What IT Sovereignty Really Means: Beyond Data Location | Deutsche Telekom CTO

March 24th, 2026 | Jason Lopez | 09:34

▶

Andreas Eisenreich, CTO at Deutsche Telekom, explains why data sovereignty isn’t about location — it’s about control, informed decisions, and the ability to act on your strategic goals without vendor permission.

Get tech leader insights to move faster and smarter.

Get more stories by subscribing to The Forecast.

Transcript:

Andreas Eisenreich: So welcome dear architects, strategists, and decision makers. You have arrived where the rules are being rewritten. The utopia of a borderless internet where one click deployments were possible and any location in the cloud is slowly dissolving. The IT galaxy is becoming more complex, more political, and yes, a bit more uncomfortable. But on very, don’t panic. We have long lived in a kind of autopia. National borders didn’t matter to us. Infrastructure was global and deployments could be distributed across the globe with a single click. The location was just a variable in a conflict file. That error is coming to an end. The topic of serenities, unfortunately, not just an abstract buzzword, but a real challenge. The impact on us as the IT industry is hard to foresee. After all, we all had the same access to technology, no matter where we in the world and almost regardless of the available budget.

The democratization of innovation and technology has made us significantly more agile. Personally, I’m more of one learning by doing guy. So the impact this will have on my way of learning, for example, remains to be seen.

Jason Lopez: That’s Andreas Eisenreich, reading from his 2025 LinkedIn article entitled IT Sovereignty: The Hitchhiker’s Guide for Architects and Decision Makers. He’s the CTO for cloud and infrastructure at Deutsche Telekom. This is the Tech Barometer podcast. I’m Jason Lopez. We thought having him read from his article would be a good way to start this story about how sovereignty is now a top concern. You need a way to define it before you can make a good decision about it. And firms like Gartner, IDC, and Forrester are now treating this as a primary market force, not just a footnote. We talked to Andy shortly after his team worked with Nutanix to develop a sovereign data solution for hybrid cloud. In our interview, he began with this. Data sovereignty isn’t just about where your data lives. It’s about whether you can actually use it without a vendor’s permission. He reminds his clients that physical control means nothing if your data is locked in a proprietary format that becomes inaccessible the moment you lose a license.

Andreas Eisenreich: Phase one, let’s try to free up your data. And that’s not super hard, but most of the time users are involved.

Jason Lopez: A good example, he says, is Microsoft 365. The moment you commit to any proprietary platform is the moment your data sovereignty journey and your responsibility to protect it begins.

Andreas Eisenreich: We all use it. We love it. We are partnered with Microsoft, great partners. I love the product, but that has to be an option. So if I decide I want to go with Microsoft, my responsibility from that point in time, that’s the beginning of a sovereignty journey when it comes to data.

Jason Lopez: Andy pointed to the idea of making fully informed decisions about how data is stored and who ultimately controls it. The moment someone else holds the encryption key, regardless of what they call it, you don’t own your data, you’re just borrowing access to it.

Andreas Eisenreich: If there’s someone telling you, “Yeah, that’s now your storage box, that’s completely sovereign. Just place it in your office, you’re able to access your data at any time, no problem.” From a technical implementation perspective, the data are encrypted and the encryption key is part of their license model. That’s the opposite of an informed decision, so that’s a problem for sovereignty. But as long as you are able to understand the implications and take that informed decision, for me, that’s sovereign.

[Related: AI Sparks Rise in Shadow IT]

Jason Lopez: And he goes on to say, “True sovereignty isn’t even necessarily about open source or open formats. It’s about how understanding exactly what you’re agreeing to and making that choice with your eyes fully open.” Sovereignty may feel like a new buzzword, but the underlying struggle, who controls your data and on whose terms is as old as IT itself.

Andreas Eisenreich: Look at a bunch of non-functional requirements. Things like the European Sovereignty framework that they just released, they might help us to somehow have a common ground to start the discussion around that. But at the end, it’s non-functional requirements. And as all architectures, I mean, they’re not just built, they’re maintained. If you start with something like your own infrastructure based on Nutanix down in your data center, that might be version one. It ticks all the boxes when it comes to your understanding of Serenity, but bring that then to version two, where you have to tick all the boxes as well, but maybe with another technology. And that is where it becomes interesting on a lifecycle perspective. And exactly for that point in time, we have to be ready as a service provider to take over the workload from those platforms into something more capable, I would say, to somehow stick to the promises, to the values that cloud gives us these days.

Jason Lopez: Sovereignty has become one of the biggest trends in tech, but Andy says too many people don’t ask enough questions, and in fact, often only ask the one we began with, “Where does my data live?”

Andreas Eisenreich: That’s not the point. Serenity is all about being able to act according to your strategic goals, to your values.

Jason Lopez: But true sovereignty encompasses far more than simply knowing which legal jurisdiction your data happens to reside in, and it’s more than just a binary choice.

Andreas Eisenreich: It’s not a switch that you can turn on off Sovereignty. I would say it’s a scale, and it depends always where you are, what is important for you.

Jason Lopez: And ultimately, your definition of sovereignty has to align with everyone else at the table.

Andreas Eisenreich: That makes it super complex when we are in a service provider and client discussion. When a client just mentioned to me, “Okay, I need that sovereign.” So the answer, of course, is yes, no problem. But what’s the meaning of sovereign?

Jason Lopez: Andy’s definition extends to SLAs, operational processes, and whether you actually have a lever to influence decisions that affect your business. For example-

Andreas Eisenreich: There’s patch day for your more classical infrastructure, and the provider is just telling you, “Okay, next Saturday, we patch.” So that has to fit somehow to your business plans on that day. And if there’s no possibility to just raise your hand and say, “Yeah, that doesn’t fit, sorry, that’s not a sovereign solution,” even if the data is stored in your backyard.

Jason Lopez: Once you’ve clearly defined what sovereignty means for your organization and how much influence you need across each relevant area, it makes sense to put that in writing and use it as a filter when evaluating potential partners. You can take a mathematical approach, but the challenge is that even with that kind of detail, interpretations still vary. The same criteria can look very different depending on which side of the table you’re on.

Andreas Eisenreich: If you see your own infrastructure service provider is running your data centers, it feels for you kind of sovereign, of course. If you share the same basic values, you have to be very open about your business goals, about your capabilities. I mean, that’s something where it’s easy to find out how to handle those complex topics around sovereignty.

[Related: AI’s Next Wave]

Jason Lopez: He says a real partnership is a foundation of mutual honesty, and that honesty has to extend to the hard questions like, “How do I get out of your solution if I need to? ” If a partner can answer that openly and the answer fits your requirements, you found the kind of relationship where sovereignty stops being a problem and starts being a conversation. Andy says for a decade, the IT industry gave everyone the same answer regardless of the question, and that answer was cloud. He says clients have been told they didn’t understand their own problems, reshaping their business challenges until they happen to fit perfectly inside whatever cloud offered.

Andreas Eisenreich: I was tired about that, and that’s true for AI use cases as well. I was really tired about that, and that is why we started with the idea of hybrid IT, where we, on one hand, have the infrastructure of Nutanix as a building block that might run on client data centers as well as on telecom data centers wherever. And so the client is able to decide per workload, so per application that he wants to run, if he wants to run that on the Nutanix stack with his premises, or just put in additional resources from the cloud, and that’s completely transparent to the client. What we created together with Nutanix is a perfect example of what I want people to think about. I think the time where we do those pilots, that’s over.

Jason Lopez: Andreas Eisenreich is the CTO for cloud and infrastructure at Deutsche Telecom. You can read his article, The Hitchhiker’s Guide for Architects and Decision Makers at LinkedIn, and he says in the piece, “Don’t panic.” This is the Tech Barometer podcast produced by the forecast. I’m Jason Lopez. The forecast has a treasure trove of tech articles and podcasts, and you can find them at the forecast by nutanix.com.