Data Resilience in 2026: The Growing Geopolitical Risk to Digital Infrastructure

Two recent events – the AWS service disruption in the UAE and Bahrain and the political pressure on AI provider Anthropic by the US Government – pose new questions about what data resilience means in practice today. Organisations increasingly reliant on cloud services, AI tools, and global technology providers must now consider risks that extend far beyond traditional information security.

Taken together, these developments illustrate a key shift: data resilience is no longer only a technical or cybersecurity issue. It is shaped by geopolitics, regulatory complexity, and supply chain dependencies that underpin modern digital infrastructure.

Data Resilience and Risk Management: Why It Matters

Data resilience – the ability to maintain the availability, integrity and security of data – sits at the heart of modern business continuity and compliance. A data breach or loss can kneecap operations and result in major financial penalties or reputational damage.

Data protection regulations that blossomed since the introduction of GDPR have added complex regulatory dimensions to data resilience. AI’s rapid emergence in everyday business practices has also necessitated new technical controls and governance requirements that are evolving at speed.

In this context, data resilience is no longer just a technical challenge — it has become a vital operational and compliance issue at the heart of risk management.

Technical Controls: The Frontline of Data Resilience

Traditionally, data resilience strategies have focused on technical controls and policies, including:

• Data back-ups and redundancy systems
• Cloud security protocols
• Access controls and encryption
• Incident response procedures
• Regular data recovery exercises

These measures remain essential and will continue to grow as new threats and technological advances. However, technical controls alone are no longer enough to have a robust data resilience plan.

Expanding the Scope of Data Resilience: Cyber, Geopolitics, and AI

Rising cyber threats, including more frequent and sophisticated attacks, and the rapid adoption of AI tools are introducing new challenges in how data is processed, stored, and protected.

Geopolitical and regulatory pressures are further expanding the operational scope of data resilience. Organisations must now navigate data localisation, export controls, digital sovereignty, and compliance requirements — all while ensuring continuity in increasingly complex technology environments.

Cloud Configurations and External Risks

Modern digital infrastructure is heavily reliant on a small number of cloud and software providers. Even organisations with strong resilience safeguards may be exposed to disruptions from third-party infrastructure.

Organisations could face disruption if:

• A major cloud provider experiences a regional outage
• Governments restrict the use of specific technology platforms
• Regulatory disputes affect cross-border data transfers
• Political pressure forces technology companies to change service policies

Recent geopolitical developments highlight how these risks can evolve. Tensions between the United States and Europe over the sovereignty of Greenland have re-energised European debates around digital sovereignty and dependence on American technology companies, boosting interest in regional providers such as French AI company Mistral.

At the same time, warnings from several governments about the vulnerability of subsea data cables highlight the physical dimension of digital resilience. Damage or disruption to these critical systems could affect global connectivity and the availability of cloud services.

Technology Providers and Political Pressure

Technology companies themselves are increasingly drawn into political disputes. The Anthropic situation illustrates how tech companies can be forced to navigate political tightropes, risking the wrath from governments if they are seen as failing to align with loosely defined national interests. Meanwhile, some tech leaders are directly entering the political fray through outspoken public comments, creating additional reputational challenges for organisations that rely on their services.

Future scenarios could see activist groups targeting cloud providers over environmental records or their customer base, drawing company Execs further into unwelcome political debates and decisions.

Organisations could increasingly find themselves drawn into disputes through the third-party technologies they adopt. Restrictions on the use of Claude, Anthropic’s AI model, for government contracts, for example, could introduce a new layer of complexity to procurement and third-party risk management.

Strengthening Data Resilience: Practical Risk Management Steps

This is not a time to panic or create unnecessary alarm. Organisations do not need to overhaul their entire digital infrastructure overnight. However, the evolving geopolitical risk landscape does highlight the importance of taking a broader view of data resilience.

Practical steps organisations can take include:

Standard risk management for a far-from-standard world.

Risk Management for a Changing Digital Landscape

As politics and business continuity overlap, corporate risk teams and senior management are trying to manage their data resilience in a volatile and unpredictable landscape.

In a world where data availability could be subject to conflict or governments could blacklist technology providers that are critical to an organisation’s business or supply chain, data resilience and business resilience are becoming closely intertwined.

We are not at crisis point, but recent developments have exposed how new vulnerabilities are changing corporate data resilience. Strong technical controls remain essential. But effective resilience planning increasingly depends on managing these technical controls alongside a complex mix of compliance and geopolitical risks.