The Swedish government has presented a new national cloud policy, an important step that brings greater attention to issues that are becoming increasingly critical as public sector organizations rely on cloud services for more business-critical operations.
We welcome the fact that the policy highlights key areas such as security, vendor lock-in, portability, and control over data. These are not merely technical considerations—they directly influence the long-term resilience, flexibility, and operational independence of public sector organizations.
However, the policy should be seen as a starting point rather than a final destination.
The real challenge lies in turning principles into practical action. How should public authorities and municipalities formulate cloud requirements in procurement processes? How can they ensure portability and avoid becoming dependent on a single provider? And how can they maintain control over critical data and digital services over time?
These questions are becoming even more important as artificial intelligence takes on a larger role in public administration and citizen services. As data and AI become fundamental components of future digital infrastructure, cloud strategy is no longer solely an IT issue. It is increasingly a matter of governance, resilience, and digital sovereignty.
“It is encouraging that the policy addresses many of the challenges already facing the public sector today. The next step is turning principles into practice. How we procure, build, and manage digital services will ultimately determine how much control and flexibility we retain in the future,” says Joakim Öhman, CEO of Elastx.
While the policy provides valuable guidance, it stops short of defining how these principles should be applied in practice. We would have welcomed clearer recommendations regarding procurement requirements, portability standards, and the management of business-critical systems, as well as guidance on how compliance and long-term resilience should be assessed.
If Sweden is to reduce digital dependencies and strengthen its digital sovereignty, identifying the challenges is only the first step. Public sector organizations also need shared requirements, practical frameworks, and proven approaches that help translate policy ambitions into measurable outcomes.
The government's cloud policy represents an important contribution to the ongoing discussion about the future of Sweden’s digital infrastructure. We look forward to continued dialogue on how innovation, security, and long-term digital sovereignty can be combined to create sustainable and resilient digital services for the public sector.
Read the Swedish Government’s cloud policy (in Swedish)