Reflecting on digital sovereignty discussions at Navigate 2026

Digital sovereignty emerged as a recurring theme at Navigate 2026, with speakers emphasizing agility, resilience and strategic autonomy.

Contributors:
William Simpson
AIGP, CIPP/US
Westin Fellow
IAPP
Editor's note
In late June, the IAPP and the Berkman Klein Center for Internet & Society at Harvard University convened the Navigate 2026 Digital Policy Leadership Summit in sunny Portsmouth, New Hampshire. Alongside engaging discussions on the future of work and cultivating human attention in the digital age, digital sovereignty emerged as a reoccurring theme throughout the conference.
As the IAPP has reported, digital sovereignty is a moving target for both governments and private companies. It raises distinct questions about whether an entity identifies as a controller or a consumer, its ownership of the AI stack and the regulatory environment in which it operates. It also requires striking a balance between efficiency and resiliency, among many other considerations. But the subject's ambiguity in no way diminishes its significance. As the global economy fluctuates between integration and isolation and stakeholders use technological chokepoints as geopolitical leverage, the importance of preparing and implementing a unique digital sovereignty strategy continues to grow. This conclusion was laid bare by the IAPP's Digital Risk Index 2026, which identified geopolitical factors like fragmented governance norms, nation-state cyberattacks and disruption to cross-border data flows as leading risks for digital technologies now and in the near-term.
Competing policy pathways, holistic regulation
During a keynote session, Kate Charlet, senior director for privacy, safety and security, government affairs and public policy at Google, dialogued with Harvard professor and former National Security Advisor Jake Sullivan and MIT professor and former Chair of the Securities and Exchange Commission Gary Gensler on competing policy approaches for U.S. digital sovereignty. On the one hand, the small yard, high fences approach — i.e., targeted export controls — may serve to secure a superpower's geopolitical advantage over adversaries. On the other, the supply chain may be too integrated and export controls too easy to circumnavigate — through distillation of closed AI models or technology sharing between the private and public sectors, for example — that trade restrictions fail to accomplish their intended goal. In fact, export controls that fail to reflect the nuance of global supply chains may impede allies just as much as enemies.
Irrespective of how superpowers operate, the keynote speakers agreed that the rest of the world will not tolerate an international order of uni- or bipolarity; others will leverage their strengths and fill empty niches. The question for middle powers seeking to ensure that AI reflects domestic values and citizens share in the benefits of digital transformation is how access to the technological frontier is managed without the brute force, capital intensive method deployed by hegemons.
The keynote also concluded that effective regulation will likely involve a broad spectrum of legal and policy instruments: voluntary commitments, global standards, informal and formal rules and collaboration between the public and private sector. Governments simply don't understand the technology well enough to craft rules without input from industry. At the same time, innovation is not inconsistent with safety, as the railroad boom once demonstrated. And perhaps above all else, anyone who is impacted should be at the drawing table.
Operationalizing digital sovereignty
The summit also reflected on how organizations are deeply impacted by digital sovereignty issues. A breakout session including Brian Hengesbaugh, global chair of data and cyber at Baker Mackenzie; Lara Liss, chief privacy and data trust officer at GE Healthcare; Professor Haksoo Ko of the Seoul National University AI Policy Initiative; and Joe Jones, director of research and insights at the IAPP, explored how businesses can operate strategically amid increasingly complex geopolitics. The panel discussed how data flow restrictions can determine whether a company enters a new market, develops a new product or abandons an initiative.
At the mercy of government decisions, the panel remarked that companies need to build the "canals" and "locks" enabling the movement and damming of data at a moment's notice. And that needs to be done from the outset. Moreover, the group proposed an international treaty on government access to data to ensure that cross-border flows can continue unimpeded by disagreement over privacy and civil liberties, though the trans-Atlantic Schrems saga casts such a policy as challenging.
Overall, the panel established that businesses should prioritize agility and optionality. As such, privacy professionals need to be business strategists, anticipating how data flows will affect business realities. Infrastructure buildout is operating in a new sovereignty paradigm in which operations need different plans for different geopolitical outcomes. And as with policy development, all stakeholders should be involved up front and national security experts should be consulted. Moreover, the government relations team within an organization is more important than ever.
Parting thoughts
While the uncertainty of the moment may feel paralyzing, there was also a note of optimism at the Navigate Summit. Throughout the conference, speakers expressed that the politicization of digital governance is a good thing, generating productive conversations on how data and technology can be used to advance humankind in the most responsible manner possible. Public awareness and political will are oftentimes the precursor to meaningful change.
That said, conversations and policy debates can often feel inadequate in a world where geopolitics wait for no one, and business decisions need to be made posthaste. Fortunately, both state and organizational decisions boil down to enhancing agility and optionality while determining what external dependencies remain strategically acceptable.
Realistically, this may result in what one academic has termed "organized hypocrisy": operational practice that differs from aspirational principles. And such a posture should be tolerable, at least until aspirations can be realized. Also, the importance of integrating technical domains like cybersecurity and supply chain logistics into business and leadership action cannot be overstated. No degree of digital sovereignty is achievable without technical and strategic symbiosis. The answers will be different and distinct for every entity, chiefly depending on how critical digital operations can be sustained under duress while day-to-day functions remain relatively efficient.
Indeed, the answers may take some time to discern, but now is the time to start seeking them.

This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
Submit for CPEsContributors:
William Simpson
AIGP, CIPP/US
Westin Fellow
IAPP
Tags:



