Telefónica and Google Advance Sovereign Cloud in Spain

The battle for cloud adoption in Europe is being shaped by a single question: where does the data live, and who controls it?

As governments and heavily regulated industries accelerate digital transformation programmes, concerns around data sovereignty and jurisdictional oversight are becoming just as important as cloud performance and scalability.

Against that backdrop, Telefónica and Google Cloud have unveiled a new sovereign cloud offering aimed at organisations across Spain seeking tighter control over sensitive information.

Delivered through Telefónica’s digital business unit, Telefónica Tech, the service combines Google Cloud’s infrastructure with locally managed sovereignty controls, creating a platform designed for both public sector bodies and private enterprises operating under strict regulatory requirements.

The announcement builds on Google Cloud’s existing Madrid region, which is being expanded to provide Google Cloud Data Boundary services to customers and partners in Spain.

As part of the initiative, Google Cloud has selected Telefónica as its sovereignty partner in the country, with responsibility for managing the controls that underpin data sovereignty requirements.

Addressing growing sovereignty concerns

Under the new model, organisations using Google Cloud can benefit from controls covering data protection and personnel access.

The arrangement is intended to help customers comply with Spain’s privacy and digital sovereignty requirements while continuing to access hyperscale cloud capabilities.

A key feature of the offering is its approach to encryption management. Information stored in Google Cloud is encrypted using keys generated and held by Telefónica within its own sovereign cloud environment.

This means encryption keys are created and managed by a Spanish operator within Spanish territory, providing an additional layer of protection against unauthorised access from external jurisdictions.

Sofia Collado, CEO of Telefónica Tech, states: “At Telefónica, our ambition is to become the leading gateway to digital technologies through continuous innovation and by exploring new solutions and enhanced services that deliver greater value to customers.

“This new offering is a clear example of that commitment, enabling organisations to define precise data residency, access control and data protection policies through encryption keys generated and managed outside public cloud environments.

“As part of our commitment to digital sovereignty, we also provide a comprehensive 24/7 support and monitoring service, together with continuous audit capabilities that help detect and alert organisations to any policy changes that could compromise their compliance posture.”

Telcos deepen their cloud role

The launch also highlights how telco operators are expanding their position within the cloud ecosystem.

Operators are more frequently offering managed security, compliance and sovereignty services that address local regulatory requirements.

For Google Cloud, the partnership strengthens its ability to serve organisations that require greater operational control without sacrificing access to advanced cloud technologies.

Isaac Hernández, Country Manager Iberia at Google Cloud, adds: “There should be no conflict between Spain’s digital sovereignty and its economic competitiveness.

“This partnership with Telefónica is a testament to our commitment to customer choice, helping to ensure that Spanish organisations do not have to choose between autonomy and innovation.

“By combining our cutting-edge cloud capabilities with Telefónica’s local operational control and encryption management, we are empowering businesses and public administrations to innovate securely and confidently on their own terms.”

The move comes as Spanish organisations continue to modernise IT environments and invest in technologies such as AI and advanced analytics.

For telco providers, that growing demand presents an opportunity to play a more strategic role in helping customers navigate the complex intersection of cloud adoption, security and regulatory compliance.