By Oliver Kohll
Introduction:
In my experience, trust has always been one of the biggest challenges in the IT industry.
For decades, organisations have invested enormous sums into digital transformation projects with mixed results. Anyone who has worked in enterprise technology long enough will remember the recurring findings from the Standish Group reports: a strikingly low percentage of IT projects delivered on time, on budget, and with the outcomes businesses originally expected.
But I found the root problem was rarely technology alone. More often, it was a trust gap between commercial teams and technical delivery teams.
Businesses struggled to articulate their needs in technical terms and developers interpreted requirements differently. Systems became increasingly complex and inaccessible to the people who depended on them day to day and over time, organisations lost visibility and ownership over their own operational processes.
That disconnect was one of the driving forces behind the creation of Agilebase.
We believed businesses needed more direct control over their systems. No-code technology emerged as a practical way to bridge the divide between operational teams and software delivery. Instead of relying entirely on lengthy development cycles and translation layers between departments, businesses could build, adapt and evolve applications much closer to the point of need.
I’ve observed that now, that same issue of trust is re-emerging in a new form: data sovereignty.
What is meant by data sovereignty?
As described by Google’s, Gemini, Data Sovereignty is:
“the principle that digital information is subject to the laws and governance structures of the country in which it is collected or stored. It ensures that nations maintain control over their citizens’ data, which dictates how it must be protected, accessed, and regulate”
But as we have seen, trust in international agreements can change quickly. Rules evolve and political relationships shift. What is permitted today may be challenged tomorrow.
Today, I am finding more and more organisations are asking questions deeper than simply “Does this software work?” And asking:
– Where is our data physically stored?
– Who owns the infrastructure?
– Which legal jurisdictions apply?
– Could foreign governments gain access to our information?
– What happens if geopolitical relationships change?
Governments, financial institutions, manufacturers and legal organisations increasingly recognise that data security is not only about cybersecurity or GDPR compliance. It is about political risk, legal control and long-term resilience.
In particular, public sector organisations are now examining whether critical systems should rely so heavily on infrastructure owned by overseas corporations: https://www.techspot.com/news/112362-europe-may-restrict-microsoft-amazon-google-handling-sensitive.html
And personally, I have experienced things like food manufacturers wanting to protect their recipes or production methods. They are reasonably questioning whether sensitive intellectual property should be processed by third-party AI systems hosted outside their jurisdiction.
But when the likes of Google and Microsoft dominate the market (and store data all around the globe) – who else is there to trust?
trust should not simply be outsourced to brand recognition
For us, trust should not simply be outsourced to brand recognition, and many organisations continue to choose large technology providers because they felt like the safest option professionally. Large brands created perceived security. But true trust should come from transparency, due diligence and operational integrity — not simply market dominance.
Summary
Ultimately, data sovereignty is becoming part of a much broader conversation about digital independence. At Agilebase, we have taken a deliberately cautious and forward-looking approach
Our infrastructure is hosted physically within the UK, in London and Manchester. More importantly, we are actively moving toward infrastructure that is not just geographically local but also owned and operated by UK-based entities wherever possible.
Our supplier approval processes extend beyond technical capability. We examine how vendors handle data, whether their commercial models depend on monetising customer information, and whether their governance structures align with the expectations our customers place on us.
The same thinking applies to AI. When integrating AI capabilities into Agilebase, we deliberately selected Mistral AI, a European provider headquartered in France. This allows us to align more closely with GDPR and the EU AI Act while keeping customer data within European regulatory frameworks.
For us, taking responsibility for the security and independence of our customers’ data creates a trusted foundation — giving organisations the confidence to embrace transformative technologies like AI, without compromising control or increasing risk.
Data sovereignty is not only about where servers sit. It is about who ultimately controls access, governance and legal authority over those systems.