AMID RISING geopolitical and cybersecurity concerns, the government may require companies in critical sectors such as energy, telecom, and banking to use Made-in-India sovereign cloud systems, The Indian Express has learnt.
According to government officials, the move under discussion is aimed at reducing dependence on foreign cloud providers and strengthening data security. The government may be comfortable with tighter control over sensitive data and digital infrastructure, they said.
The consideration was prompted last year, when Microsoft suddenly blocked oil refiner Nayara Energy from its IT services. This prompted questions in New Delhi’s policy circles around the dependence Indian companies have on crucial digital infrastructure services offered by foreign companies, and the need for them to build resilience against potential disruptions in the future.
Cloud systems are on-demand, internet-based services that deliver computing resources—such as servers, data storage, databases, and software—hosted in remote data centres rather than on local hardware. Instead of purchasing and maintaining expensive in-house IT infrastructure, businesses rent these resources.
Big businesses need cloud systems primarily for scalability and cost efficiency, allowing them to instantly scale IT infrastructure up or down to meet fluctuating demand without heavy capital investment.
“The Nayara block was a wake up call. A big concern was that a foreign company could just cut off access to one of our companies’ core digital infrastructure, and bring their operations to a grinding halt. We do not like that level of dependency on a foreign company,” a senior government official said, requesting anonymity.
“So, we are discussing that companies in critical sectors should only host their digital infrastructure on a sovereign cloud. That way, we could ensure there are no sudden disruptions and to insure against geopolitical risks,” the official said.
Story continues below this ad
Explained
Govt’s worries
A BLOCK by a cloud system provider can log out a client company from accessing its own data, communication channels and other tools and products. This can critically endanger operations in sectors such as telecom, energy and financial services. This is the reason why the government seeks greater control over such digital infrastructure.
But this concern cannot overlook the fact that Indian-made products are not at the same level as their foreign counterparts yet. “The problem we are running into, and this has come up in discussions with the industry, is that we currently do not have good enough domestic cloud systems that can rival those from the US, so it is natural that companies are going for the more superior option. There has to be a push to produce such systems in India,” the official said.
Queries sent to the IT Ministry and Nayara Energy remained unanswered until publication.
In July 2025, the European Union announced that it was sanctioning Nayara Energy, in which Russian oil giant Rosneft holds 49.13%, as part of its actions to force the Kremlin’s hand to end the war in Ukraine. The sanctions mean that Nayara Energy would not be able to export petroleum fuels and products to Europe, and potentially hit any of its dealings with European companies.
Just days after, Microsoft suspended its tech support to the company in response to the sanctions, affecting Nayara’s employees’ Outlook and Teams accounts. This meant that Microsoft blocked Nayara Energy’s access to its own data, proprietary tools, and products—despite these being acquired under fully paid-up licenses. Soon after, Nayara Energy sued Microsoft in the Delhi High Court, following which it restored services to the oil refiner.
Story continues below this ad
The IT Ministry had then sought Microsoft’s response on why it had suspended services to Nayara Energy, which resulted in its employees not being able to access their own data and communication channels. In August 2025, The Indian Express exclusively reported that the software giant, in its response, told the government that the block happened due to an automated “legacy” compliance system, and the company has changed its enforcement mechanism since, including adding a review process by its senior leadership before suspending services to an entity.
In a written submission to the ministry then, Microsoft said: “The outage was caused by an automated sanctions enforcement. Microsoft’s legacy compliance system was calibrated for a time when sanction regimes were less complex and was inclined to enforce ‘global’ compliance by default. At the time of suspension, Microsoft’s historical trade compliance posture assumed EU jurisdiction and measures to prevent the corollary risk that enabling access/return of data could violate EU sanctions. This automated approach led to an unintended disruption…”
But, acknowledging the flaw in that process, Microsoft said its automated system “presumed” a jurisdictional nexus (legal necessity) to the EU due to the historically global nature of its operations. “However, Microsoft’s significant investments in India in recent years render this jurisdictional presumption no longer appropriate,” it said.
