Kyndryl has launched Sovereignty Solutioning, a new portfolio of advisory, implementation, and managed operations services designed to help organizations assess and reduce their technological dependencies in an increasingly geopolitically influenced, regulated, and business continuity-driven environment. Central to this offering is the new Sovereignty Readiness Assessment, an evaluation created to identify risks, gaps, and dependencies in complex hybrid environments—from data and operations to cloud architecture, security, and Artificial Intelligence.
The core message is clear: digital sovereignty is no longer an abstract compliance discussion but a practical risk management issue. Fariba Wells, Senior Vice President of Government Affairs and Policy at Kyndryl, sums it up by stating that sovereignty is no longer a theoretical or public policy question but an operational risk that organizations must address today. The company aims to position itself precisely at this point: helping businesses and governments decide how to manage their critical assets, data, providers, and dependencies to adapt more quickly when external conditions change.
A assessment to uncover hidden dependencies
The new Sovereignty Readiness Assessment reviews an organization’s current and planned state across three major domains: data, operations, and technology. The goal is not to deliver a static score or a generic audit but to build an actionable risk map. Kyndryl states that the assessment identifies exposures related to data residency, operational dependencies, architecture weaknesses, and potential restrictions that could impact business continuity. From there, it suggests a phased roadmap to prioritize decisions in cloud, security, infrastructure, and technology governance.
This approach is especially relevant because many companies have reached their current architecture through accumulated decisions rather than sovereign design. The Kyndryl Readiness Report 2025 indicates that 83% of leaders believe emerging regulations on data sovereignty and repatriation have gained importance in IT decision-making over the past 12 months. The same report notes that 70% of CEOs recognize that their current cloud environment was built “by accident” rather than by design, and that 65% of organizations have already changed their cloud strategy in response to new geopolitical pressures.
The result is that sovereignty cannot be limited to selecting a cloud region or complying with data residency clauses. In many cases, the risk lies in less visible dependencies: who operates the environment, which provider controls the management plane, where keys are stored, how support is executed, what happens if a sanctions impact a global provider, or how continuity of critical loads is ensured if political or regulatory environments deteriorate.
Cloud, AI, and data: the new sovereignty map
Kyndryl frames its offering as a solution for hybrid environments, not as a one-size-fits-all model. The company refers to on-premises infrastructures, private clouds, hybrid clouds, public, hyperscales, and local providers. Its proposal is to design “sovereignty-ready” architectures that may include dedicated environments, external management of encryption keys, infrastructure within the country, separation of control planes, and proven contingency and failover procedures.
This flexibility is crucial because digital sovereignty does not necessarily mean abandoning public cloud or rehosting all data. Often, it involves classifying workloads, understanding which data requires tighter control, defining acceptable dependencies, and building alternatives for the most critical systems. Kyndryl presents this as a continuous governance capability, not just a compliance project.
AI adds another layer of complexity. Kyndryl’s sovereignty service page emphasizes that data sovereignty now includes AI-related assets such as training data, fine-tuning datasets, prompts, embeddings, inference outputs, and model artifacts. It also defines AI sovereignty as the ability to gain more choice and control over the entire stack—from system development and deployment to the data, models, and computational resources supporting them.
This point is especially critical for regulated sectors. A company might host its data in a specific region but still lose control if models, APIs, support operations, or observability systems depend on third parties in other jurisdictions. Therefore, sovereignty is increasingly becoming an architectural criterion, not just a procurement consideration.
From data residency to operational control
This launch also reflects an evolution in the very concept of sovereignty. Kyndryl distinguishes between data sovereignty, operational sovereignty, and technological sovereignty. The first focuses on where data is stored, processed, and governed. The second centers on the ability to operate and manage the environment independently in the face of disruptions, sanctions, or provider changes. The third broadens the scope across the entire technology stack: cloud, hardware, operating systems, databases, middleware, applications, and AI.
This broader view aligns with Europe’s current context. The digital sovereignty discussion is no longer solely about GDPR or physical data location. It now encompasses business continuity, dependence on hyperscalers, exposure to extraterritorial legislation, sanctions resilience, auditability, key management, and AI governance. For many organizations, the question is no longer just “where is my data,” but “who can operate, modify, block, access, or influence my technology?”
The Kyndryl report published in March also links this concern to two other fronts: quantum computing and legacy networks. According to the company, 84% of leaders state that data sovereignty and repatriation regulations have become more significant in the past year, with 86% considering regulatory alignment of cloud providers increasingly critical. The same study warns that 25% of critical networks, storage, and servers are nearing the end of their lifecycle, and only 37% believe their infrastructure is prepared for future risks.
An opportunity for Kyndryl amid technological uncertainty
For Kyndryl, this offering has strategic value. Born from the spin-off of IBM, the company has positioned itself as a provider of managed services and critical infrastructure for large organizations. Its focus aligns well with clients that cannot afford to make impulsive decisions around cloud, continuity, and compliance. Rather than selling sovereignty as a marketing label, Kyndryl aims to package it as an operational practice: diagnostics, architecture, implementation, regional operations, access controls, and ongoing governance.
The proposal also arrives at a time when many companies are reviewing their cloud strategies. Some seek to repatriate workloads, others want more controlled hybrid models, and some aim to combine global hyperscalers with local providers. The key will be to prevent sovereignty from becoming a hollow slogan. To carry real value, it must translate into concrete decisions: which loads are protected, which dependencies are reduced, alternative systems tested, data isolated, client-controlled keys, and procedures activated if a provider becomes unavailable.
Kyndryl’s approach of framing sovereignty as a matter of resilience rather than just compliance is spot on. However, its success will depend on a more demanding factor: demonstrating that it can help organizations gain control without stifling innovation, increasing costs, or turning every cloud or AI project into an unmanageable architecture. In a more fragmented world, achieving the right balance of control, flexibility, and continuity will be increasingly challenging.
Frequently Asked Questions
What is Kyndryl Sovereignty Readiness Assessment?
It is a Kyndryl evaluation that reviews an organization’s stance on data, operations, and technology to identify sovereignty risks, operational dependencies, and control gaps, transforming them into a phased roadmap.
What’s the difference between data sovereignty and digital sovereignty?
Data sovereignty focuses on where data is stored, processed, and governed. Digital sovereignty is broader, encompassing control over infrastructure, operations, providers, software, AI models, and the entire technology stack.
Why does technological sovereignty become more important in 2026?
Because of geopolitical tensions, new regulations, reliance on global providers, AI expansion, and the need for business continuity. Kyndryl notes that 83% of leaders see sovereignty and repatriation rules gaining importance in IT decisions over the past year.
Does digital sovereignty mean abandoning hyperscalers?
Not necessarily. Kyndryl advocates hybrid models combining on-premises, private cloud, public cloud, local providers, and hyperscalers, provided there are appropriate controls over access, jurisdiction, resilience, and operations.
via: kyndryl