Centre Mulls Sovereign Cloud Mandate For Critical Sectors

The Centre is mulling a mandate requiring companies in critical sectors such as energy, telecommunications, and financial services to run their core digital infrastructure only on ‘Made-in-India’ sovereign cloud systems, amid rising geopolitical tensions and cybersecurity concerns.

The move is aimed at reducing dependence on foreign cloud providers and giving the government tighter control over sensitive data and digital infrastructure, The Indian Express reported, citing officials.

The push gained urgency after Microsoft temporarily blocked cloud services, including Outlook and Teams, for oil refiner Nayara Energy in July 2025 following European Union sanctions linked to its Russian shareholder, Rosneft. 

The incident raised concerns within policy circles over the risks of relying heavily on foreign-owned digital infrastructure and the need to build resilience against such disruptions.

“The Nayara block was a wake-up call. A major concern was that a foreign company could cut off access to one of our companies’ core digital infrastructure and bring its operations to a standstill. We do not like that level of dependency on a foreign company,” a senior government official was quoted as saying. 

At the same time, the official acknowledged that India currently lacks domestic cloud systems that can match global providers. The official noted that domestic cloud infrastructure is not yet strong enough to rival US-based providers, which is why companies naturally prefer the more reliable option. The official added that there needs to be a stronger push to build competitive sovereign cloud systems within India.

The Nayara case highlighted how critical operations of Indian companies could be disrupted due to foreign sanctions, even when India had not imposed such restrictions. Microsoft’s automated compliance system cut off Nayara’s employees from core business tools and data despite valid, paid-up licences. Nayara argued that Microsoft acted unilaterally without prior notice and moved the Delhi High Court seeking immediate restoration of services.

Following the legal challenge and government intervention, Microsoft restored services. Later, the company told the Centre that the outage was caused by an automated “legacy” sanctions compliance system that defaulted to enforcing EU compliance globally.

Acknowledging the flaw in its earlier process, Microsoft said its automated system had “presumed” a jurisdictional nexus with the European Union due to the historically global nature of its operations. 

In a bid to reduce dependence on foreign technology providers and address cybersecurity and national security concerns, the central government recently also implemented a de facto ban on major Chinese CCTV brands such as Hikvision and Dahua by making STQC certification mandatory for all surveillance equipment, effectively blocking devices containing Chinese-origin chipsets or firmware due to fears of backdoor access and data leakage to foreign servers.

The post Centre Mulls Sovereign Cloud Mandate For Critical Sectors appeared first on Inc42 Media.