Data sovereignty regulations in APAC are forcing a shift away from global-first IT strategies
We’re seeing a direct challenge to the idea of global uniformity in enterprise IT. In the Asia-Pacific region, regulatory change isn’t slowing down. Countries like India and Vietnam are setting hard lines with local data laws. India’s Digital Personal Data Protection Act mandates domestic storage of personal data. Vietnam’s Personal Data Protection Law, effective January 1, 2026, does something similar. That’s not a minor adjustment. It means companies can’t run global infrastructure the way they used to.
If your current cloud strategy assumes seamless data movement across borders, it won’t hold up much longer. Enterprise tech leaders need to stop thinking in terms of “one cloud to rule them all.” Instead, think in terms of market-specific systems. In APAC, the rise of digital sovereignty means companies have two choices: adapt infrastructure to local rules, or lose access, and that means market share and revenue. Make this a boardroom topic, not an IT footnote.
Hybrid infrastructure is the new baseline. You have to break global architectures into regional or national deployments that obey in-country requirements. This isn’t just a compliance issue; it’s a market access issue. If your data flows don’t meet regulatory expectations, you won’t just face fines, you’ll lose the ability to operate in those markets at all.
Tech leaders who recognize this early have an edge. They can streamline investments and future-proof operations by aligning architecture with both global standards and local constraints. The approach must be both decentralized and scalable. Build once, adapt everywhere.
Eric Wong, President of APAC at Expereo, explains it well: “In 2026, regulatory break-up will hinder global-first transformation projects… digital sovereignty will continue to impact enterprise’s infrastructure strategy on a global scale.”
Make data sovereignty a design principle.
Heightened security pressures have elevated resilience to a boardroom-level priority
Security isn’t just the CISO’s responsibility anymore. It’s become a direct mandate for CEOs and the rest of the executive team. The reason is straightforward: the nature of cyber threats has changed. Attacks are more targeted, more strategic, and more personal. Cybercriminals are going after top-level executives, your devices, your accounts, your credentials. They’re bypassing technical systems by exploiting people. In 2024 and beyond, leadership is both the target and the line of defense.
There’s no room left for reactive strategies. Companies operating with the old defense-first mindset, build walls, lock systems, wait for alerts, are already behind. Resilience now requires integration across the entire business stack. That means security planning needs to be embedded into every product decision, every hiring plan, every infrastructure rollout. It must be treated the same way you’d treat risk to revenue or operational continuity: as a constant.
This demands a culture shift. Companies that prioritize prevention over response will reduce both reputational damage and exposure to financial loss. And make no mistake, vulnerabilities cost you more than just downtime. They damage trust with customers, investors, and partners. Once that trust erodes, rebuilding is slow and expensive.
Ben Elms, CEO of Expereo, nailed this when he said: “CEOs can no longer delegate responsibility… they must embed digital security into every decision.” That statement isn’t about philosophy, it’s about consequence. If the CEO doesn’t lead on security, the impact is felt across the entire business, fast.
Resilience is now a key performance indicator. Boards expect it. Investors value it. And your customers demand it. You can’t wait for incidents to reveal structural weakness. Build for defense and assume the threat landscape will keep evolving. It will.
Network-as-a-Service (NaaS) is emerging as a strategic enabler
Enterprise networks aren’t fixed assets anymore, they should be designed for movement, scale, and speed. That’s what NaaS delivers. It replaces heavy, capex-driven network infrastructure with a flexible, subscription-based model. You pay for what you use, scale when you need, and integrate across systems as they evolve. This isn’t just a shift in how networking is delivered, it’s a shift in the entire IT operating model.
Your teams don’t need to spend time configuring hardware in static data centers. With NaaS, your infrastructure adjusts to demand in real time. As more workloads move to the cloud, and hybrid work becomes standard, this level of responsiveness becomes essential. Supporting global operations through a static network just doesn’t hold up against modern demand curves, especially with AI workloads, remote collaboration tools, and data-intensive applications becoming mainstream.
This model gives CIOs and CTOs room to focus on experience and policy instead of infrastructure maintenance. Whether it’s deploying secure connections for new sites or integrating new service layers, NaaS eliminates weeks of procurement and engineering work. It’s faster, lighter, and built for the state of where business is going, not where it’s been.
Julian Skeels, Chief Digital Officer at Expereo, made the point clearly: “NaaS will no longer be a niche concept, it will be a cornerstone of enterprise connectivity strategies.” He’s right, and the shift is already underway. Organizations that adopt NaaS ahead of the curve will achieve faster rollout times, better visibility, and the ability to pivot infrastructure strategy in sync with business priorities.
This isn’t just about minimizing cost. It’s about modernization at pace and scale. The faster your company moves, the more critical network flexibility becomes. NaaS is what makes that possible now.
Reliable network connectivity is now recognized as a critical strategic asset
Connectivity is no longer a background service. It’s a core business function that directly affects resilience, competitiveness, and financial performance. If your network fails, your business halts, transactions stop, communications break, operations stall. For enterprises reliant on cloud-first platforms, AI workflows, and global teams, even brief outages now carry real financial and reputational consequences.
This shift means the network has to be treated as a strategic priority, not simply an IT responsibility. Boards and executives must understand that weak or outdated infrastructure isn’t just inefficient, it puts the entire enterprise at risk. We’ve already seen companies suffer massive market value losses from poorly managed outages. These incidents have exposed a clear gap between operational expectations and the actual resilience of digital infrastructure.
As we move into 2026, connectivity performance will be directly tied to investor confidence, customer retention, and leadership credibility. Business leaders have to ensure that networks support scalable, secure, and always-on service delivery, even during traffic spikes, system upgrades, or geographic expansions. Anything less creates unnecessary vulnerability.
Jean-Philippe Avelange, CIO of Expereo, highlighted the gravity of the situation: “A single outage could wipe out billions in market value.” That scenario is no longer hypothetical. The financial and operational risks tied to network failure are real, immediate, and growing.
If you lead a global business, your decisions about infrastructure resilience must be forward-looking and proactive. Evaluate redundancy, diversify providers, invest in performance visibility, and ensure uptime as a non-negotiable standard. Your network isn’t just pipelines and routers, it’s the backbone of how your enterprise executes. From the boardroom to engineering, this must be understood and prioritized.
Key highlights
- Data sovereignty demands local-first infrastructure: Executives should re-architect IT strategies to support jurisdiction-specific regulations, particularly in APAC markets where in-country data laws are tightening. Non-compliance will directly impact market access and revenue.
- Security is now a CEO-level responsibility: Leaders must embed cybersecurity into every decision layer as attackers increasingly bypass systems by targeting executives. Delegating security is no longer viable in a high-risk, high-consequence environment.
- NaaS is moving from optional to essential: Enterprises should accelerate adoption of Network-as-a-Service models to increase agility, reduce capital costs, and support global-scale hybrid operations. This shift enables faster rollout of cloud-native, AI-driven platforms.
- Connectivity defines business resilience: C-suite leaders must treat high-availability connectivity as a strategic asset, not just an IT issue. Ensuring robust network infrastructure is critical for protecting enterprise value and maintaining operational continuity.
