The ocean covers seventy-one percent of the Earth's surface, yet nearly all of our digital infrastructure sits on dry land. That is beginning to change. Ocean-based data centres offer a unique combination of physical security, legal ambiguity, and natural cooling that makes them attractive for sovereign operations.

The legal foundation for these projects rests on the United Nations Convention on the Law of the Sea (UNCLOS), which defines territorial waters as extending twelve nautical miles from a nation's coastline. Beyond that lies the exclusive economic zone (EEZ), which extends two hundred nautical miles and grants a coastal state certain economic rights but not full sovereignty. Beyond the EEZ lies the high seas — international waters where no nation has jurisdiction.

This creates a legal patchwork that sovereign data centre operators can exploit. A floating platform anchored in international waters is not subject to the laws of any coastal state. It is governed only by the law of the flag state — the nation under which the platform is registered. And if that flag state is chosen carefully, or if the platform is registered under no flag at all, the data it holds exists in a legal grey zone that has never been fully tested.

Microsoft's Project Natick demonstrated the technical feasibility of underwater data centres in 2018, submerging a shipping-container-sized pod off the coast of Scotland. The experiment showed that underwater servers were not only viable but actually more reliable than their land-based counterparts, thanks to the stable temperature and reduced oxygen exposure. Microsoft's goal was efficiency, not sovereignty — but the technology is directly transferable.

The next step is the seasteading movement, which envisions permanent floating communities in international waters. Organisations like the Seasteading Institute have long promoted the idea of autonomous ocean platforms for everything from housing to governance. Data centres are a natural extension of this vision. A floating platform equipped with solar panels, wave energy converters, and satellite uplinks could host thousands of servers, entirely self-sufficient and entirely beyond the reach of any terrestrial government.

The practical challenges are immense. Power supply, maintenance, physical security, and the threat of piracy or state-sponsored sabotage all pose real risks. But the legal and economic incentives are powerful enough that several projects are already in development. If even one succeeds, it will change the calculus for anyone who values data sovereignty.

If the ocean offers legal ambiguity, space offers something even more radical: a complete absence of territorial jurisdiction. Space-based data centres operate in an environment where no nation can claim sovereignty, and where the physical infrastructure is moving at seventeen thousand miles per hour, making it nearly impossible to seize or shut down.

The Outer Space Treaty of 1967, the foundational document of space law, explicitly prohibits any nation from claiming sovereignty over celestial bodies or regions of space. This means that a data centre in orbit is not located in any country's territory. It is, legally speaking, nowhere. The treaty does allow states to exercise jurisdiction over objects they launch, but this jurisdiction is limited and does not extend to the data those objects process.

This creates a unique opportunity. A satellite constellation hosting distributed data processing could operate under the laws of a single, privacy-friendly jurisdiction — or under no jurisdiction at all. The data would be physically inaccessible to any government that did not have the capability to intercept it in orbit, which is a capability currently possessed by only a handful of nations.

The technical barriers are significant. Space is a hostile environment: radiation, temperature extremes, and the vacuum of space all pose challenges to electronic equipment. Launch costs, while falling rapidly, remain substantial. And the latency inherent in satellite communications makes real-time data processing difficult for many applications.

But the trajectory is clear. Companies like Cloud Constellation Corporation have proposed space-based data storage services that bypass terrestrial networks entirely. The European Space Agency has studied the feasibility of orbital data centres. And as launch costs continue to drop and satellite technology becomes more robust, the economic case for space-based sovereign data centres will only strengthen.

The ultimate expression of this concept is the data satellite — a dedicated spacecraft whose sole purpose is to store and process data, with no connection to any terrestrial network except through encrypted laser or radio links. Such a satellite could be placed in a graveyard orbit, far from Earth, where it would be physically unreachable by any nation's space program. The data it held would be truly sovereign, accessible only to those who held the cryptographic keys.

Physical location is only half the story. A sovereign data centre, whether in the ocean or in orbit, is only as secure as the cryptographic systems that protect its data. End-to-end encryption, homomorphic encryption, and zero-knowledge proofs are the technologies that make sovereign data centres viable.

End-to-end encryption ensures that data is encrypted at the source and decrypted only at the destination. The data centre itself never has access to the plaintext. This means that even if a government somehow gains physical access to the servers, the data they contain is useless without the keys.

Homomorphic encryption takes this a step further, allowing computations to be performed on encrypted data without ever decrypting it. This means that a sovereign data centre could process sensitive data — financial transactions, medical records, AI training data — without ever knowing what that data contains. The results would be encrypted, and only the data owner could decrypt them.

Zero-knowledge proofs allow one party to prove to another that a statement is true without revealing any information beyond the validity of the statement itself. This technology is already being used in blockchain systems and has direct applications for sovereign data centres. A user could prove that they have sufficient funds for a transaction without revealing their balance, or prove that they are over eighteen without revealing their birth date.

The combination of these cryptographic techniques with physically sovereign infrastructure creates a system that is resistant to both digital and physical attacks. Even a state actor with unlimited resources would find it extraordinarily difficult to compromise such a system, because the data never exists in a readable form at any point in its journey.

Sovereign data centres are expensive. Building a floating platform or launching a satellite constellation requires capital that most individuals do not have. But the economic case is not about individuals — it is about institutions that have a compelling need for data sovereignty.

Cryptocurrency exchanges are among the most obvious customers. Many exchanges operate in legal grey zones, subject to conflicting regulations across multiple jurisdictions. A sovereign data centre would allow them to operate without fear of sudden regulatory changes or asset seizures.

Whistleblower platforms like WikiLeaks have demonstrated the vulnerability of terrestrial infrastructure. When financial pressure is applied to hosting providers, data can be taken offline within hours. A sovereign data centre would be immune to such pressure.

Corporations in industries with sensitive data — pharmaceuticals, defence, finance — could use sovereign data centres to protect intellectual property from industrial espionage or government-mandated backdoors.

High-net-worth individuals concerned about political instability or asset seizure could use sovereign data centres to store financial records, legal documents, and personal data beyond the reach of any government.

The business model is straightforward: charge a premium for guaranteed sovereignty. The cost of a sovereign data centre is high, but the cost of losing control of sensitive data is higher. For those who can afford it, the value proposition is clear.

No government will welcome the emergence of sovereign data centres. They represent a direct challenge to state authority, a hole in the fabric of surveillance and control that modern states have woven around the internet.

The most likely response is legal. Governments will attempt to extend their jurisdiction through new treaties, reinterpretations of existing law, or unilateral declarations of authority over data processing in international waters and space. The Budapest Convention on Cybercrime and various Mutual Legal Assistance Treaties (MLATs) could be amended to cover sovereign data centres.

Economic pressure is another tool. Governments could prohibit their citizens and corporations from using sovereign data centres, impose sanctions on the companies that operate them, or cut off access to the financial system for anyone who does business with them.

The most extreme response is military. A sovereign data centre in international waters could be boarded and seized by a naval vessel, or sabotaged by special forces. A data satellite could be targeted by anti-satellite weapons or cyberattacks. The operators of sovereign data centres must be prepared for the possibility of state-sponsored aggression.

But the very nature of sovereign data centres makes them difficult to target. A floating platform can be designed to be mobile, moving to avoid detection or seizure. A satellite constellation can be distributed across hundreds of units, making it impossible to disable all of them. And the cryptographic protections mean that even if physical access is gained, the data remains secure.

The idea of a data haven is not new. The first generation of data havens were physical locations — countries with strong privacy laws and weak extradition treaties. Switzerland, Iceland, and Panama have all served as data havens at various times, offering legal protection for sensitive information.

The second generation was digital: encrypted communication platforms, anonymous networks like Tor, and blockchain-based storage systems like Filecoin and Arweave. These systems provided cryptographic sovereignty but remained physically vulnerable. A government that could seize the servers of a Tor node operator could still disrupt the network.

The third generation is physical sovereignty: infrastructure that cannot be seized because it cannot be reached. Ocean and space data centres are the logical conclusion of this evolution. They combine the legal protections of the first generation with the cryptographic protections of the second, creating a system that is resistant to both legal and physical attack.

The failure of HavenCo is instructive. The project was ahead of its time, but it was also poorly executed. The legal framework for ocean-based data centres was unclear, the technology was immature, and the business model was unproven. Two decades later, the technology has caught up, the legal questions are being tested, and the demand for sovereignty has never been higher.

If a sovereign data centre in international waters is boarded by a naval vessel from a major power, what legal recourse does the operator have? The law of the sea is clear on territorial jurisdiction, but it is silent on data. No court has ever ruled on the legality of seizing a floating server farm.

Can a space-based data centre be truly sovereign if its launch requires approval from a nation-state? Every satellite launched today must be registered with a country, and that country retains jurisdiction over the satellite. Is there a path to launching a satellite without state approval, or will space-based sovereignty always be contingent on terrestrial permission?

How will the economics scale? Sovereign data centres are expensive to build and operate. Will the market for data sovereignty be large enough to sustain them, or will they remain a niche service for the ultra-wealthy and the ultra-paranoid?

What happens when two sovereign data centres disagree? If one platform hosts data that another platform considers illegal — child exploitation material, for example — who resolves the dispute? There is no global authority for data sovereignty.

And the deepest question of all: is true data sovereignty even desirable? The same infrastructure that protects a whistleblower can protect a terrorist. The same encryption that secures a financial transaction can hide money laundering. The same physical isolation that shields a political dissident can shield a human trafficker. Sovereignty is a tool, not a value. What we do with it is up to us.