HAMAHAMA
UZ RU EN
KNOWLEDGE BASE

What is data sovereignty?

Data sovereignty is the principle that data is governed by the laws of the country where it physically resides. In short: wherever your server sits, that is the jurisdiction your data belongs to.

In short

Data sovereignty means data is governed by the laws of the country where it is stored. This matters to organizations and the state because data on a foreign server falls under foreign jurisdiction. The most reliable solution is to store data in Uzbekistan or on-premise.

The concept of data sovereignty

Data sovereignty is the principle that digital data is subject to the laws, regulations, and jurisdiction of the country in whose territory it is physically stored. In other words, the legal fate of data is determined not by its owner but by the geographic location of the server.

The concept is often confused with three closely related terms:

  • Data sovereignty — which laws govern the data.
  • Data residency — the physical location where data is stored.
  • Data localization — a requirement to keep data inside the country.

All three are linked: storing data in Uzbekistan (residency) brings it under Uzbek law (sovereignty), which is often reinforced by a legal requirement (localization).

Why it matters for organizations and the state

An organization's data — employee personal information, customer databases, internal correspondence, financial and strategic documents — is one of its most valuable assets. Which jurisdiction it is stored in directly affects:

  • Legal protection. Data stored in Uzbekistan is protected by, and can only be requested under, the laws and courts of Uzbekistan.
  • State security. For government bodies and critical infrastructure, citizen and state data leaving the country is a direct national-security concern.
  • Readiness for oversight and audit. When data is inside the country, regulators and security services can review it lawfully and quickly.
  • Independence. Dependence on a foreign provider creates the risk of losing service during a geopolitical conflict or sanctions.

Uzbekistan has requirements for processing personal data and storing it within the country. Sovereignty is not just a technical choice — it is often a legal obligation.

Risks of foreign jurisdiction and the cloud

Global cloud services are convenient, but from a data-sovereignty standpoint they carry serious risks:

Extraterritorial reach of foreign law

Many large cloud providers are subject to foreign legislation. The laws of certain countries (for example, acts like the U.S. CLOUD Act) can compel a provider to hand data to its government even when the servers sit in another country.

Lack of transparency

  • Exactly where the data sits — in which data center — is often unknown.
  • The provider may copy or move data to another region.
  • When data is disclosed under a court order, the organization may not be notified.

Dependence and shutdown risk

Geopolitical tension, sanctions, or a provider's unilateral decision can cut off the service abruptly — paralyzing the entire organization's operations.

Relation to on-premise and compliance

There are two practical ways to ensure data sovereignty:

  • A trusted in-country server — data is stored in a data center in Uzbekistan and never leaves the country's territory.
  • On-premise deployment — data lives entirely on the organization's own servers, under its physical control. This is the highest degree of sovereignty.

Sovereignty is also closely tied to compliance. Information-security standards such as ISO/IEC 27001 and requirements for critical information infrastructure call for documenting where data resides, how access is controlled, and how it is protected. When data is in-country and under control, demonstrating compliance with such standards becomes far easier.

How HAMA handles this

HAMA is a single secure platform for organizations in Uzbekistan (business and government). Data sovereignty is one of its core principles:

  • Data is stored in Uzbekistan. The server sits in secure infrastructure in Uzbekistan — data never leaves the country's jurisdiction.
  • On-premise option. An organization can deploy HAMA entirely within its own infrastructure, keeping full physical control over the data.
  • End-to-end encryption. Messages are protected with the Signal protocol (X3DH + Double Ratchet), groups with AES-256-GCM; transport runs only over TLS 1.3. Even while it sits on the server, the content remains encrypted.
  • Compliance readiness. HAMA is preparing for conformity with O'z DSt ISO/IEC 27001:2023 and the requirements of PP-167 (critical information infrastructure).

As a result, an organization gets a modern messenger, video conferencing, and monitoring without giving up sovereignty over its data.

Frequently asked questions

What exactly does data sovereignty mean?

It is the principle that data is subject to the laws and jurisdiction of the country where it physically resides. If the server is in Uzbekistan, Uzbek law applies; if the server is abroad, that country's law applies.

Why can foreign cloud services be risky?

Data held by a foreign provider can be lawfully accessed by that country's courts and agencies, and the provider may not be allowed to notify you. The exact location of the data and who can access it are also often opaque.

What is the most reliable way to ensure data sovereignty?

On-premise: storing data in the organization's own infrastructure or on a trusted server in Uzbekistan. The data then never leaves the country and stays fully under the organization's control.

Where does HAMA store data?

HAMA data is stored on a secure server in Uzbekistan or in the organization's own infrastructure (on-premise). The data stays in Uzbekistan and does not fall under foreign jurisdiction.

Related articles

HAMA

On-premise vs Cloud: which is more secure?

 HAMA

Secure communication for government organizations

 HAMA

Data protection in a corporate messenger

Keep your data in Uzbekistan

HAMA ensures data sovereignty: servers in Uzbekistan or in your own infrastructure. Get in touch to learn more.

Contact us