Navigating resiliency, security, and data sovereignty in a time of geopolitical uncertainty
Earlier this week, the UK National Cyber Security Centre (NCSC) and security researchers advised organizations to strengthen their cybersecurity posture due to heightened regional geopolitical tensions, specifically warning of potential cyber threats from malicious actors.
Already under pressure to solve existential challenges around data sovereignty and technological dependence, Europe now faces a convergence of short and long term risk management concerns. In the immediate future, Europe must ensure operational resilience despite looming potential for geopolitical-fueled disruption. Concurrently, they must build a strategy to maintain control over their infrastructure and data. This new cybersecurity mandate creates an imperative for European businesses, who must determine how best to juggle resiliency, security and data sovereignty concerns, now.
The following sheds light on the market dynamics in play and shares best practices for digital resilience and security amidst uncertainty.
European Data Sovereignty
Currently, the majority of Europe’s cloud infrastructure is operated by US-based hyperscalers, making them wholly dependent upon the United States. This has triggered debates over whether European data could be accessed under laws like the US Cloud Act. This Act allows US law enforcement to compel US- based technology companies to provide data, regardless of whether it is stored in the US or Europe. For Europe, this is in direct conflict with GDPR data privacy regulations, as it permits potential access to EU citizen data without using traditional international legal assistance treaties.
With Europe’s dependence on foreign cloud providers, the exposure of European data to foreign jurisdictions is very real, and coupled with the strategic vulnerability this poses to Europe for emerging technologies (namely in the artificial intelligence space) pressure is building to find solutions. This global nature of interconnected business is not going away.
Concerns are heightened too, given global political dynamics, and the implications of cases like Schrems II (in 2020) which determined that the EU-US Privacy shield was invalid.
As a result, Europe has accelerated efforts around:
Sovereign cloud initiatives
Data localization mandates
EU cybersecurity certification frameworks
New regulations like the Data Act (2025)
As enterprises navigate sovereignty considerations, they must ensure data control without limiting access or innovation.
AI Is Adding Pressure
The AI and cloud infrastructure market is consolidating around a small number of global providers, causing concern for Europe as they must build a strategy to play in the AI game. The sheer magnitude of resources, infrastructure, energy and data-farm requirements needed to match the global AI leaders (US and China) poses a real obstacle for Europe.
This has caused both competitive concern, as well as added complexity to the data sovereignty challenge - with foreign nations monopolizing the AI infrastructure space, data sovereignty must be solved, and fast.
Current Events Add Complexity
Even prior to the recent conflicts, geopolitical instability and cyber risk concerns have been top of mind for the European enterprise.
But the UK National Cyber Security Centre’s recent advisory to review and strengthen defenses for fear of retaliatory or opportunistic cyber activity is pushing enterprises to review security strategies in tandem with data sovereignty considerations. Bad actors from this region have historically used disruption tactics like DDoS, phishing, and infrastructure probing during geopolitical escalation, reinforcing the need for robust security tooling. The advisory names critical infrastructure, government and finance industries as key targets, along with organizations whose supply chains touch the Middle East.
Concerns over additional conflicts in Asia and established high traffic shipping routes echo the same dynamic: global dominance depends on a fragile supply chain, where disruption can have major implications.
So how can Europe ensure they remain secure, and resilient in times of unrest - especially when they are reliant on foreign infrastructure to conduct their business?
What Can Europe Do?
Europe is responding to geopolitical uncertainty and infrastructure concentration simultaneously- asking the right questions and prioritizing the right infrastructure and security strategies is critical.
To start, enterprises can use these questions to assess their readiness and begin developing action plans:
How can they best navigate this convergence of priorities - what resources are lacking?
How can they maintain data sovereignty, ensure digital resilience in a time of conflict, and trust in their security strategy?
We’ve compiled a quick checklist organizations can use to begin thinking about tackling the dual challenge. We’ve provided additional resources for further reading beneath each recommendation.
1. Prepare For Retaliatory DDoS
Priorities should first center around the immediate threat - ensuring protections are in place should any retaliatory cyberattacks occur. Effective DDoS protection (a key threat named by the recent advisory) relies on a combination of large-scale DDoS mitigation, deep traffic visibility, and infrastructure designed to detect and respond to anomalies in real time.
By preparing for the possibility of cyber retaliation before it happens, organizations can ensure their services remain available even when external pressures escalate. Digital resilience extends beyond performance and uptime - it is also about an organization’s ability to absorb and mitigate unpredictable surges in malicious traffic while maintaining service continuity.
Additional Resources:
Learn how to mitigate DDoS attacks more accurately and more quickly
Tailoring your DDoS Protection
Understand the DDoS Threat Landscape
2. Ensure Digital Resilience
Maintaining performance and services during a geopolitical disruption requires resilience. Investments in tooling and solutions that can ensure operational fundamentals are in place, despite interruptions, should be a high priority. Services must continue running even when the environment around them shifts, whether that’s political instability, cyber threats, infrastructure disruption, or sudden spikes in demand.
Resilience is built on fundamentals: reliable infrastructure, secure control planes, and operational practices designed to hold steady when everything else is moving. It’s not just about preventing failure; it’s about ensuring systems continue to function under pressure, maintaining trust, availability, and continuity when disruptions inevitably occur.
Organizations can start with an assessment of their existing tooling, namely their edge and delivery platforms, along with their associated security capabilities. A resilient solution should be engineered with the expectation that failures will occur.
The right platform will:
Treat availability and integrity as first-order design constraints rather than optional layers
Maintain predictable performance under sudden shifts in demand or unexpected surges
Mitigate high-volume attack traffic without sacrificing availability for legitimate users
Adapt to internet-scale variability without introducing unnecessary latency
Sustain elevated load during failover events or dependency disruption
This can be an overwhelming task, especially given the pressing timeline. Managed AppSec can help defer security concerns to an expert, delivering turnkey risk reduction.
Additional Resources:
How to navigate growing threat landscape with a resilient platform
Consider multi-cloud strategy to build resilience
Automated decision-making and self-healing platform for resilience
Optimizing digital experiences with an edge cloud platform
3. Address Data Sovereignty with the Right Platform Partner
Once the immediate threat of cybersecurity and infrastructure risks have been addressed, organizations can tackle the longer-term concern of data sovereignty.
As data sovereignty requirements continue to evolve, organizations need infrastructure that enables them to operate globally while achieving control over their data. This means choosing solutions designed for regional processing, and regulatory alignment, allowing sensitive workloads and data to remain within specific jurisdictions when required. Infrastructure built with these principles in mind helps organizations meet EU compliance expectations without sacrificing performance or global reach.
With reliance on foreign infrastructure, picking the right edge platform partner matters. A pragmatic engineering partner, instead of a hyperscaler platform can help ensure transparency, operational control and a collaborative partnership.
Additional Resources:
Edge Cloud Platform Buyer’s Guide
How the right platform ensures resilience
Compliance and process safeguards
How Fastly Can Help
Fastly continues to prioritize delivering essential capabilities to meet the evolving demands of enterprises in a dynamic regulatory and landscape. Building on its commitment to customer-centric solutions, Fastly is expanding its global footprint with strategic Points of Presence (PoPs) in key regions closest to our customers’ business operations. To further bolster these efforts, Fastly introduces Controlled Support Access (CSA) to provide enterprise-grade security and compliance with explicit approval workflows for account access.
Additionally, its expansion of SCIM and support for multiple SAML identity providers addresses the needs of large enterprises with complex organizational structures, enabling streamlined authentication and automated user lifecycle management. The introduction of Hierarchical Accounts further enhances governance, scalability, and centralized control for customers managing multiple accounts. These robust additions position Fastly not only as a technological innovator but as a strategic enabler for organizations navigating the challenges of heightened compliance, scalability, and high-performance demands.
Speak with our experts to learn how Fastly’s edge platform provides the localized control and DDoS-readiness required for the current European landscape.