nLighten & Arqit test sovereign cloud model in Europe
Wed, 15th Jul 2026 (Today)
nLighten and Arqit have completed a joint proof of concept that aims to let organisations use public cloud services without giving up control of sensitive data and cryptographic assets. The work was carried out between nLighten's Geneva data centre and a major hyperscale cloud provider.
The project was designed for organisations seeking public cloud tools while retaining tighter control over data, encryption keys and compliance obligations. Regulated sectors such as financial services, pharmaceuticals and the public sector are likely users of the model.
The proof of concept centres on a setup in which workloads run in a public cloud environment while remaining tied to infrastructure in Europe. Under the model, customer data and cryptographic controls stay rooted in nLighten's Geneva facility, while Arqit's technology extends that environment into the cloud.
The approach reflects a longstanding tension for many regulated businesses. Public cloud platforms offer scale and access to newer tools, including artificial intelligence services, but some customers remain wary of moving sensitive workloads outside environments they directly oversee.
The companies position the arrangement as an alternative to keeping workloads entirely in tightly controlled systems or shifting them fully to public cloud platforms. Rather than relying mainly on contract terms or provider-specific sovereign cloud structures, the design is based on infrastructure that organisations can physically identify and audit.
Technical model
The proof of concept combined nLighten's data centre infrastructure, Arqit's quantum-safe cryptography and Intel Trust Domain Extensions, known as Intel TDX. Intel TDX is a confidential computing technology that isolates virtual machines or containers from outside software, unauthorised users and neighbouring virtual machines in a public cloud environment.
In practice, workloads run inside hardware-enforced confidential computing environments designed to protect data while it is being processed. Arqit's encryption is also intended to protect data moving in and out of the cloud against "harvest now, decrypt later" threats, in which attackers collect encrypted information now in the expectation that future computing advances will make it easier to decode.
The focus on cryptographic resilience comes as concerns grow over the long-term security of existing encryption methods in the face of quantum computing research. Suppliers of post-quantum or quantum-safe products have increasingly framed their services around that risk, particularly in sectors with long data retention periods and strict confidentiality requirements.
Sovereignty pressure
The announcement comes amid wider European scrutiny of digital sovereignty. Policymakers and corporate buyers have spent several years debating where data is stored, who can access it and how cloud services can meet local regulatory demands without forcing customers to give up the economics and flexibility of large international platforms.
For some customers, the question is not whether to use public cloud services but how to do so without losing direct control over critical assets. The model set out by nLighten and Arqit seeks to address that by keeping key controls in a European data centre while allowing workloads to use external cloud resources.
Dame Dawn Child, Chief Executive Officer, nLighten, said: "Our customers increasingly want to leverage AI, analytics and cloud-native services, but many operate in highly regulated environments where data control is non-negotiable. This proof of concept demonstrates that organisations no longer have to choose between innovation and sovereignty. By anchoring workloads to a trusted European infrastructure foundation, they can achieve both."
Her comments highlight a commercial issue facing cloud and infrastructure providers: customers want access to advanced software tools and elastic computing, but boards and regulators continue to demand clear answers on auditability, key management and jurisdictional exposure.
Andy Leaver, Chief Executive Officer, Arqit, said: "Too often, organisations are told they have to choose between maintaining control of sensitive data and benefiting from the scale and innovation of the public cloud. What we've demonstrated with nLighten is that there is a third option. By combining a sovereign European infrastructure foundation with confidential computing and cryptographic controls, organisations can continue using public cloud services while retaining greater control over how their data is protected. Importantly, this approach provides technical assurance, not just contractual assurance, helping organisations strengthen their sovereignty posture without compromising innovation."
nLighten intends to replicate the architecture across its network of more than 30 data centres in seven European countries, extending a model first tested at its Geneva site.