Data Sovereignty is not just a Māori issue, but a global issue that New Zealand must address now.
Another follow up report from my Māori Data Governance Report 2025, this article analyses corporate requirements for Data Sovereignty and the need to classify on-shore and off-shore data hosting and sovereign AI and Data centres. Corporate needs reflect Māori implementations of AI and Data.
A qualitative survey by Pure Storage® with the University of Technology Sydney (UTS) released new insights report “Data Sovereignty: A New Era Navigating Risk in a Dynamic World” on data sovereignty by industry leaders across nine countries including Australia, New Zealand, India, Japan, Singapore,
South Korea, the United Kingdom (UK), France, and Germany. The report aligns well to Māori Data Sovereignty practices and the findings of the Māori Data Governance Report 2025.
The report revealed unanimous concern about the risks of inaction around data sovereignty:
- 100% confirmed sovereignty risks, including potential service disruption, which have forced organisations to reconsider where data is located.
- 92% said geopolitical shifts are increasing sovereignty risks
- 92% warned inadequate sovereignty planning could lead to reputational damage
- 85% identified loss of customer trust as the ultimate consequence of inaction
- 78% are already embracing different data strategies, such as implementing multi service provider strategies; adopting sovereign data centres; and embedding enhanced governance requirements in commercial agreements.
“Once data is created and stored, ensuring that it’s only ever in one place and only ever within a geographic boundary is actually quite a tricky issue.”
DATA GOVERNANCE EXPERT, AUSTRALIA
The report includes “A Practical Guide for Taking Action” that aligns well with Māori Data Sovereignty.
- Take a More Intentional Approach to Risk Assessment (Recommended Route). The report recommends “defining a data strategy that addresses the urgent demands of the situation, determining what data should go where and how”. This reflects the Māori Data tikanga of ‘Tapu/noa/Rāhui” and deciding what data should be stored on shore and elsewhere.
- “Take a Conservative Route and Detach From Non-Domestic Public Cloud Service Providers”. The report states “This is a risky option and likely to set organisations back in achieving their business objectives due to loss of access to innovation and financial fallout”. This was initially the primary options of the Māori Data Sovereignty and one that some still advocate for, but it is largely not implemented.
- “Do Nothing and Hope None of The Risks Catch Up with Them”. This is largely where Māori and New Zealand are at the moment. With Hyper Scale Cloud providers on shore and many other data centres, many Māori organisations are by default using some form of cloud and minimising risks. The report states “This is highly risky, and there is no protection from the potentially devastating financial and reputational repercussions of disruptions attached to data sovereignty.”
“Increasingly it’s going to be difficult to put data in one of the big players because you won’t want to be putting commercially sensitive or private information about customers into an uncertain world. I think we can increasingly see people concerned about the privacy of these models and the sensitivity of sharing information, especially with overseas companies.”
AI EXPERT, AUSTRALIA
In the final part of the report is “Best Practices for Taking Action“. This section offers real like practicable solutions, many of which I have advocated for over the years.
The recommendations highlights the fact that not all data is critical (Tapu/Rāhui in Māori Data Sovereignty terms) and that at Hybrid capabilities allow organisations to keep critical workloads in sovereign hosting environments while leveraging public cloud services for non-sensitive functions providing both sovereignty and operational flexibility. While this recommendation is at odds with some Māori Data Governance Frameworks, it is both commercially and technologically sound advice.
Evaluate Sovereign Service Providers recommends utilising Sovereign Service Providers. In New Zealand we have several such providers that vary in the degrees of sovereignty they offer. Sovereign Service Providers include but are not limited to “AWS, Catalyst, Microsoft and Team Cloud”. Noting only Catalyst offer Open Source solutions and are New Zealand owned (not Māori owned) and TeamCloud utilise Oracle and have Ngāti Toa as shareholders.
“Regulation is not necessarily a barrier to innovation. Quite the opposite, it’s actually a net positive.”
AI EXPERT, AUSTRALIA
Each organisation will need to evaluate which Sovereign Service Provider or Data Sovereignty strategy best aligns to the individual organisation’s needs including ownership, jurisdictional issues and other risk analysis.
A key message for Māori seeking Data Sovereignty, is that it is impossible to fully implement as there are resources such as minerals needed for hardware that are only accessible in some countries and having full control of the whole stack, energy sovereignty and much more to consider.
“…If you don’t control the whole stack, how can you say you have data sovereignty? Even if you’re storing your data purely under your legal jurisdiction, but it’s stored in a proprietary form, should you lose the access to that software or to that format, how can you assert sovereignty?”
Hyperscale cloud solutions provide scalability, security, and cost-efficiency that bespoke solutions cannot realistically match. The providers invest billions of dollars annually in cybersecurity, encryption, and compliance with international standards (ISO, SOC, HIPAA, etc.). They also offer data sovereignty features (e.g., region-locked storage in New Zealand or Australia), the options of automatically replicating data across multiple zones, etc. These clouds are designed to handle petabytes of data with built-in redundancy and uptime guarantees of 99.9%+. While Custom solutions often struggle with scaling beyond initial capacity. Their regions can help align with Te Tiriti o Waitangi obligations and Māori Data Sovereignty principles. This enables Māori communities not just to store data but to govern, use, and extract value from it.
“AI is fast becoming a geopolitical force, and data centres are the chess pieces on the board. Decisions about where to build, how to power them, and their environmental impact are increasingly central to global negotiations.”
AI GOVERNANCE LEADER, ASIA
Bespoke solutions risk becoming outdated, underfunded, or incompatible with emerging technologies.
For Māori, futureproofing ensures that our taonga remain accessible for future generations. However, Bespoke Māori data solutions may be less technically advanced than hyperscale clouds, but they provide maximum sovereignty, cultural alignment, and independence, resisting digital colonialism and ensuring Māori control of taonga for generations.
Bespoke solutions usually provide only storage while hyperscale platforms integrate:
- AI/ML pipelines (e.g., custom Māori language models).
- Analytics tools for large-scale data processing.
- Cloud-native services for archiving, retrieval, and digital preservation.
It maybe that bespoke data hosting is suitable for some, but likely not for larger organisations and corporate structures. For mana motuhake and tino rangatiratanga, each Māori organisation will need to weigh up what degree of Māori Data Sovereignty they want and how much long term security they want after careful considerations of Tapu/Noa and Rāhui Māori Data.