Knowledge base

September 07, 2025

Data sovereignty – Opportunities & Impact of the EU Data Act

 

The EU Data Act has become a reality in the Netherlands. Minister Micky Adriaansens (EZK) recently finalized the implementation legislation, which gives organizations more control over their operational data and makes it easier to switch between cloud providers. For Dutch SMEs, this means a unique opportunity for data-driven growth, without dependence on large platform giants.

At the same time, we see European players strengthening their positions. Microsoft is introducing new data sovereign cloud models, while SAP promises to promote technological independence. The choices Dutch companies make now will determine their digital autonomy in the coming years.

At ALTA-ICT (ISO27001, ISO9001, NEN7510), we guide organizations daily in the transition to data sovereign solutions – from migration to compliance.

Incident Response – Peace of Mind and Control in Data Breaches

What is data sovereignty and why is it important for the Netherlands?

Data sovereignty means that data is always managed within the legal framework of a particular country or region. For the Netherlands, this plays a crucial role by:

  • AVG and EU Data Act obligations around transparency and portability.

  • National security & care: sensitive data should not unnecessarily end up outside the EU.

  • Competitive position: companies gain independence and choice over international cloud giants.

So it is not just about technology, but about strategic autonomy for the Dutch digital economy.

 

The EU Data Act: foundation for data sovereignty

The Data Act, officially in force since Jan . 11, 2024 and applicable from September 2025, is a crucial pillar of Europe’s data strategy. Its goal: fair and secure use of data, with clear rules for who may create value from data and under what conditions.

Key highlights

  • Supplement to the Data Governance Act (2023): where it focuses on voluntary data sharing, the Data Act establishes how data is used fairly.

  • Access to IoT data: users of smart devices will be entitled to the data they generate, allowing them to deploy or share it with third parties.

  • Preventing unfair contract terms: SMEs are protected from disproportionate demands from dominant parties.

  • Public sector access: governments may request data in the public interest, such as in the event of disasters or crises.

  • Switching and interoperability: customers should be able to switch easily between cloud providers, encouraging competition and preventing lock-in.

  • Database Directive Amendment: clarification of database rights, especially relevant to IoT data.

Practical impact

For Dutch companies, this opens doors to:

  • Increased competition and lower costs through choice in cloud services and device repair/maintenance.

  • More efficient operations through access to real-time data for industries such as agriculture, construction and manufacturing.

  • Sustainability: longer use of devices and better use of resources contribute to Green Deal goals.

In short, the Data Act is not a paper reality, but a powerful engine for innovation, new jobs and digital independence in the Netherlands.

 

European developments: SAP invests €20 billion in sovereign cloud

The movement toward data sovereignty is driven not only by legislation such as the EU Data Act, but also by large investments by technology companies. For example, SAP recently announced an investment of more than 20 billion euros in sovereign cloud capabilities in Europe over the next decade.

With this move, SAP expands its offering to include:

  • Infrastructure-as-a-Service (IaaS) through a European data center network

  • On-site solutions where customers can use SAP servers within their own data centers

  • Full EU data storage, keeping sensitive information within European borders

According to Thomas Saueressig, member of SAP’s Board of Directors, “innovation and sovereignty must come together” and Europe must maintain access to the latest technologies, including AI, within a fully sovereign context.

This investment is part of a broader trend in which European and global players – including Microsoft and Amazon – are launching new sovereign cloud initiatives to meet AVG requirements and geopolitical pressures. For Dutch organizations, this means increasing opportunities to combine data sovereignty with innovation without compromising on compliance or security.

 

Implementation in the Netherlands – roadmap

Step 1: Assessment & planning

  • Inventory current cloud and data locations

  • Compliance check according to AVG, NEN7510 and Data Act

Step 2: Design & preparation

  • Choice between Microsoft Public/Private Cloud, national partner clouds or European alternatives

  • Risk analysis of vendor lock-in

Step 3: Migration & implementation

  • Zero-downtime migrations to EU data centers

  • BYOK (Bring Your Own Key) and transparent monitoring

Step 4: Optimization & management

  • Continued Data Act compliance

  • Proactive monitoring and strategic advice

 

Challenges and solutions

Many companies struggle with:

  • Dependence on one supplier

  • Uncertainty about compliance

  • Downtime risks in migration

At ALTA-ICT, we solve this by:
✅ Migration to NL/EU data centers without downtime
✅ Grip on data through BYOK and transparent monitoring
✅ Compliance with AVG, Data Act and NEN standards
✅ Strategic advice on cloud choices

 

ROI and cost-benefit

Moving to data sovereign cloud solutions delivers tangible benefits:

  • Up to 30% lower risk of fines and incidents (AVG/Data Act)

  • Higher continuity through multi-cloud flexibility

  • Future-proofing through compliance and EU regulations

For SMB organizations, this is not only a compliance requirement, but also a business case that supports cost savings as well as growth.

 

ALTA-ICT approach

Our strength:

  • ISO27001, ISO9001, NEN7510 certified

  • Dutch specialization in AVG, NEN, DigiD, healthcare and financial sector

  • Proactive guidance on cloud choices and compliance

  • Measurable results: from zero-downtime migrations to demonstrable ROI

 

FAQ – frequently asked questions

Is my organization required to transition because of the Data Act?
No, but you must meet transparency and portability requirements.

Is Microsoft Cloud still allowed?
Yes, provided that data sovereign models are used within the EU.

What does migration to an EU data center cost?
It depends on workloads and industry, but on average companies see ROI within 12-18 months.

Is data sovereignty also relevant for smaller SMEs?
Absolutely, especially for companies with sensitive data (healthcare, finance, government).

 

Conclusion

The EU Data Act accelerates the movement toward data sovereignty in the Netherlands. For companies, it offers the opportunity to operate stronger, safer and more independent.

👉 Want to know which cloud strategy is the best fit for your organization?
Schedule a free ICT consultation with one of our specialists today: alta-ict.co.uk/free-consultation

 

Reference

¹https://www.linkedin.com/posts/altaict_iso27001-iso9001-nen7510-activity-7369660144596566016-XzQb

²https://digital-strategy.ec.europa.eu/en/policies/data-act

³https://www.cnbc.com/2025/09/02/sap-to-invest-over-20-billion-euros-in-sovereign-cloud-in-europe.html

Want to know more?

Get in touch
Data Soevereiniteit Europa vs Amerka.png

Related
blogs

Data Soevereiniteit Europa vs Amerka
September 07, 2025

Data sovereignty – Opportunities & Impact of the EU Data Act

Read more
ALTA-ICT incident response visual met tekst Wat doe jij als het misgaat
September 07, 2025

Incident Response – Peace of Mind and Control in Data Breaches

Read more
Q4 Cybersecurity Ben jij klaar
September 07, 2025

IT security – How prepared are you for Q4?

Read more
ALTA-ICT visual met schild, bitcoin symbool en phishing hook – Stop cryptojacking
September 07, 2025

Crypto-Mining via Phishing – Stop Cryptojacking with Awareness Training

Read more

Tech Updates: Microsoft 365, Azure, Cybersecurity & AI – Wekelijks in je Mailbox.