从主权到控制：加拿大云政策的清晰视角

LAWRENCE ZHANG|APRIL 2026 Canada’s cloud debate is asking the wrong question—control, not domestic ownership or serverlocation, is what determines security and resilience in practice. KEY TAKEAWAYS In cloud systems, control matters more than ownership. What is important is who canaccess systems, under what conditions, and with what constraints. Server location is not sovereignty. Domestic hosting does not prevent foreign legalexposure if providers can still access the data. The real case for stricter cloud requirements is narrow: defence, intelligence, and a smallset of highly sensitive government systems. Security and industrial policy are being conflated. Systems designed for very high control Canada should pursue control by design, not duplication, through procurement rules,customer-held keys, portability, redundancy, and legal safeguards. CONTENTS Key Takeaways ................................................................................................................. 1Introduction ..................................................................................................................... 2From “Sovereignty” to Enforceable Control .......................................................................... 3The Missing Question: Which Systems Need This Level of Control?......................................... 4Security and Industrial Policy Are Different Problems............................................................ 5 INTRODUCTION Canadian governments and institutions depend heavily on digital infrastructure operated by firmssubject to foreign law. For example, under the U.S. CLOUD Act, American authorities cancompel providers under U.S. jurisdiction to produce data regardless of where the provider storesthat data.1The Trump administration’s willingness to use economic leverage against longtime In response, some policymakers want to pursue “sovereign cloud”: domestically owned andoperated infrastructure that does not allow data to leave the country’s borders. The federal sovereign cloud procurement process and growing private-sector investment in Canadian-basedinfrastructure reflect this shift.3For example, one company has pitched its investment as Advocates of the sovereign cloud model often highlight legitimate goals such as protectingsensitive data, ensuring continuity of access to systems, limiting exposure to foreign legal orgeopolitical pressure, improving cybersecurity, reducing industrial dependency, and maximizingdomestic value capture. But sovereignty is a poor vehicle for achieving them. The concept groupstogether several distinct challenges—such as data control, operational resilience, and legal The more useful task is to separate these concerns and ask what determines control in practice.Some issues are legal, including who can compel access and under what safeguards. Others aretechnical and operational, including who holds the keys, who can administer the system, andwhether access is logged and auditable. Others are economic, including where value is created, problems are framed this way, the question is no longer how to replicate infrastructure, but The analysis that follows identifies the prerequisites for enforceable data control and proposes six 1.Targeting real access risks by designing sensitive workloads around how breaches actuallyoccur, not where servers sit. 2.Using procurement to ensure that encryption, access controls, audit rights, and breach 3.Building continuity into critical systems through redundancy and recovery planning. 4.Preserving portability and interoperability to prevent lock-in and maintain users’ ability to 5.Enacting a blocking statute stipulating that compliance with foreign disclosure ordersmust align with Canadian law, and requiring providers to challenge or narrow foreign 6.Reserving the strictest controls for the narrow set of workloads, defence, intelligence, and FROM “SOVEREIGNTY” TO ENFORCEABLE CONTROL The Government of Canada defines digital sovereignty in terms of autonomy over digitalinfrastructure, data, and intellectual property and the ability to make independent decisionsabout digital assets regardless of where the underlying technologies are developed or hosted.5Inpractice, however, that definition folds together several different issues: who can access data, Control over cloud environments is not achieved through any single design choice. It operatesacross several layers, and a gap at any one of them can expose data or undermine resilience. Control over cloud environments is not achieved through any single design choice. It operates acrossseveral layers, and a gap at any one of them can expose data or undermine resilience. Technical control determines whether data and systems can be accessed without authorization.Encryption is essential, but it alone is not enough. What matters is who holds the keys. If theprovider holds them, it can access the data, and technical access creates legal exposure