For many organisations in defence, government, and regulated industries, sovereignty has traditionally meant control. Running critical systems on-premise, inside air-gapped environments, with full visibility over where data resides.
But this model is under threat.
Software providers are increasingly retiring on-premise deployments in favour of SaaS-only delivery. What happens when your most important business application can no longer run in your sovereign environment, and your only option is to consume it as a cloud service hosted overseas?
We’ve already seen this shift:
- Skype for Business, once widely used on-premise, was retired in favour of Microsoft Teams – a SaaS platform only available through Microsoft’s cloud.
- Some niche software providers now refuse to support on-premise customers at all, offering only cloud-based versions hosted in the US.
For highly regulated organisations, this presents serious challenges:
- Loss of sovereignty: Critical apps may be hosted outside the UK, raising compliance questions.
- Contract risk: Defence and government contracts often mandate UK-only data handling, making SaaS-only models incompatible.
- Operational dependency: Reliance on a single SaaS vendor increases exposure to outages, latency, and commercial lock-in.
Preparing for the Shift
Over the next 3–5 years, SaaS lock-in will become one of the most pressing sovereignty risks. Now is the time to ask:
- Which of your critical applications might shift to SaaS-only?
- What contractual obligations would that break?
- How can you mitigate the risk — through sovereign hosting, flexible architectures, or alternative providers?
At Nine23, we help organisations facing these challenges with solutions like Platform FLEX – a secure, sovereign hosting environment designed to integrate with regulated services while maintaining compliance.
Image by FreePik
