Digital Sovereignty and Cloud Resilience: What Lessons for Africa and the Global South

The new architecture of world power illustrates the unequal exchange theorized by Arghiri Emmanuel and extended by Moroccan economist late Aziz Belal; in fact, yesterday, the South exported raw materials and imported manufactured products, today it provides raw data while digital added value is captured by the dominant centers. The cloud giants (Amazon, Microsoft, Google) concentrate more than 60% of the market, and Africa, which represents 17% of the world’s population, has only 2% of the world’s storage capacity. African data circulates, is processed and governed elsewhere, reproducing structural dependence in an intangible form. In this context, digital nationalism becomes a historic emergency for the South: it is about breaking the unequal digital exchange, regaining control of data, building local ecosystems and transforming vulnerability into collective power.

The Fourth Industrial Revolution, which Nir Kshetri describes as an opportunity for a qualitative leap for marginalized populations, can only be inclusive if it is accompanied by digital sovereignty capable of converting dependence into autonomy and making the digital revolution an instrument of social justice rather than a new tool of domination.

Nir Kshetri, in “The Fourth Revolution and the Bottom Four Billion”, demonstrated that the fourth industrial revolution (artificial intelligence, blockchain, Internet of Things, big data) could offer marginalized populations a qualitative leap comparable to that of mobile banking, crowd funding and even I would say Star Link, which has made it possible to democratize high-tech tools and solutions.

Hubs and their satellites: how the new world works

The digital world is not flat; It is also organized into “hub” centers and satellite peripheries. To understand this geo-economic news, we must scrutinize the cartography of this digital galaxy and the links of unequal exchange and dependence on hubs, servers, satellite manufacturers and those who control the sources of submarine cables that can suffocate us one day in the event of a breach of contracts or other causes, as was the case in West Africa when Moroccan telecom companies were the only ones to have ensured the continuity of internet service.

Northern Virginia, in the United States, is the brains of the global network. Dublin and Frankfurt filter European and African data. Singapore dominates Southeast Asia. Johannesburg, Nairobi and Accra are trying to emerge as African hubs, but still remain satellites on a global scale.

These hubs are not just technical centres: they are chokes, crossing points that can turn into bottlenecks for the countries that depend on them. The data that passes through it is subject to the laws of the host country, its alliances, and its diplomatic priorities. Countries that do not host a hub are, by default, passive consumers. They export their raw data and import finished services, replicating the old center-edge pattern.

A crucial point: connectivity is not sovereignty. A country may have impeccable high speed internet connection and 4G or 5G coverage but remains digitally vulnerable if its critical data resides outside its legal borders. Having access to the Internet does not mean controlling the Internet.

How do we measure digital vulnerability?

In order to respond to this question, we have built a proto tool to measure the digital vulnerability, a kind of barometer of digital dependency named the CCRI “Cloud Coercion Resilience Index”; a score close to 100 means a critical vulnerability; below 30, real resilience. Most countries in the Global South score somewhere in the anxious middle zone.

This analysis is based on the Cloud Coercion Resilience Index (CCRI), which was calibrated to 30 countries at the outset using ordinary least squares (OLS) regression for the period 2025-2026. The model explains 87% of the variance in cloud coercion risk and 74% of vulnerability to cyberattacks (adjusted R²). Data sources include the ITU Global Cybersecurity Index (2025 edition), available and online national cybersecurity reports, data from the World Bank, the OECD, and incident reports from various countries.

The model is based on four explanatory factors of Cloud vulnerability and Cyber attacks vulnerability (two dependent variables):

1. The first factor is the Cloud Sovereignty Index (CSI). Does a country really control its own cloud infrastructure, or does it lease its sovereignty to a foreign company such as a sharecropper? The higher the score, the more difficult it is for an external provider to cut off access or impose conditions. The CSI is a weighted composite: data center ownership (40%), data localization laws (30%), regulatory oversight (20%), and emergency continuity plans (10%).
2. Second factor: the Cloud Allegiance Index (CAI). Diversification isn’t just good business — it’s a matter of survival. Relying on only one tech giant, American or Chinese, is a structural weakness. Spreading contracts across multiple suppliers reduces the risk of strangulation when geopolitical winds change. The CAI measures: supplier diversification (Herfindahl-Hirschman index, 40%), mutual legal assistance treaties (30%), data transfer adequacy decisions (20%) and sovereign cloud provisioning preferences (10%).
3. Third factor: the Misalignment Index (MI); a combination of F1 and F2. This is the political blind spot, the gap between what a country thinks it controls and what it actually controls. A high MI means that you are living in a fantasy of sovereignty while your critical infrastructure rests in someone else’s data center. It’s the digital equivalent of thinking you own your home when you’ve actually given up title to it.
4. Fourth factor: Cyber Education (Cyber_Edu). The best laws and infrastructure are useless if officials click on phishing links and small businesses leave their servers wide open. Human preparedness is the last line of defense or the first point of failure. Cyber_Edu is a composite index: primary cyber curriculum (25%), secondary curriculum (25%), vocational certification rate (25%) and reach of public awareness campaigns (25%).

The logic is simple but very revealing: the more sovereign a country is, the less vulnerable it is. The more captive it is to non-diversified suppliers, the more exposed it is. Cyber education protects, but only if a minimum infrastructure already exists. No lever works alone but in symbiosis.

What does the empirical analysis reveal?

The coefficients reveal the marginal effects of each predictor:

• Digital sovereignty (DSS) is your best shield: every point you earn reduces cloud vulnerability by half.
• Misalignment (MI) is a risk multiplier: beyond a certain threshold, it automatically adds 8 to 18 points of vulnerability.
• The geopolitical context matters: in areas at risk, sovereignty protects twice as much – an argument for investing even in times of instability.
• Cyber education is not a magic solution: it only works fully if the country has already built a technical control base (CSI > 55). Otherwise, it is training soldiers without giving them weapons.

In other words, digital sovereignty would be the best shield. Each 10-point gain in CSI reduces the risk of cloud coercion by 6.5 points and vulnerability to cyberattacks by 5.1 points.

But misalignment is a silent killer. Each 10-point increase in IM increases the risk of coercion by 5.5 points and the vulnerability to attacks by 3.8 points. Above a certain threshold, misalignment automatically adds 8 to 18 points of vulnerability.

Cyber education only works if the foundations are solid. Training citizens and officials reduces attacks, but only if the sovereignty index already exceeds 55. Otherwise, you arm soldiers without giving them weapons, you teach them to fight with sticks against drones.

The context amplifies everything. In conflict zones and unstable regions, internal sovereignty protects twice as much. Investing in digital infrastructure during geopolitical instability is a guarantee against slippage.

The conclusion that digital education has the same protective weight as CSI digital sovereignty (both 0.38 in absolute value) is particularly significant for public policy: improving cyber education is as impactful as building sovereign infrastructures to reduce cyber vulnerability, and can be implemented faster and at a lower cost.

Empirical country profiling

The application of the model on a global scale reveals five profiles. They draw the map of digital dependence.

• Digital Fortresses (Digital Sovereigns)

They are at the top. Their vulnerability scores are remarkably low. Their secret is not size – Estonia, Finland and Singapore do much more than their weight – but anticipation, pooling and proactive regulation. They saw it coming and built walls before the barbarians arrived.

The United States and China, with their significant geoeconomic power, are not subject to cloud coercion; they wield it like a weapon. Their risk is not being cut off, it’s technological decoupling – a digital cold war that forces everyone else to choose sides.

They are most of the pragmatic emerging economies; They have abandoned the utopia of total self-sufficiency and are instead playing a game of strategic diversification and diplomatic multi-alignment hoping to gain advantages from all sides.

They outperform their regional peers but pay a high price for their autonomy. Their technical isolation increases maintenance costs and weakens collective resilience. They are self-sufficient but vulnerable.

More than a hundred countries, many in conflict or under sanctions or rebuilding after a collapse, see digital sovereignty as a luxury they cannot afford.

Morocco: a model at the heart of the Balancing Walkers

Morocco perfectly embodies the category of tightrope walkers. With a cloud vulnerability of 45 (28th in the world), it is the most resilient country in North Africa to the risk of cloud outages. However, its Cyberattack index of 53 (32nd place) is more worrying: the country is more vulnerable to intrusions than to coercion, an imbalance that reveals a structural flaw.

The figures are a reminder of the road that remains to be travelled: “879” cyberattacks in 2025, 2.1 million Moroccan credentials on the dark web, a cloud market entirely dominated by foreign providers. The Digital Sovereignty Index of 48 signals a relatively strong base but halfway to full resilience. The MI 36 reveals a moderate but real misalignment: the country still depends too much on foreign giants without sufficient local safety nets. Cyber education is at 48 shows the frequent paradox: advanced texts, but an administration and a population that is still poorly trained and aware of daily threats.

Morocco’s relative strength is the CAI (15th), indicating an effective diversification of cloud providers. However, this advantage is undermined by a weak Cyber_Edu (21′), an insufficient CSI (20′) and a moderate MI (18′). The composite rank (average of ranks V_cloud and C_attack) places Morocco in 19th position overall, in the “hybrid strategist in development” category.

Morocco currently performs similarly to Brazil and India, but lags behind the United Arab Emirates in cyber education. The 2030 target would put Morocco ahead of all current developing hybrid peers.

Morocco’s flagships of digital sovereignty

If we put aside the Mohammed VI geostationary satellites, three flagship projects could completely change the game for the Kingdom of Morocco and Africa.

• Sovereignty through Calculation: Toubkal. A supercomputer delivering 3.15 petaflops of processing power. It is not a prestige project; It allows, among other things, climate modeling for precision agriculture and genomic analysis for sovereign medicine that safeguards sensitive data within national borders.
• Green Sovereignty: The concept of “Data Processing Near Energy Source” deploys data centers in Dakhla and Tetouan powered by Moroccan solar and wind energy. It attracts cloud giants with clean energy while keeping their servers under Moroccan jurisdiction.
• The AlJazari Project: Launched in 2026 and named after the medieval Muslim polymath, Al-Jazari builds indigenous AI models in Arabic and Amazigh. It is not just a question of linguistic preservation. This is to protect cultural identity from biases embedded in Western or Chinese AI systems.

The results of the 2026 CCRI for Morocco are neither alarmist nor reassuring; it has authentic assets; a balanced portfolio of alliances (CAI 15e), a world-class supercomputer (Toubkal), a pioneering green data center strategy (EcoDar), and a recently launched local AI project (Al-Jazari). However, these assets are undermined by weak cyber education and insufficient sovereignty. The vulnerability observed to cyberattacks requires immediate emergency measures (intrusion into government sites including the CNSS).

Yet, the same model that diagnoses the problem also traces the solution. Reducing misalignment (MI) and investing in the human firewall (Cyber_Edu) are not additional options; These are the fastest and most cost-effective levers available.

With the full deployment of Toubkal, EcoDar and Al-Jazari as integrated pillars, Morocco could move from a developing hybrid strategist to an advanced hybrid strategist transforming digital dependence from a structural weakness into a strategic advantage.

Towards a collective digital autonomy: “Alone we go fast, together we go further”

There is an African proverb that says: “Alone we can go fast, together we can go further.”

Indeed, no country in the Global South will be able to win the battle for digital sovereignty alone. The figures are stubborn and ruthless; a shared data center can reduce operating costs by 40% according to a 2008 Fujitsu study, which is certainly old but illustrates the interest of pooling. In cyber defence, NATO’s Locked Shields exercise has grown from 4 countries in 2010 to 41 today, proving that cooperation accelerates learning. A computer emergency response team (CERT) that exchanges intelligence with its neighbours identifies threats much earlier than an isolated team, as confirmed by the French National Agency for the Security of Information Systems and NATO. Regional cloud infrastructures reduce dependence on American giants. Finally, harmonized laws such as the European General Data Protection Regulation offer collective bargaining leverage that no country could bring together alone. The lesson is clear: in digital sovereignty, no one wins alone.

India has understood this with its India Stack, a set of open Application Programming Interfaces and public digital infrastructures that allows countries to build sovereign digital services without reinventing the wheel.

Brazil learned this with Pix, its instant payment system that broke the grip of the private card networks – Visa and Mastercard – by pooling public trust and creating a shared utility to free itself from their duopoly. As early as 2010, the Moroccan company HPS (Hightech Payment Systems MADA Group) equipped the Brazilian partner Embratec with its PowerCARD solution, proving that the South-South know-how in terms of electronic payment sovereignty existed long before the subject became a global priority.

The African Union, for its part, is advancing a continental data governance framework to prevent each member state from adopting isolated regulations that have no weight in the face of foreign giants. ASEAN is also harmonizing its digital regulations, aware that alignment between neighbors multiplies the influence of each one. Everywhere, the lesson is the same: we are stronger, faster and less vulnerable when we build together than when we exhaust ourselves alone, and Morocco, with HPS, is already making its contribution to this edifice.

These initiatives are not anti-globalist, they are pro-equitable because they do not seek a break but a better positioning in globalization and the new industrial revolution 4.0.

Ultimately, the salvation of the countries of the Global South would go through three essential steps: the national audit of digital dependence, particularly Cloud, “FDI” investment (Infrastructure, Diversification, Education) and pragmatic South-South cooperation through an international coalition (Public and Private) inspired by the Bandung Conference of 1955 (De Freitas, Mr. V Bandoeng Digital PCNS) aimed at bringing together Afro-Asian countries to build a New International Digital Order,  multipolar in its structure, equitable in the distribution of costs and benefits and freed from the monopoly of data.

Glossary of Terms

• Cloud Allegiance Index (CAI) Cloud provider diversification and strength of technology alliances (0–100).
• CCRI (Cloud & Cyber Vulnerability Index) A composite index measuring national vulnerability to cloud coercion and cyberattacks.
• C_attackVulnérabilité cyberattacks (ransomware, phishing, sabotage); A high score is worse.
• Cloud Sovereignty Index (CSI) The degree of internal control over cloud infrastructure and data (0–100).
• National Cyber Security Education, Training and Awareness Cyber_EduNiveau (0–100).
• Hybrid strategistA country in transition with developing sovereignty, accepting a moderate risk to growth.
• MI (Misalignment Index) Gap between internal sovereignty and external alliances: CSI – (100 – CAI)
• Platform BuilderCountries with global cloud infrastructure (e.g. US, China); The risk is decoupling.
• Numerical SovereignCSI High (>70), MI Low, Cyber_Edu High; minimal external dependence.
• V_cloudVulnérabilité cloud coercion (suspension of service by a provider); A high score is worse.

References

1. ITU. (2025). “Global Cybersecurity Index 2025”. International Telecommunication Union, Geneva.
2. World Bank. (2025). “Digital Adoption Indicators 2025”. World Bank Group, Washington, DC.
3. De Freitas, M. V. (2025, October). Digital Sovereignty and Data Colonialism: Shaping a Just Digital Order for the Global South (Policy Paper No. 38/25). Policy Center for the New South.
4. OECD. (2025). “Going Digital Toolkit: Country Profiles”. Organisation for Economic Co-operation and Development, Paris.
5. Kshetri, N. (2022). “Data colonialism and the global digital economy”. Journal of International Business Policy, 5(3), 312–329.
6. Couture, S., & Toupin, S. (2019). “What does the concept of ‘sovereignty’ mean in digital, network, and technological contexts?” Global Policy, 10(4), 546–555.
7. Pohle, J., & Thiel, T. (2020). “Digital Sovereignty: A Conceptual Analysis”. Internet Policy Review, 9(4), 1–24.
8. UNCTAD. (2025). “Digital Economy Report 2025: Data Centers and Global Power Mismatches.” United Nations Conference on Trade and Development, Geneva.
9. African Union. (2024). “Convention on Cybersecurity and the Protection of Personal Data (Malabo Convention)”. African Union, Addis Ababa.