Search papers, labs, and topics across Lattice.
The paper introduces Sovereign 2.0, a control-plane-centric model for cloud sovereignty that emphasizes enforceable control over digital service governance, operation, and recovery, especially under disruption. It defines management sovereignty as the ability to govern, operate, evidence, and recover services irrespective of infrastructure dependencies. The authors propose a three-layer risk-assurance framework (governance, operational, technical) and highlight post-quantum cryptography as foundational for long-term sovereign trust, shifting the focus from data residency to verifiable control.
Cloud sovereignty is about to get a whole lot more complicated: it's no longer about where your data lives, but who controls the keys to the kingdom, especially when things go wrong.
Cloud sovereignty can no longer be defined by data residency or infrastructure location alone. Under conditions of geopolitical disruption, legal exposure, and expanding service boundaries, sovereignty must be understood as enforceable control over how digital services are governed, operated, and recovered. This paper introduces Sovereign 2.0, a control-plane-centric model that extends sovereignty beyond localisation to include governance authority, privileged access, cryptographic trust, data lifecycle control, observability, and incident response across federated environments. We define management sovereignty as the sovereign ability to govern, operate, evidence, and recover services regardless of underlying infrastructure dependencies. To operationalise this model, we propose a three-layer risk-assurance framework spanning governance, operational, and technical controls, enabling sovereign outcomes to be specified and continuously evidenced under both steady-state and crisis conditions. We further position post-quantum-ready cryptographic control, particularly TLS and key custody, as foundational to long-term sovereign trust. These contributions reframe sovereignty as an evidence-backed control system rather than a property of location, with implications for cloud architecture, procurement, and resilience design.