Digital sovereignty is often positioned as an end state, something to be achieved through absolute control, strict locality, or isolation from global systems. In practice, this framing oversimplifies a far more complex reality. Sovereignty is not a strategy of absolutes; it is a risk management discipline.
In this session, Mark Anderson will argue that digital sovereignty should be understood as the outcome of deliberate, defensible risk decisions rather than a pursuit of total autonomy. Drawing on real world regulatory, security, and resilience scenarios, the session looks to provoke and challenge traditional thinking.
Participants will explore why no organisation operates with perfect control, security, or resilience, and why attempts to optimise one dimension in isolation often introduce new risks elsewhere. The focus is on how security leaders can move beyond slogans, separate mandated requirements from preferences, and make transparent, accountable decisions that stand up under scrutiny in an era of heightened complexity and change.
