resides, who controls the infrastructure, and how it is operated and certified. A portfolio that is born air-gapped, configurable, and aligned with European standards adds an important piece to the puzzle: the network, security, and observability layer that underpins everything else.
If Europe’s goal is to build AI factories, safeguard critical infrastructure, and provide real alternatives to governments and regulated industries, initiatives like Cisco Sovereign Critical Infrastructure expand choices and *accelerate* the transition from sovereignty discourse to operational architectures that realize it.