Sri Lanka charts a new course for digital future with sovereign cloud strategy

• Proposed strategy advocates for an open and competitive ecosystem
• Strategic shift aims to unlock new avenues for economic growth, modernise public sector services and enhance country’s digital resilience
• Deadline for submitting feedback is July 18, 2025 

The Information and Communication Technology Agency (ICTA) of Sri Lanka has unveiled a duo of forward-thinking draft policy documents that propose a significant shift in the nation’s digital infrastructure strategy. 
The basis of the proposal is a government-regulated, private-sector-operated sovereign cloud, designed to bolster local innovation while fostering trusted international collaboration.
In a move to modernise its digital economy, Sri Lanka is looking to avoid the common pitfalls of fragmented, state-run data centres, which often struggle with scalability and keeping pace with rapid technological advancements. 
The proposed strategy titled ‘Towards a Sovereign Cloud Strategy for Sri Lanka’ advocates for an open and competitive ecosystem. This model encourages investment from both local and international private sector entities, including global hyperscale cloud providers, all within a robust regulatory framework that safeguards national data.
The draft paper emphasises that this approach will be built on the core principles of regulatory oversight, open architecture, public-private partnerships and establishment of ‘Digital Sovereignty Zones’. These zones are envisioned as secure, certified environments within Sri Lanka for hosting the nation’s most critical data, ensuring it remains under national jurisdiction.
This strategic shift aims to unlock new avenues for economic growth, modernise public sector services and enhance the country’s digital resilience. The policy directly supports the ambitions of Sri Lanka’s Digital Economy Blueprint by aligning with the global best practices.
The vision for this ambitious undertaking has been shaped by a team of prominent figures in the Sri Lankan technology landscape, including Sanjaya Karunasena, Samisa Abeysinghe, Dr. Hans Wijayasuriya and Harsha Purasinghe, who are listed as contributors to both draft documents.
Complementing the overarching strategy, the ICTA has also circulated a ‘Draft Revised Cloud Policy and Procurement Guidelines for Interim Use’. This document provides a practical framework for the government agencies to begin leveraging cloud technology securely and efficiently, even before the full sovereign cloud infrastructure is mature.
A key highlight of the interim guidelines is a detailed Data and Service Classification Framework. This framework categorises the government data into tiers, from ‘Public’ to ‘Top Secret/National Security’ and maps them to appropriate cloud deployment models with specific security and sovereignty requirements.
For instance, the most sensitive ‘Top Secret’ data would mandate ‘Full Sovereignty + Strict Localisation’, requiring it to be hosted and managed exclusively within Sri Lankan jurisdiction in a certified Digital Sovereignty Zone. Conversely, less sensitive data could be hosted on global or hybrid clouds, provided there is local oversight and adherence to the national laws.
These interim procurement guidelines are designed to encourage competition and ensure that all cloud contracts include crucial clauses for data residency, portability and clear exit strategies, allowing for a future transition to the national sovereign cloud infrastructure.
The ICTA is actively seeking broad participation to refine these landmark policies. A call has been issued for tech professionals, academics, members of civil society and the public to submit their feedback. 
The deadline for submitting feedback is July 18, 2025. 
(NF)