- Lu Heng explains that technical data localisation cannot deliver true data sovereignty without legal and policy frameworks.
- A practical approach to data sovereignty emphasises interoperable legal standards and responsible governance over artificial containment.
“Digital sovereignty is not achieved through isolation or localisation mandates alone — it requires harmonising law, policy, and infrastructure to support secure, lawful, and seamless data flows across borders while upholding accountability.”
——Lu Heng, CEO at Cloud Innovation, CEO at LARUS Ltd, Founder of LARUS Foundation.
Data sovereignty: Technical vs practical realities
In his September 2025 essay “On Data Sovereignty: Technical vs Practical Realities”, Lu Heng, CEO of LARUS Limited and founder of the LARUS Foundation, addresses global debates over data sovereignty and localisation. Heng’s analysis distinguishes the aspirational concepts often invoked in policy discourse from the technical realities of how the internet actually functions.
Heng observes that rhetoric around data sovereignty frequently treats data as if it were territorial property that can be fully controlled through localisation mandates and hard geographical boundaries. In contrast, he contends that the internet’s design— its protocols, cross-border dependencies and seamless routing— fundamentally precludes containment within artificial national borders.
As defined broadly in policy circles, data sovereignty refers to the idea that data generated within a country should be subject to that country’s laws and regulatory frameworks. This ensures local control over access, storage and use of data, typically for reasons related to security and privacy. However, Heng argues that this legal control does not automatically translate into technical control: technology can localise a copy of data or encrypt it, but it cannot by itself enforce sovereign authority across the global internet.
Also Read: Why centralised alternatives fail: The case for a decentralised internet registry
Beyond localisation: Law, policy and infrastructure
For Heng, meaningful data sovereignty arises from a combination of enforceable laws, transparent policies and interoperable infrastructure that respects constitutional frameworks. These elements must work together to enable secure and lawful data flows across borders, rather than attempting to isolate data behind technical barriers that the network cannot sustain.
He emphasises that legal authority — backed by due process and jurisdictional enforcement — matters more than the mere configuration of networks or data storage locations. Policies must recognise the diversity of legal systems, especially across regions such as Asia, where differing notions of privacy and data obligations coexist.
Also Read: Calls grow for a clean break in APNIC governance
Interoperability over isolation
Heng concludes that clinging to rigid notions of technical data containment risks jurisdictional conflict and could inadvertently hamper innovation. Instead, data sovereignty should be viewed as a socio-legal challenge: one that balances accountability with practical governance, and aligns legal authority with the global, interconnected nature of the internet.
