Analyst(s): Fernando Montenegro
Publication Date: May 29, 2026

Netskope has expanded its NewEdge Network to deliver all four components of data sovereignty across 24 countries, backed by third-party validation and a new managed SASE partnership with Deloitte, launching first in EMEA. For enterprise buyers, the infrastructure investment is substantive, but legal jurisdiction gaps mean vendor technology and local partner capability are increasingly complementary.

What is Covered in This Article:

• Netskope’s NewEdge expansion covers all four components of data sovereignty across 24 countries, going beyond the physical data location claims that characterize most vendor sovereignty offerings.
• The Deloitte-managed SASE partnership illustrates why local partners are a structural requirement. Vendor infrastructure delivers the physical and processing components; local partner presence addresses what infrastructure alone cannot.
• Agentic AI workloads are compounding sovereignty requirements. Multi-prompt workflows that generate post-processing metadata introduce jurisdictional exposure that wasn’t present in pre-agentic SASE deployments.
• The competitive set is active. Fortinet, Versa, Zscaler, Cisco, Cato Networks, and Palo Alto Networks are each pursuing sovereign SASE positioning. Buyers should evaluate against all four components, not just geographic coverage.
• Legal jurisdiction, control-plane sovereignty, and key custody remain open questions that sophisticated buyers should raise during procurement conversations.

The News: On May 28, 2026, Netskope (NASDAQ: NTSK) announced an expansion of its NewEdge Network infrastructure to cover all four components of data sovereignty across 24 countries: network transport, data processing, domestic storage, and metadata governance. The covered markets span major economies across North America, Europe, Asia-Pacific, the Middle East, and Latin America, including the United States, Germany, India, Japan, Saudi Arabia, and Brazil. NewEdge now comprises more than 120 data centers across 80+ regions, with recent additions in Indonesia and Turkey. The announcement also introduces third-party validation and auditable environments to support compliance with legal and governmental requirements. Netskope connects this expansion to its recently announced NewEdge AI Fast Path, which provides local processing and optimized routing for AI workloads within sovereign boundaries.

Netskope Expands Sovereign SASE to 24 Countries as Regulatory Pressure Mounts

Analyst Take: Data sovereignty has been a topic of vendor conversation for several years, but the nature of the demand has shifted. What was once a concern concentrated in heavily regulated sectors and a handful of European jurisdictions has become a broad enterprise procurement requirement, shaped by an expanding set of national regulatory frameworks across Asia-Pacific, the Middle East, and Latin America.

Netskope’s expansion of NewEdge to cover all four sovereignty components across 24 countries reflects that shift. This is infrastructure investment responding to a structural condition, not a feature added to satisfy a niche.

Sovereignty Is an Architectural Problem, Not a Compliance Phase

The framing that matters here is that multi-polar regulatory fragmentation is not a temporary condition that international harmonization will eventually resolve. GDPR, India’s DPDPA, Saudi Arabia’s PDPL, and the growing list of sector-specific data localization mandates across Asia-Pacific and the Gulf are each asserting distinct jurisdictional claims over data.

Organizations that design their security architecture around this reality are better positioned than those that treat sovereignty as a transitional concern. For SASE vendors, the infrastructure question, which is where data is processed, inspected, stored, and governed, has become as strategically important as the security capability question.

All Four Components Are Necessary, But Are They Sufficient?

Network transport and domestic storage tend to get the most attention in sovereignty conversations because they are the most visible. Data processing and metadata governance are where implementations more commonly fall short.

Post-processing metadata, which includes the output of security inspection, logging, and analytics functions, can leave a jurisdiction even when the underlying traffic does not. Netskope’s explicit treatment of all four components as distinct requirements is substantive, and its commitment to third-party validation shifts sovereignty claims from vendor assertions to auditable evidence.

That said, buyers in complex regulatory environments should push further. Physical location and legal jurisdiction are not the same thing. A vendor headquartered in the US remains subject to compelled access requests under the CLOUD Act regardless of where data physically resides. Control plane jurisdiction and encryption key custody are two additional dimensions that sophisticated procurement processes are increasingly requiring.

This is where local partners become a structural part of the answer rather than an optional add-on. The timing of Netskope’s expanded partnership with Deloitte, announced the day prior and launching first in EMEA, is notable in this context. Deloitte’s presence across more than 150 countries brings the local operational and advisory depth that infrastructure investment alone cannot deliver, particularly in the markets where sovereignty enforcement is most active. Vendor infrastructure combined with a partner’s local legal and operational presence is the architecture that closes the remaining gaps for the most demanding sovereign requirements.

The AI Workload Dimension

The connection to NewEdge AI Fast Path is not incidental. Organizations deploying agentic AI workloads now face a compounded governance problem: agent-generated outputs and post-processing metadata must satisfy the same jurisdictional requirements as the underlying data.

Multi-prompt agentic workflows that cross inspection points, aggregate outputs, and generate logs create sovereignty exposure that wasn’t present in pre-agentic SASE deployments. Local processing within sovereign boundaries, combined with in-country metadata governance, is the architectural response to that exposure.

Market and Buyer Implications

Netskope arrives at this announcement from a position of recognized platform strength. Futurum’s March 2026 Signal report for SASE placed the company in the Elite tier alongside Palo Alto Networks and Fortinet, reflecting its platform maturity and the scale of the NewEdge infrastructure investment.

The broader competitive set is active. Fortinet, Versa, Zscaler, Cisco, Cato Networks, and Palo Alto Networks are each developing their own sovereign SASE positioning, with varying levels of infrastructure depth and geographic coverage. The competitive question for buyers is shifting from whether a vendor has a sovereignty story to whether the underlying infrastructure actually delivers on all four components at scale, with verifiable evidence to back it up.

Third-party validation, if it becomes a standard expectation rather than a differentiator, will raise the bar for the entire field. For large multinationals operating simultaneously across the US, EU, and APAC regulatory regimes, the architectural contradictions are real, and the window for deferring these decisions is narrowing.

What to Watch:

• Will third-party validation become a procurement gate? Sovereignty certifications are currently a differentiator. If regulatory bodies and enterprise procurement processes begin explicitly requiring them, the entire competitive set will need auditable evidence across all four components, not just physical data-residency claims.
• How far does the Deloitte partnership extend? The managed SASE offering launches in EMEA first. Its expansion into Asia-Pacific, the Middle East, and Latin America will determine how much of the local partner model this relationship can deliver in the markets where sovereignty enforcement is actively tightening.
• Does the CLOUD Act gap become a formal buyer requirement? Enterprise procurement in sensitive markets may begin explicitly requiring local key custody or local legal entity structures. How US-headquartered SASE vendors respond architecturally to that demand is worth watching.
• Will agentic AI accelerate sovereignty timelines? Metadata governance requirements for multi-prompt agentic workloads may push organizations toward full in-country data-plane coverage faster than regulatory compliance deadlines alone would.
• Can the full competitive set match infrastructure depth? Four-component sovereignty across dozens of markets is expensive to build and maintain. Whether mid-tier SASE vendors can keep pace, or whether buying consolidates toward those with deeper infrastructure and partner ecosystems, remains an open question.

For more information, read the full announcement from Netskope and the Netskope and Deloitte managed SASE partnership announcement here.

Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.

Other Insights From Futurum:

Secure Access Service Edge (SASE) – Futurum Signal

Are We in a New Westphalian World Web? – Report Summary

Sovereign AI: What Nations Want (And What They’ll Actually Get)

Netskope Bets Agentic AI Can Solve the SOC Capacity Crisis

Author Information

Fernando Montenegro

Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.

Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.

Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.