Data Sovereignty vs. Data Residency in Australia
The two terms get used interchangeably, but they mean different things — and the gap matters when an Australian organisation gets a foreign legal request for its data.
9 min read
Content hub / 06 sovereignty
Data sovereignty in Australia, explained.
Most Australian organisations now have a sovereignty requirement somewhere in their procurement, whether they call it that or not. The terminology is a mess and the marketing claims are louder than the law. This hub is the plain-English alternative.
Featured articles.
Topics covered.
Sovereignty
Whose laws apply to your data — independent of where the bytes physically sit.
Residency
Where the bytes are stored. Necessary for sovereignty, but not sufficient.
Privacy Act 1988
The Australian Privacy Principles (APPs) and what cross-border disclosure under APP 8 actually requires.
S3 storage
S3-compatible object storage that stays in Australia, with zero AU egress fees.
Sovereign compute
KVM virtual machines on Australian-owned hardware, in a Tasmanian facility.
Post-quantum
Kyber-768 and Dilithium-3 ready storage so today's data stays safe tomorrow.
Where we fit
Sovereign by construction.
We are an Australian-owned company running KVM compute and S3-compatible object storage entirely within Tasmania. No backbones to Singapore, no replication to a US region for “durability”, no hyperscaler parent. The point of the work above is to be specific about what that buys you legally and operationally — and where the limits are.