Colin Bannon, chief tech officer at BT Business, reframed the sovereignty debate at FutureNet World in London last week: data sovereignty is largely secured, tech sovereignty is unrealistic, and operational sovereignty is about resilience, he said – about who controls the “off switch” when systems fail.
In sum – what to know:
Operational sovereignty – is the real issue; the focus has shifted from protecting data to ensuring continuity – avoiding single points of failure and retaining control over critical infrastructure in a crisis.
Resilience, not ideology – drives strategy, multi-cloud active-active architectures and local infrastructure aren’t political choices but engineering responses to systemic outages and dependency risks.
Urgent regulatory clarity – for commercialisation; telcos are already investing in sovereign capabilities, but secrecy, high costs, and lack of regulation or standards are blocking wider market adoption and returns.
There was a good session about telco sovereignty at FutureNet World in London last week, courtesy of Colin Bannon, chief technology officer at BT Business. “I have sat on five or six of the 15 sovereignty working groups in the UK,” he said. “It attracts more [attention from the] leadership team than I’ve seen in a long time, and also more confusion about what it is, and what to do – or just frustration about how to make it happen.” Everyone has their own “taxonomy”, he went on, but here’s the internal BT “cribsheet” – and he showed a slide (see image below) with sovereign ‘levels’ going from privacy to resilience; from data sovereignty to operational sovereignty to tech sovereignty.
Bannon stated: “A couple of years ago, customers were worried about data sovereignty. And our hyperscaler friends responded with very good solutions around key management, obfuscation, data boundaries in the EU – which the UK doesn’t actually benefit from because of Brexit. But people have moved on. If you talk to customers these days, pretty much every board on their group-risk register has a set of scenarios that were unthinkable two years ago. And, if you think about where people’s heads are, it is less about whether somebody can read your data – because we’ve pretty much solved that – [and more about] who has the off switch.”
And so Bannon asked the question on every telco’s mind: “am I master of my own destiny?” These concerns – security, resiliency, sovereignty – are “converging, and possibly conflated”, he suggested. “Because they all end up in that sort of target sweet spot the board is worried about – about, ‘can I keep my business running?’ And so what was data sovereignty is more about operational sovereignty [now]. His question was for the whole room, ostensibly filled with telco types: do you have strategic autonomy? But really, or also, it was for their enterprise customers, in Europe and all over. The right-hand scenario (on the slide), about tech sovereignty, might as well be dismissed, he said.
“It is incredibly expensive and virtually impossible to have a technology stack, top to bottom, that doesn’t involve China or the US. So let’s forget that. In an economic sense, it is worthwhile for nations to develop [their own] regional large language models – appropriate for certain skills. There’s a benefit to have that choice, and locality and context. But a full [sovereign] stack is really hard. And why would a telco cut off innovation from a hardware manufacturer that spends more on R&D than its total revenue? You wouldn’t want to do that; you want to keep working with partners – particularly the ones that have knowledge and engineers you’ve worked with for 30 years.”
Operational sovereignty
Unmatched innovation, plus justified loyalty, then. “So that’s not the point,” he went on; data sovereignty is solved, and tech sovereignty is unrealistic, and not helpful. “The point is: can you set that architecture up, in the case of BT, [so it is] designed in Britain, built in Britain, run in Britain? That’s the challenge.” Operational sovereignty is where the boardroom focus is, said Bannon. Just think about recent outages, he suggested. The biggest cloud providers (AWS, Azure, GCP) have all failed at times over the past 18 months; AWS was down for half a day in October. Most telcos have seen regional outages here and there; Verizon was out for 10 hours in January. There are lots of examples.
The strategy of “zonal resilience” is “not resilient”, anymore, he suggested. Data sovereignty is done, and tech sovereignty is fanciful, and, actually, this mid-level concept about ‘operational sovereignty’ is not about sovereignty very much at all; it is mostly just about the “off switch”. So, first principles: avoid single points of failure, he said; don’t put all your eggs in one basket. Strip out the politics, and it maps to straight resiliency logic: don’t depend on single clouds, vendors, control planes; containerise, abstract, decouple. It ain’t ideological – it is the same playbook for portability and failover. Recent outages show that resiliency failures are more often systemic, and not isolated.
Bannon said: “At what point do the failures keep happening… [so] you start to run [critical applications] on separate infrastructure, active-active? What does that actually look like? If you run your [second active] workload in… another cloud, [as] dual multi-cloud active, then you have to solve for egress; if it is in a private cloud or private infrastructure, is there anything else you can solve for?” And so the penny drops; if the workload criticality justifies complexity and cost (in duplicate infrastructure, egress fees, data consistency), then telcos might run active-active redundancy (versus just backup) in local private infrastructure instead, and solve the sovereignty riddle while they are at it.
“At that point, investing or landing the second instance on a sovereign platform ticks another box in terms of overall risk – because you’re removing another failure plane: the capability of foreign jurisdiction to turn the switch off on the platform that you have in your country,” he explained. If the telco model is active-active across multiple environments, then make one of those environments sovereign, right, and kill that last kill switch – which is dependency on “foreign jurisdiction”. ‘Sovereignty’, as it is, is really just extra justification for the same engineering ideals, then – which is total resilience. Not just in data-center compute, which hogs the sovereignty debate; but in critical national telecoms, too.
Government intervention
“Generally, we were part of the government at one point. We were nationalized, [and] spun out… [Telco] DNA [says] we are still part of critical national and sovereign infrastructure. There is an argument… for telcos to have a real right to play in this particular area – assuming we’re thinking about computing. But sovereignty… isn’t just about compute, and where to put your workload – certainly from a BT perspective, looking across the portfolio [in terms of] network platforms, underlying infrastructure. [And] so you will see direction on that from myself and from other providers.” But how can telcos, historically bad with new money, monetize trust and sovereignty?
It was a rhetorical question, answered by (of all things) a call for more regulation, and a ‘level playing field’ – so national operators can fairly market their expensive sovereign creds. Bannon said: “I think this is the only time I’ve [ever said to myself], ‘Oh, it would be really nice to have regulation’. It is the one time in my entire life. Because regulation [would] provide clarity… [and] it is a wild west in the UK; there is no framework [about sovereignty standards] – whereas other parts of Europe have provided clarity… Regulation is often a reaction to the cost of industry failure not to get aligned and organized. We should, as an industry, define sovereignty better ourselves.”
He explained: “Why would service providers invest in sovereign platforms if they don’t know the return on that investment? I mean, I would love the industry to agree on a [‘kitemark’] to [standardize] sovereignty. [Because if] I’ve doubled my unit economics to bring operational staff back onshore, [and] I’m bidding against someone that [hasn’t], and just has a marketing tag to say it’s sovereign – then that’s not fair. It creates uncertainty, and a barrier to investment.” Besides, incumbent telcos like BT have been investing in sovereign platforms anyway – as national providers of critical workloads; but these have been opaque, by their nature, and therefore hard to commercialise.
Bannon went on: “There are levels of secrecy [around them], and those secret platforms aren’t necessarily at the unit economics that private industry will buy. And so [the challenge] to retool your platforms – to design, run, operate, invest back in Britain – is to create a level playing field that [supports a business case to] build and back Europe and the UK.” As written, and as always with Bannon, it was a good show – understated delivery, clear argument, powerful message. “Those are the challenges that we’re facing,” he said. “It is live right now; it’s active.”
He closed: “Ultimately if you distill it down, it is relatively simple. The key motion is how to keep people’s businesses running in this uncertain world, but to do it in a cost effective way – so trust that business will continue, even on a bad day, is there. That keeps me up at night. We are making investments in advance [of clarity in the market]. Because it takes time as a telco; sometimes you just need to take a long stand – [so that] by the time these things land, people understand what they are buying. And that way, we deliver more brilliant outcomes, and reduce friction and cost overhead for the future.”
