By Javier Surasky
We have already discussed in a previous post the physical infrastructure that underpins AI, and we also saw, when analyzing the geopolitics of data, that without data centers, high-capacity networks, and a massive, stable energy supply, AI cannot be trained or operate at scale. In this new post we turn to the element that today combines infrastructure and massive data: cloud computing, a technological architecture that underpins essential state services, the digital economy, and the development and operation of advanced AI systems by integrating hyperscale data centers, high-capacity telecommunications networks, dedicated interconnection, managed services, and intensive energy consumption (Hu, 2015; International Energy Agency, 2025).
This
centrality makes it necessary to analyze cloud computing as a privatized global
critical infrastructure that produces structural power and generates long-term
dependencies. From this perspective, digital sovereignty and AI governance
enter a new field of competition aimed at achieving adequate capacity to manage
these infrastructural dependencies, which are already part of the digital
ecosystem (Bratton, 2015; BCG, 2025).
Let us
begin by defining cloud computing as a specialized form of distributed
computing that introduces usage models for the remote provisioning of scalable,
measured resources, usually via the Internet. From this simple
definition emerge its five main characteristics:
·
On-demand
usage implies that a cloud user can unilaterally access the resources available
there (such as memory, computing capacity, or data) without additional human
interaction from the provider.
·
Ubiquitous
access, the broad ability to access cloud services, facilitates collaboration
and the mobility of actors.
·
Elasticity,
the term used to describe a cloud’s automated ability to increase or decrease
its resources as needed, based on runtime conditions or predefined
configurations, enabling dynamic scaling up or down of resource use.
·
Measured
usage, enabled by the cloud’s ability to track each user’s consumption, allows
the provider to charge the consumer only for the resources actually used and
for the time they were used (“pay-as-you-go”).
·
Resource
pooling, in which providers aggregate large technological resources in the
cloud and rely on multitenancy technologies to serve multiple consumers
simultaneously by dynamically allocating and reallocating resources in line
with changes in demand (NIST, 2011; Erl & Barceló Monroy, 2024).
There are
three major cloud service models:
(1) Infrastructure
as a Service (IaaS) offers virtual computing resources and basic infrastructure
(servers, storage, and networks). Here, the provider supplies hardware,
virtualization, servers, and networking.
(2) Platform
as a Service (PaaS), where users are provided with a “ready-to-use” environment
that allows them to develop, test, and deploy applications. The provider offers
the infrastructure required by the user (servers, operating systems, storage)
and platforms with predefined conditions for developing their activities.
(3) Software
as a Service (SaaS), where the provider offers a complete software application
as a shared service, accessible via the Internet, and the client manages its
use and the configuration of personal parameters.
One
defining feature of this distribution of computing power and data use is the
invisibilization of its materiality. More than a decade ago, Hu (2015) showed
that the “cloud” is neither an ethereal nor a purely technical entity, but
rather the result of chains of political and military decisions. We share the
author’s view that the “cloud” metaphor is not a reflection of its “ethereal
character,” but a reference to a cultural device that conceals data centers,
human labor, energy consumption, and physical networks, making them harder to
recognize.
As a
corollary of this veil of invisibility, the “cloud” presents itself as neutral,
when in reality it obscures multiple relations of dependency between private
and public actors, as if removing the materiality of infrastructure magically
made power asymmetries disappear. A great magic trick in which the card of
technological inequality vanishes right before our eyes.
That brings
us back to an issue we have repeatedly addressed at Global Radar Analytics:
the deterritorialization of international life. Sovereignty itself, a pillar of
statehood, extends beyond its physical territory and mutates into a layered,
distributed capacity—an order that Bratton (2015) defines as a stratified
stack, a concept worth pausing to examine:
The Stack
model proposed by Benjamin Bratton is a conceptual tool for understanding how
planetary-scale computing, including cloud infrastructure, has transformed
global geopolitics. The author argues that, unlike traditional maps,
technological infrastructure draws a multilayered, vertical, and stratified
map. Thus, the Stack “is not only a kind of planetary-scale computing system;
it is also a new architecture for how we divide the world into sovereign
spaces” (Bratton, 2015:7).
According
to Bratton, the layers that shape the system range from physical supports to
purely conceptual elements: the planet, as the source of resources and energy
(Earth layer); data-center infrastructure (Cloud layer); the urban environment
that combines physical, informational, and ecological infrastructure to
establish concrete forms of access to social space (City layer); granular
systematization that allows any physical or virtual element to be identified
and named to include it in communication flows (Address layer); the tools we
use to interact with the network (Interface layer); and the people, programs,
and other entities that use the functions created by the “stacking” (User
layer).
These
vertically stacked layers are interdependent, making the Stack model a valuable
tool for analyzing how new technologies impact the forms of sovereignty that
take, highlighting that private actors perform “quasi-sovereign” functions when
they define technical architectures, standards, and access conditions for some
of these layers (Bratton, 2015).
Put
differently, this model suggests that access to cloud services does not equate
to the possession of strategic AI capabilities; rather, such capabilities
remain with the owner of the cloud, who is also constrained by the “Earth” and
“City” layers (Hu, 2015; Bratton, 2015). The definition of the “Address” layer,
we add, is a direct call for communication experts to engage in the power
struggles inherent in AI control.
From this
perspective, it is quickly evident that the global market for cloud
infrastructure services is highly concentrated in a (very) small number of
hyperscale providers (SRG, 2025)—that is, major global providers with dominant
market shares such as Amazon Web Services (AWS), Microsoft, Google, Meta,
Oracle, IBM, and Alibaba—which erect increasingly formidable barriers to entry.
Investment dynamics reinforce this exclusionary pattern, as a model of
sustained and asymmetric growth in capital expenditure—corporate investment in
long-lived physical assets—has taken shape (SRG, 2024), crystallizing the
current cloud architecture.
To this
must be added three additional mechanisms that drive hyper-concentration in
cloud service provision: the market mechanism, based on economies of scale and
technological lock-in; geographic distribution in nodes that condition latency
(speed), capacity, and operational resilience; and a mechanism of control over
advanced services (data security, user identity, etc.) that is difficult to
replicate outside dominant standards.
As a
result, we observe a relatively stable hierarchy among cloud computing
providers that no one seems determined to “break.” However, there have been
some attempts at change that, at least so far, have not altered the system
described.
Neoclouds,
for example, operate in specific niches and tend to position themselves as
complementary layers within the ecosystem dominated by hyperscale providers,
without seeking to alter control over the existing system (SRC, 2025).
Regulatory fragmentation may modify certain operating conditions, but it does
not change the investment patterns that sustain concentration.
From all
this arises a systemic risk: incident databases such as CIRAS show the
sustained recurrence of failures associated with third-party dependencies in
access to computing power and with the high levels of interconnection achieved
in infrastructure, resulting in a computational ecosystem susceptible to
cascading effects (CIRAS, 2024; CRP, 2023). Reinforcing this warning, the Cloud
Reassurance Project notes that even in the absence of a generalized collapse,
the combination of shared dependency, technical complexity, and operational
opacity justifies a preventive public-policy approach (CRP, 2023). ENISA
(2024), for its part, documents significant incidents linked to system failures
due to technical, human, or third-party dependency factors (ENISA, 2024). Choi
et al. (2024) show that seemingly minor errors can escalate and affect
essential state functions (health, education, security, water and energy
provision, etc.).
As
expected, the levels of concentration and interdependence reached in “the
cloud” generate a geography of inequalities. As TeleGeography (2024) notes,
interconnection nodes and high-capacity connectivity are concentrated in North
America, Europe, and East Asia, while Africa, Latin America, and other regions
form a global cloud periphery—an updated expression of the digital divide. The
business direction of cloud service provision prioritizes densifying existing
nodes over expanding into new areas, projecting this inequality over time and
suggesting it will deepen further (TeleGeography, 2024). In this sense, the
cloud connects territories and, in doing so, selects and crystallizes
capacities in line with business logic interests.
Consequently,
the digital marginalization experienced by countries of the Global South is not
a temporary phase of lagging behind, but a structural effect of the global
cloud-computing architecture, which turns toward them primarily to resolve
problems in the lower layer of the Stack: the appropriation of natural and
energy resources, in a form of economic reprimarization 2.0 of the developing
world.
Here, an
interesting—and partly contradictory—phenomenon emerges. Multiple reports
indicate that running applications in the cloud requires between 60% and 90%
less energy than operating local data centers (451 Research, 2019; Microsoft,
2020; S&P Global Market Intelligence, 2021; Zheng & Bohacek, 2022;
Alibaba, 2025). At the same time, however, evidence shows that the most
significant environmental harm driven by demand for cloud-based services occurs
in data centers, which are “the backbone of the digital world” (UNCTAD,
2024:v).
As always,
there are underdeveloped countries and emerging economies with greater room for
maneuver, but what is new in this field is that they can apply their tools only
at the territorial level, relying on the traditional conception of sovereignty
over their own territory, while, as explained earlier, disputes take place
within a framework of deterritorialized sovereignties that constrain states’
capacity for action.
That is
particularly evident in “economic reprimarization 2.0,” as the growth in
electricity consumption associated with data centers and AI in general creates
local environmental tensions (IEA, 2025) in middle- and low-income countries,
without a proportional appropriation by the state of the value generated by
these losses. In other words, the deterritorialization of sovereignty leads
underdeveloped states to respond through territorial sovereignty, producing an
economic reprimarization 2.0 that, in turn, results in an “unequal exchange
2.0” (see Arghiri et al., 1980) or, in the worst case, in barely disguised
colonial practices.
In
response, states—regardless of their level of digital development—have begun to
establish national cloud security strategies, seeking to shift the problem from
the organizational to the national level. Their response, however, remains
bound by rules beyond their control: we see the emergence of so-called
“sovereign clouds,” whose purpose is “to ensure that sensitive information
remains within the jurisdiction of the country whose data is on the network
[and that] are built around technological and operational sovereignty in the
host country and isolate data from geopolitical conflicts and disruptions of
global cloud networks. And perhaps most importantly, their purpose is to ensure
that a nation’s digital assets are locally controlled in a stable and secure
environment for critical national data and protected from international legal
entanglements” (BCG, 2025:2).
These
sovereign clouds are, in effect, risk-management instruments that increase
state control over data and infrastructure. Still, they must compete with
hyperscale providers under the technological conditions those providers have
imposed. State agencies do not disappear, but their margins of action are
constrained.
Against
this backdrop, we can conclude that cloud computing shapes a structural regime
that unevenly distributes critical capacities for AI and the digital economy,
establishing relatively stable hierarchies in the international system and
shifting digital sovereign capacities from the state to major private actors.
The result is unequal levels of dependency across the global system, with the
most vulnerable being the most affected.
Govern
algorithms and data without governing the digital infrastructure that hosts
them and makes them operational results in incomplete AI governance. Yet
incorporating cloud technologies requires recognizing their materiality and
confronting powerful private interests.
In a
classical comedy by Aristophanes, aptly titled The Clouds, the author
criticizes Socrates for claiming that clouds were the origin of rain, thunder,
and lightning, stripping the gods of these attributes. It was a new way of
seeing the world, devoid of deities, which Aristophanes viewed as mere moral
corruption. His comedy mocks the very idea that clouds could attempt to replace
the gods. Centuries later, digital technological progress demonstrates Socrates
was right.
References
451
Research (2019). The carbon reduction opportunity of moving to Amazon Web
Services. Black & White Paper. https://d39w7f4ix9f5s9.cloudfront.net/e3/79/42bf75c94c279c67d777f002051f/carbon-reduction-opportunity-of-moving-to-aws.pdf
Alibaba
(2025). Driving Sustainability with AI. Alibaba Cloud. https://alizila.oss-us-west-1.aliyuncs.com/uploads/2025/05/Alibaba-Cloud-whitepaper_Driving-Sustainablity-with-AI-new.pdf
ARG
(Synergy Research Group) (2025). Cloud market share trends. https://www.srgresearch.com/articles/cloud-market-share-trends-big-three-together-hold-63-while-oracle-and-the-neoclouds-inch-higher
Arghiri, E.; Betterlheim, C; Amin, S. y Palloix, C. (1980). Imperialismo
y comercio internacional (el intercambio Desigual). Siglo XXI editores. https://www.marxists.org/espanol/tematica/cuadernos-pyp/Cuadernos-PyP-24.pdf
BCG (Boston
Consulting Group) (2025). Sovereign clouds are reshaping national data
security. https://www.bcg.com/publications/2025/sovereign-clouds-reshaping-national-data-security
Bratton, B.
H. (2015). The stack: On software and sovereignty. MIT Press.
Choi, G.-Y., Seo,
J., & Kwon, H.-Y. (2024). A comparative study of national cloud security strategy and governance. Proceedings of the 25th Annual
International Conference on Digital Government Research. ACM. https://dl.acm.org/doi/pdf/10.1145/3657054.3657085
CIRAS
(2024). Incident reporting database. https://ciras.enisa.europa.eu/ciras-public
CRP (Cloud
Reassurance Project) (2023). Interim report. Carnegie Endowment for
International Peace. https://carnegieendowment.org/research/2023/06/cloud-reassurance-project-interim-report?lang=en
ENISA
(2024). Telecom security incidents report 2024. European Union Agency
for Cybersecurity. https://www.enisa.europa.eu/sites/default/files/2025-07/ENISA_Telecom_Security_Incidents_2024_en_1.pdf
Erl, T., & Barceló Monroy, E. (2024). Cloud Computing: Concepts,
Technology, Security & Architecture (2nd ed.). Pearson Education.
Hu, T.-H.
(2015). A prehistory of the cloud. MIT Press.
IEA
(International Energy Agency) (2025). Energy and AI. https://iea.blob.core.windows.net/assets/601eaec9-ba91-4623-819b-4ded331ec9e8/EnergyandAI.pdf
Microsoft
(2020). The carbon benefits of cloud computing. A study on the Microsoft
Cloud in partnership with WSP. https://www.microsoft.com/en-us/download/details.aspx?id=56950
NIST
(National Institute of Standards and Technology NIST) (2011). The NIST
Definition of Cloud Computing. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-145.pdf
S&P
Global Market Intelligence (2021): Saving Energy in Europe by Using Amazon Web
Services. https://assets.aboutamazon.com/7a/66/e16e8fbd4e46b02348a39f7315b1/11061-aws-451research-advisory-bw-cloudefficiency-eu-2021-r5.pdf
SRG
(Synergy Research Group) (2024). Justifying the explosive growth in
hyperscale CAPEX. https://www.srgresearch.com/articles/justifying-the-explosive-growth-in-hyperscale-capex
TeleGeography.
(2024). Cloud and WAN infrastructure: Executive summary. TeleGeography
Research.
Zheng, Y.,
& Bohacek, S. (2022). Energy savings when migrating workloads to the
cloud. https://arxiv.org/abs/2208.06976