India is mistaking data localisation for digital sovereignty. It must control the traffic system

India’s digital sovereignty debate is still trapped in a misleading image: the server. For years, the public conversation around digital sovereignty focused on where data physically sits. If Indian data is stored inside India, we assume India is sovereign over it. That assumption made sense in an earlier internet era. It is no longer sufficient in the age of cloud computing and artificial intelligence.

Today, the more important question is not where the server sits, but who controls the command layer governing it. The “command layer” sounds technical, but the idea is simple. It refers to the software and governance systems that decide who can access data, who can update systems, who controls encryption keys, who can shut systems down, and under whose laws these systems ultimately operate.A useful analogy is modern aviation. An airport may physically belong to India, the aircraft may carry Indian passengers, and the pilots may be Indian, but if air traffic control systems and navigation dependencies remain externally governed, operational sovereignty becomes conditional. The same logic increasingly applies to digital infrastructure.

India has built extraordinary digital public infrastructure over the past decade. UPI, Aadhaar, DigiLocker, and other systems have demonstrated that India can build population-scale digital platforms with remarkable efficiency. Emerging economies across the world are studying the India Stack model seriously. But there is a difference between building digital roads and controlling the traffic system beneath them. This distinction matters more in the AI era because the focus of digital sovereignty is increasingly shifting from data to compute. The countries controlling advanced chips, cloud infrastructure, foundational AI models, and large-scale compute capacity will shape not only markets but governance itself.Consider a plausible future scenario. India’s welfare systems, public examinations, healthcare platforms, agricultural advisories, and financial infrastructure increasingly integrate AI systems into governance. The applications may be Indian. The users may be Indian. The data may even sit inside India. But if the compute infrastructure, orchestration systems, foundational models, or encryption keys and governance systems underneath them remain dependent on external providers, India’s operational autonomy becomes fragile during moments of geopolitical stress.The Russia-Ukraine conflict demonstrated that technology infrastructure is no longer neutral plumbing. Payment systems, satellite networks, semiconductor access, cloud services, and digital platforms all became instruments of geopolitical conflict. The United States has repeatedly used export controls and technology restrictions as strategic tools, particularly in semiconductors and AI compute. Europe, despite being closely aligned with the United States, has accelerated sovereign cloud initiatives because it recognises the long-term strategic risks of excessive dependence on externally governed digital infrastructure. This is no longer a fringe nationalist debate. It is becoming mainstream statecraft.