[Shyaamal11]

Worth separating two things the thread keeps conflating: data residency and data sovereignty are not the same, and the CLOUD Act is the clearest proof. Residency = where data physically sits. Sovereignty = who legally controls it. You can store data on AWS Frankfurt and still have zero sovereignty, the controlling entity is US-domiciled and fully subject to the CLOUD Act. Geographic residency without legal sovereignty is essentially compliance theater. Real sovereignty requires the controlling entity, jurisdiction, and infrastructure layer to sit outside US reach which typically means infrastructure you actually operate, not just "hosted in your region" SaaS.

(Disclosure: I work at IOMETE where we think about this a lot. I am happy to go deeper if useful.)