In this week’s article we take apart a term that turns up in almost every procurement conversation but rarely gets explained properly: data sovereignty. It sounds like a polite synonym for data protection, but it isn’t quite that. Sovereignty is about control - who decides where our data is created, where it gets processed, who can reach it, and whose laws apply to it. Frame it that way and it stops being a checkbox in a settings menu and turns into a question about architecture. Which is exactly the sort of thing this blog likes to unscrew and look inside.
So let’s open the box and see why an industrial platform like Peakboard has something genuine to contribute here.
It starts at the edge
The strongest argument is also the simplest. Peakboard processes and visualises data where that data is born - on the Box, on local hardware inside our own network, right next to the machine or the line. Nothing in the architecture pushes data into a cloud before it can be useful. That matters more than it first looks. On many platforms, sovereignty is something teams bolt on afterwards by tightening permissions and reading data-processing agreements line by line. With an edge-first design, the local state is the default. We aren’t opting out of a data exodus; there was never one to begin with.
Reading from the source, not building a shadow copy
Through its connectors - PLC, OPC UA, SAP, SQL, MQTT - Peakboard reads directly from the systems that already hold our data. It doesn’t insist on copying everything into a second, central repository that then has to be secured, governed and legally accounted for on its own. The data stays in its home systems. That keeps the attack surface smaller and shrinks the number of places where control can quietly slip away. Fewer copies, fewer custodians, fewer awkward questions in an audit.
There’s a nice side effect here, too. A visualisation or a piece of logic usually only needs a handful of values, so we pull the few data points we actually use rather than exporting the whole estate. That lines up neatly with the GDPR’s data-minimisation principle, almost by accident.
It works with the cable unplugged
Plenty of OT environments are deliberately isolated, and some are fully air-gapped. Peakboard runs in those environments. It doesn’t treat a permanent internet connection as a precondition for doing its job. For critical infrastructure, for regulated industries, and for any security team that takes network segmentation seriously, that is a concrete sovereignty argument rather than a marketing one: the platform doesn’t quietly require an outbound link in order to function.
The processing happens under our roof
Transformation, aggregation and clean-up - Lua scripting and everything around it - run locally. The actual work of turning raw signals into something meaningful takes place on hardware we control, not inside a remote service whose location and inner workings we can’t steer. Sovereignty isn’t only about where data sits at rest; it’s about where the verbs happen.
Open standards keep us from getting trapped
Connecting over open protocols like OPC UA and MQTT means we stay in charge of our own system landscape. This is the part of sovereignty people tend to forget: independence isn’t only about data location, it’s about not being locked into one vendor’s proprietary interfaces. Open standards mean we can change our mind later without prising the whole stack apart.
The legal-room argument
Peakboard is a German vendor operating inside the reach of EU law and the GDPR. In the shadow of Schrems II and the US CLOUD Act, that matters whenever Peakboard is compared with solutions whose data handling might fall under a foreign jurisdiction - particularly in public-sector procurement, or anywhere the KRITIS rules apply.
The honest part
Here’s the screw we shouldn’t hide. Sovereignty is ultimately a property of the configuration, not a sticker on the box. The architecture makes a very high degree of data control possible - but it doesn’t enforce it for us. The moment we wire in cloud components or forward data to an external service, the picture shifts, and that’s a perfectly legitimate choice as long as it stays a choice. Cloud and central management remain options in the Peakboard world; they aren’t the price of admission.
So the strongest claim isn’t “Peakboard is sovereign.” It’s something better, and something more honest: Peakboard hands us the architecture, and we decide how sovereign we want to be. Which, when we think about it, is what sovereignty was supposed to mean all along.