Versa, a global leader in unified security and networking, announced on 26th February, the general availability of Sovereign SASE-as-a-Service, reportedly the world’s first fully cloud-delivered SaaS offering in which the data, control, and management planes operate entirely within a region’s legal jurisdiction.
Digital sovereignty has moved from a compliance consideration to a board-level decision. Across Europe and other regions, governments are asserting stronger authority over data residency and protection. The European Union’s GDPR, NIS2, and DORA frameworks are tightening enforcement standards, and data residency alone is no longer sufficient.
Most SASE offerings fall short of true sovereignty
While vendors may operate a local POP (point of presence) within a country, user traffic is often forwarded to security gateways in other regions for content and threat inspection. Others perform localized inspection in a limited set of countries yet maintain operational control and management outside the jurisdiction where the data is processed, creating a critical sovereignty gap.
As a result, when users connect to the internet or private applications, traffic may be routed—or “hairpinned”—outside the country for inspection, and user metadata may be logged outside the country. True operational sovereignty requires far more than simply localizing the gateway and placing gateways on customer premises does not close the gap.
Versa pioneered sovereign SASE and has delivered these capabilities in production for years, partnering with service providers worldwide to help them build and operate sovereign SASE services for their customers. Swisscom, for example, recently launched its beem service in Switzerland on Versa’s sovereign architecture, the first carrier-grade sovereign SASE deployment at national scale.
“Many enterprises invested in sovereign cloud strategies, only to discover that secure access to their applications and data was still governed outside their jurisdiction,” said Kelly Ahuja, chief executive officer of Versa. “Deploying a cloud SASE provider’s appliance on customer premises does not make a solution sovereign. True sovereignty requires clarity on where access is secured, where policy is enforced, and who governs data while it is in motion.”
Sovereign SASE-as-a-Service: Enterprise-Grade Sovereignty, Now Accessible
Until now, building and operating a sovereign SASE infrastructure was limited to organizations with extensive resources and specialized expertise. With Sovereign SASE-as-a-Service, enterprises of all sizes can now consume fully managed, jurisdictionally compliant security and networking without building or operating the infrastructure themselves.
Versa’s Sovereign SASE-as-a-Service offering in Germany and the DACH region includes:
- Full-stack architectural sovereignty: Data plane, control plane, management plane, and logging operating entirely on EU-hosted and controlled infrastructure, independent of Versa’s global cloud infrastructure.
- EU-governed jurisdiction: Contracted through Versa Networks B.V., a Netherlands-based legal entity, with EU-governed operations, localized data processing, and support.
- Cloud-simplicity: Fully managed SaaS-style consumption without requiring customers to build, staff, or operate sovereign infrastructure.
Sovereign Cloud Is Necessary – But Not Sufficient
Sovereign cloud initiatives from hyperscalers address where applications reside and data is stored, but not where data is inspected, routed, logged, and protected in motion. Versa Sovereign SASE complements sovereign cloud initiatives, extending sovereignty beyond storage and enforcing Zero Trust policies and traffic inspection entirely within sovereign boundaries.
Jim Frey, principal analyst, enterprise networking, at Omdia, said: “Delivering sovereign SASE as a managed service represents a structural shift in the market. Until now, sovereign architectures were largely limited to national operators or organisations with the resources to build and operate their own infrastructure. A managed model lowers the barrier for regulated enterprises that require jurisdictional alignment without taking on that operational burden.”
Dario Maisto, senior analyst, Forrester Research, added: “Once a blurred compliance and privacy-related discussion for techies, digital sovereignty is now a top risk management concern across the board.” (The State of Digital Sovereignty in Public Cloud, 2026).
“Organizations across Europe are increasingly concerned about overdependence on hyperscalers for infrastructure, AI, and data services.” (The State of Cloud in Europe, 2026).
Boris Wetzel, Managing Director & Founder, Germany-based IT security managed services provider, Choin, said: “Many of our enterprise customers are looking for the SASE capabilities they trust but delivered in a way that meets strict EU sovereignty and GDPR requirements. Versa’s Sovereign SASE-as-a-Service approach allows us to address those needs without changing the underlying platform or operating model, which is exactly what the market is asking for.”
