Sovereign financial cloud launch prompts UAE firms to rethink cloud and data strategies

Launched by the Central Bank of the UAE (CBUAE) in partnership with cloud provider Core42, the ‘sovereign financial cloud’ is designed to ensure that data sovereignty, cyber resilience and operational agility are embedded directly into the systems used by licensed financial institutions as part of the CBUAE’s broader Financial Infrastructure Transformation (FIT) Programme.

The move reflects a broader shift in regulatory expectations with closer supervisory access, according to experts at Pinsent Masons. As a result, firms should reassess their cloud, data management and outsourcing arrangements.

“The shift toward a sovereign financial cloud will prompt firms to re‑evaluate their entire cloud and outsourcing strategies,” said fintech expert Marie Chowdhry. “Data residency, supervisory access and resilience obligations are becoming increasingly operationalised and standardised, with reduced tolerance for bespoke or contractual workarounds”.

“We expect that as the CBUAE gains the ability to access operational and risk level information more rapidly and consistently through shared digital infrastructure, for UAE banks, insurers and fintechs, this points to tighter supervisory engagement paired with accelerated digital scaling. Institutions will need robust support frameworks to update cloud and outsourcing policies, respond to emerging artificial intelligence (AI) governance standards and ensure all new digital products operate securely inside sovereign‑controlled environments.”
While the CBUAE has long expected sensitive financial data to remain within the UAE or under effective local control, the introduction of a domestically anchored and regulator supervised cloud infrastructure reduces reliance on contractual and policy based assurances, increasing consistency of oversight as part of the UAE’s long term push to modernise its financial infrastructure, she added.

Jessa White, an expert in financial regulation at Pinsent Masons, said: “The sovereign financial cloud should also be viewed as part of a broader market enablement effort under the FIT programme, intended to reduce infrastructure duplication, support AI driven services and lower setup costs for CBUAE licensed financial institutions.”

“Moving services onto a sovereign cloud also raises new governance and accountability questions. This does not replace existing outsourcing accountability, but it does require clearer operational demarcation between institutions, vendors and supervisors during incidents.”
“Firms must establish clear lines of responsibility during outages, clarify liability and standardise how audit trails and system logs are shared with supervisors to maintain transparency.”

“International players operating cross‑border architectures will need to assess how their global cloud models align with sovereign requirements, especially around data localisation, hybrid cloud oversight and AI‑enabled systems.”