*This article was first published in Arabic on 7iber Magazine on Nov 20, 2025
In April 2025, Microsoft’s President, Brad Smith, pledged to challenge “any government” that requested his company to suspend its services in specific countries, alluding to threats from the Trump administration within its trade war. However, Smith’s promises were put to the test just one month later. In May, the President of the International Criminal Court, Karim Khan, and a number of his colleagues discovered that Microsoft had blocked their access to email accounts hosted on its servers. This blockade was implemented in compliance with Trump’s decision to place Karim Khan and all ICC staff on a sanctions list managed by the Office of Foreign Assets Control (OFAC) under the US Department of the Treasury.
The United States has long weaponized the OFAC sanctions list to isolate individuals and companies from the global financial system and global internet services. This is done by leveraging the influence and dominance of US-based companies over critical internet infrastructure, including hosting services, data centers, and undersea cables. However, this list expanded after October 7th, as the Trump administration actively targeted institutions and individuals working to document the genocide and prosecute the crimes of the Zionist occupation.
Just as Microsoft froze the email accounts of ICC staff in compliance with OFAC sanctions, other US-based big tech companies like Microsoft, Amazon, Google, and Meta also froze the online accounts of numerous Palestinian institutions after the US administration listed them on the OFAC list— accused of supporting Hamas and the Popular Front for the Liberation of Palestine. In 2024 alone, the number of individuals and entities designated by OFAC as “Specially Designated Nationals” increased by 25% compared to 2023. Even the UN Special Rapporteur on the situation of human rights in the Palestinian territories, Francesca Albanese, was not spared from this list after publishing her report “From an Occupation Economy to an Economy of Genocide,” under the pretext of her relations with the International Criminal Court.
As the internet has become increasingly central to strategic and sensitive national infrastructures worldwide, economists and academics have been sounding the alarm for years about the implications of concentrating the ownership of the network’s infrastructure in the hands of a small number of private US-based companies, governed by US laws. But the allure of easy access to hosting and cloud-computing services, coupled with their low cost, meant that these warnings found little resonance among most governments—until Edward Snowden’s 2014 leaks provided evidence of extensive surveillance programs employed by the U.S. government, leveraging its influence over the network through the fact that US companies owned most of the sensitive infrastructure that powers the Internet. At that point, government discourse in Europe, Asia, and Latin America intensified, calling for the importance of gaining independence and asserting national sovereignty over sensitive layers of the Internet infrastructure.
Following the extensive sanctions imposed by the United States on Russia during its war with Ukraine, and the trade war waged by the Trump administration against countries worldwide to tip the scales in the United States’ trade balance favor, official calls for achieving digital “sovereignty” or “independence” reached their peak, encompassing a diverse spectrum of voices. On the left of these calls are human rights and academic institutions advocating for reclaiming infrastructure ownership from private companies by building “public infrastructure” managed by civil institutions. On the right are national governments calling for the imposition of their digital “sovereignty” to kill multiple birds with one stone: developing their economies and extending their control over their populations’ communications and data.
In this article, I attempt to map the landscape of cloud-computing infrastructure—the most central set of services on the Internet—and to trace the discourse of digital “sovereignty” or “independence,” which has grown steadily in recent years. Despite the way major tech companies portray the Internet as a “cloud” where data floats weightlessly, this cloud is in fact embodied in most physical forms of data centers and servers, most of which are owned by a very small number of companies. Contrary to the immateriality implied by the word “cloud,” this data is bound to those servers and data centers, which ultimately fall under the interests of the states and corporations that manage them. I also seek to identify the available spaces that rights-based organizations can turn to start their journey to “digital independence”.
The Hosting and Cloud-Computing Ecosystem
To imagine the ecosystem of companies that control the web and services hosting infrastructure, we can take as an example the chain of requirements for an organization to establish its online presence—such as creating a website, running email services, and setting up cloud storage.
To create a website, an organization must first rent a domain name from an Internet domain-name registrar, then obtain space to host its webpages, an email service, and possibly storage space for its databases and internal files. It may also choose to create pages on social-media platforms, where most online audiences are concentrated today.
Up until the mid-2000s, all these needs could be met through small companies—most based in the United States, with some in Europe—none of which controlled a dominant share of the market. Costs were reasonable in the industrialized North, though relatively high in the rest of the world. But over the years, the market for the requirements of a cyber presence changed significantly, with new patterns of comprehensive services emerging under what came to be known as cloud services.
These services became increasingly concentrated and monopolized by major corporations. For example, by the end of 2024, two US-based companies—GoDaddy and Namecheap—together owned as registrars one-third of the global domain-name market, which had reached 360 million registered domains. Meanwhile, the six largest US companies in this sector collectively held nearly half of all domain names registered worldwide.
The most famous of these domains were those that started with the internet itself, such as .com and .org, referenced as gLTDs (General Top-Level Domains) were then managed by a private US-based company called Network Solutions under a special contract with the U.S. government, until the non-for-profit organization, ICANN was established in 1998. The responsibility of managing domain names moved to ICANN, and the domain names sector consisting of registries and registrars was privatized and transformed into a profitable market.
This sector has undergone changes between 2019 to 2023, as an increase in domain-name registrations has been observed in Asian and African countries, especially country level top-level domains (cLTDs) such as .cn for China, .in for India, and .za for South Africa, alongside a decline in the growth of .com domains. One of the drivers of this growth is the enactment of laws and strategies by governments in those countries that encourage local domain markets, the localization of hosting services and data centers on their territory, and the encouragement of local private and public sectors to register domains that end with country codes.
As a result of U.S. sanctions, many human rights organizations around the world lost control of their domain names, especially those ending with .org, .net, .com, which they had previously rented from registrars located in the United States. However, while some registrars claim that they are bound to legally comply with US law, NamesCheap arbitrarily revoked the domain name of the website genocide.live owned by Zionism.observer on January 5, 2026 as the website held a digital memorial honoring the victims of Gaza resulting in the removal of 16,000 videos documenting war crimes. According to NamesCheap CEO, violent content of the website violated their terms of service.
After registering a domain name, an organization needs to provide hosting storage for its website, its files, its email, and its archives. In the early expansion of the internet, companies and institutions used to set up and manage their own servers for hosting purposes. Today, just as U.S. companies dominate the domain names market, Amazon, Microsoft, and Google collectively control about 62% of the cloud computing market.
As for countries under sanctions, they were pioneers in building local cloud-computing hosting infrastructure, such as China, where Alibaba, Huawei, and Tencent lead the domestic Chinese cloud market (with shares of 33%, 18%, and 10%, respectively). In recent years, Alibaba’s share of the global cloud market has grown to 4%, due to its provision of regional hosting and domain services across Asia.
Just as with domain names, US cloud-computing companies froze the accounts of individuals, organizations, and countries placed on the OFAC list. Sanctioned organizations are forced to turn to cloud-computing providers outside the United States to continue their operations, and many of them lost access to even backups of their websites and databases. Meanwhile, some organizations proactively secured domain names and cloud storage from companies outside the U.S in anticipation of the risk of being placed on sanctions list.
It is important to note that using a non-U.S. service provider whether a domain registrar or a cloud service computing does not inherently shield an entity from OFAC sanctions enforcement. Many registrars outside of the US source their domains through wholesale agreements with U.S.-based registrars, and their agreements could contain clauses that prohibit from servicing parties designated by OFAC. As for cloud computing providers outside of the US, if they have offices or infrastructure located in the US, they are obliged to abide by the sanctions list. For example, the Canadian-American company Tucows decided to comply with a request from the organization “Lawyers for Israel UK” to suspend the account of the Palestinian institution “Addameer,” due to the company’s offices and servers being in the United States.
If providers don’t have any presence in the US, the matter is governed by the provider terms of service with regards to conditions of removing content or suspending services.Some service providers may also decide to freeze their clients’ accounts without a court order if they believe, based on their personal assessment, that they are hosting content that may support terrorism or incite hatred. On the other hand, some service providers in Europe are fighting legal battles in local courts against decisions to remove content or suspend services on charges such as terrorism or anti-Semitism, as the Icelandic company “1984” is doing by refusing to remove the website “The Mapping Project” after being sued by a Zionist organization.
A Growing Global Debate
The Snowden leaks marked a turning point in the trust of international and local human rights institutions and governments alike in the internet infrastructure controlled by the United States. Official reactions on these leaks where security-centered where the concentration of ownership allowed governments to spy on one another. One of the most prominent reactions was the announcement by then-Brazilian President Dilma Rousseff of the construction of a submarine data cable between Brazil and Portugal that bypasses the United States. Named EllaLink and completed in 2021, the cable was intended to secure the data and communications of the Brazilian state and its citizens after it was revealed that Dilma was among the heads of state subjected to US espionage according to the leaks. For its part, the European Union enacted the General Data Protection Regulation (GDPR) in 2016, which forced global companies to implement controls for using and processing European citizens’ data outside European borders, requiring legal permission.
These secret espionage programs, and the ability of the United States’ government to cut off entire populations from the internet’s ecosystem through sanctions, have driven many countries in Asia and Europe, including those friendly to the US, to enact policies and launch projects to build hosting infrastructure seeking greater sovereignty over their communications and their citizens’ data. Some countries developed laws that compel international cloud computing providers to host their citizens’ data in local data centers subject to the countries’ legal jurisdiction, as in the case of Vietnam and Singapore, or through agreements with foreign companies to build a national cloud, as in the case of Malaysia. these policies did not always mean independence from the US-based companies providing these services, as much as they aimed to generate jobs locally, as in the case of Malaysia.
In Europe, although “digital sovereignty” was at the center of discussions in the European Parliament of the European strategy for data in 2020, the Union became alert of the danger of Amazon, Microsoft, and Google controlling 70% of the cloud computing market within the continent. This awareness grew after Trump signed an executive order at the beginning of 2025, clarifying the by laws of the CLOUD Act passed in 2018, which allows US executive agencies to access – via a court order – data centers located outside the United States if they are owned by US-based companies. This contradicts the controls the European Union established via the GDPR for foreign companies processing European data hosted in their centers. As a result, Microsoft, Google, and Amazon rushed to develop internal policies guaranteeing the “sovereignty” of the host countries over their national data stored in their data centers. Microsoft executives later admitted to the French Parliament that the company could not guarantee France’s – or by extension, any EU country’s – sovereignty over its national data or its citizens’ data stored in the company’s data centers in France if the US government requested access via a court order. In Britain, over 50% of tech company leaders expressed in mid of this year a desire to work with local service providers rather than those in the United States.
Today, serious discussions are emerging in the European Union about adopting digital sovereignty strategies not only to protect its citizens’ data but also to catch up in the artificial intelligence race between the United States and China. In addition to the “Europe Digital Strategy” policy, which gives preference to European service providers in government tenders, calls has escalated to “liberating Europe from the digital siege” or urging the development of a plan to control all layers of the infrastructure, starting from the nationalisation of “semiconductor chips” manufacturing to building local data centers and hosting infrastructure.
Towards a Public Cloud Computing Infrastructure?
In the endeavor to dismantle the concentration of ownership over sensitive infrastructure, some human rights institutions and internet governance organizations are raising concerns about granting greater “sovereignty” and influence to local governments over citizens’ data, communications, and websites. This is particularly worrisome in countries that impose high levels of internet and media censorship and run unaccountable surveillance programs on their citizens’ data. Within a group called the “Democratic and Ecological Alliance for Digital Sovereignty,” a number of institutions, academics, lawyers, and rights advocates proposed a roadmap to “reclaim the concept of digital sovereignty.” The roadmap aims to expand the concept of “sovereignty” beyond state control, which has historically served the economic and political interests of the ruling class and provided a framework for governments to evade accountability and transparency in governance.
The roadmap’s starting point is to redefine the cloud infrastructure that enables cloud computing as “public, state-ledcloud composed of public data centres interconnected through public infrastructure” that serves the public interest of diverse peoples and communities and distributes its economic returns the wider society. According to this roadmap, digital independence will also be achieved by building public infrastructure and platforms such as “public search engine or a public e-commerce market place”, governed by civil society institutions or international bodies (following the model of telecommunications network governance and global postal services). It also involves investing in open research that provides solutions for building public knowledge online for the benefit of society, rather than serving the profit motives of a handful of companies, and establishing restrictions and accountability mechanisms to dismantle government surveillance tools over their citizens’ data.”
Global movements are also emerging, targeting human rights organizations and small businesses to propose alternatives to the solutions and services of major tech companies. This year, the “Rise Against Big Tech” campaign was launched, calling to move away from big tech tools that have contributed to increasing climate change risks, data militarization, and police empowerment. It also advocates for promoting hosting service providers whose values align with cooperation, transparency, and equality. In addition, some organizations are offering guidance to reduce independence on Google through reverting to self-hosting open-source tools on their own servers, such as daily communication tools (as alternatives to Slack or WhatsApp), storage administration tools, productivity software suites (as alternatives for Google Workplace), or self-hosted VPNs. Some initiatives also propose an “alternative” to social media companies, based on a decentralized hosting structure where social networks communicate directly with each other in a federation called the Fediverse.
Achieving complete independence from US service providers may be a privilege most human rights organizations cannot afford, especially in the Arab region. However, at the same time, reliance on service providers in the United States, especially for organizations documenting war crimes, or working on holding the Israeli occupation accountable, has become a digital existential risk . Therefore, there is no better political moment than the current one to engage in serious discussions within these human rights institutions, on what does it require to begin moving towards “digital independence” using open-source and self-managed tools.
But if there is one practical thing human rights institutions can start with, it is to move their domain, hosting, and email service outside of the United States with providers with terms of services that protect their right to exist online. Between complete dependence on US service providers and complete independence, there are spaces that can be explored to achieve a measure of gradual independence, until the day comes when initiatives emerge that offer infrastructure governed by an international body.
**Tech activist Ahmad Gharbieh reviewed this article and contributed to developing some of its ideas.
