How Dynatrace supports the evolving sovereignty needs of EU organizations

As digital transformation accelerates across Europe, data sovereignty has become a growing area of focus for public sector entities, financial institutions, telecom providers, and many other organizations operating in the EU. EU organizations are increasingly seeking to maintain control over their data, striving to ensure compliance with regional regulations and address geopolitical risk considerations. While most sectors don't require full sovereign cloud solutions, there is an observable trend toward enhanced data sovereignty, encryption control, and transparency into data flows.

Understanding the drivers of EU sovereignty needs

During discussions with our customers, we noticed several developments that are contributing to the increased emphasis on sovereignty in the EU cloud landscape:

• Regulatory: Regulations such as the General Data Protection Regulation (GDPR), Digital Operational Resilience Act (DORA), NIS2 Directive, and national-level data protection laws require organizations to retain control over data access, processing, and storage.
• Geopolitical: Government agencies and regulated sectors seek to increase security and trust by reducing reliance and dependency on foreign jurisdictions, and by placing increased emphasis on minimizing unauthorized access and ensuring that data remains within their jurisdiction.
• Economic: Organizations aim to future-proof their digital systems by increasing customer trust through transparency, autonomy, and improving operational and business resilience.
• Strategic autonomy: EU initiatives, such as GAIA-X and related national programs, reflect policy interest in greater digital and technological independence.

How Dynatrace currently supports sovereignty requirements

Dynatrace provides capabilities designed to help organizations address sovereignty-related expectations while benefiting from SaaS observability:

• EU hosting: Dynatrace allows customers to select data center regions within the EU when deploying on AWS, Azure, or GCP. This supports data residency requirements.
• Security certifications: Dynatrace aligns with internationally recognized standards, including ISO 27001, SOC 2, and CSA STAR, and supports GDPR compliance. Visit the Dynatrace Trust Center for the full list.
• Compliance and governance capabilities: Role-based access control (RBAC), SSO, SCIM provisioning, sensitive data handling, audit logging support, adherence to organizational security and regulatory practices, and more as described in Dynatrace Documentation.
• Observability-driven sovereignty: With PurePath®, Smartscape®, and other core platform capabilities, Dynatrace provides end-to-end tracing, real-time topology mapping, and further support for data visibility and system behavior.
• All data transfers are governed by EU Standard Contractual Clauses (SCCs) in alignment with GDPR requirements

Looking ahead: Enhancing support for data sovereignty

Dynatrace plans to expand support for sovereignty-focused use cases. Some of the upcoming developments include the release of Bring Your Own Key (BYOK) and Sensitive Data Scanner*.

BYOK is expected to allow customers to manage and retain control over the encryption keys used for securing observability data. This is intended to support:

• Jurisdictional control: Customers can benefit from increased governance by managing their own encryption keys.
• Trust and transparency: Organizations can align with internal data protection policies and sector-specific requirements.

Sensitive Data Scanner adds another level of protection to Dynatrace's existing sensitive data masking capabilities. It monitors Grail for unintentionally ingested sensitive data in logs, allowing customers to validate their masking configuration, quickly identify and respond to inconsistencies, and take precise and targeted corrective action for future data ingestion and sensitive data that has already been ingested, such as adjusting access permissions and retention periods, deleting sensitive data, and updating masking rules to prevent sensitive data types from being stored in the future.

Supporting the public sector and regulated industries

For use cases that require enhanced privacy or offline environments, Dynatrace also offers Dynatrace Managed as an on-premises solution, giving you greater control over operations and data. This alternative can be particularly relevant for highly regulated government entities that require such control.

Dynatrace recognizes that sovereignty requirements vary by sector and region. We're focused on providing secure and flexible observability solutions that support compliance and transparency in accordance with customer and regulatory expectations.

Sovereignty isn't just about where your data lives-it's about who governs it. And Dynatrace can help you govern your data better.

What's next

Share this blog post with your security or compliance teams to help them understand how Dynatrace supports their data and digital sovereignty requirements. (To email this blog post, select the email icon at the top of the page.)

* This blog post contains forward-looking statements. These statements reflect current views and assumptions, but results might differ due to various risks or plan changes.