iTnews Asia
  • Home
  • News
  • Data and Analytics

Balancing the customer experience with the need for data sovereignty

Balancing the customer experience with the need for data sovereignty

Cross-border digital ecosystems are making compliance and customer experience decisions increasingly interdependent.

By Chandrasekar Ramamoorthy on Jul 1, 2026 3:24PM

As governments and enterprises across Asia accelerate investments in sovereign digital infrastructure, a new challenge is emerging beyond cloud adoption, cybersecurity, and compliance: how can organisations independently assure consumer experiences while complying with a growing patchwork of data sovereignty, privacy, and localisation requirements? 

For IT leaders, customer experience assurance has traditionally focused on delivering fast, reliable and seamless digital services. Today, it sits at the intersection of governance, risk, compliance, and customer trust. As regulatory expectations evolve, organisations are discovering that the data used to monitor customer experiences may itself be regulated.

This is redefining how enterprises design and govern assurance across distributed and outsourced environments.

When monitoring data becomes regulated data

The conversation around digital sovereignty has often centred on where applications, workloads, and customer databases are hosted. Yet a less visible but equally important consideration is emerging: where operational evidence is collected, processed, stored, and transferred.

Monitoring and observability data should be treated as regulated evidence rather than technical exhaust. It includes IP addresses, device identifiers, app versions, location signals, URLs, session timing, DNS responses, network paths, and error payloads. In regulated sectors, these can reveal usage patterns, dependencies, or critical infrastructure exposure.

Frameworks such as the ASEAN Data Management Framework recognise that logs and traces may be regulated when linked to individuals or critical systems. Countries including Indonesia, Vietnam, China, India, and the Philippines have implemented varying localisation rules.

As digital services become increasingly central to economic activity and citizen engagement, organisations must rethink how monitoring data is collected and managed. The challenge is no longer simply how to track performance, but how to do so without creating compliance risks or violating sovereignty expectations.

- Chandrasekar Ramamoorthy, Co-CEO and Co-Founder, Mozark.

Visibility in outsourced ecosystems

The challenge is further compounded by the reality that most organisations today operate within highly outsourced technology ecosystems. IDC reports nearly 90 percent of Asia-Pacific enterprises run workloads across multiple clouds, with strong hybrid adoption in India (85 percent). While these models provide flexibility and scalability, they also introduce new visibility challenges.

Enterprises increasingly depend on cloud providers, network operators, content delivery networks, software platforms, and managed service providers to deliver digital services. Yet telemetry access, network traces, and operational performance data may be governed by different contractual arrangements and jurisdictional restrictions.

Importantly, outsourcing operations does not outsource accountability. Service providers may successfully meet contractual service-level agreements (SLAs), yet consumers may still encounter failed logins, payment errors, application delays, interrupted purchases, or poor digital service experiences. This highlights an important distinction: SLAs measure provider performance, while customer experience assurance measures whether consumers can successfully complete the journeys that matter.

As a result, organisations need assurance frameworks that validate real-world experience across multiple providers without relying on unrestricted access to raw operational data.

Infrastructure health does not always reflect customer experience

Another challenge confronting IT leaders is the widening gap between what internal systems report and what users actually experience. Internal dashboards may indicate healthy application performance, while users simultaneously experience DNS resolution failures, CDN congestion, third-party API degradation, payment gateway latency, device-specific issues, or network instability.

This disconnect becomes particularly significant in sovereignty-sensitive environments. Boards, regulators, and business leaders are increasingly seeking independent evidence of customer experience rather than relying solely on provider-generated infrastructure metrics. Consumers judge organisations by whether they can complete transactions, access services, and resolve issues not by server uptime or infrastructure availability.

This aligns with broader regulatory thinking. Singapore's Infocomm Media Development Authority (IMDA), for example, has emphasised Quality of Experience (QoE) as a more meaningful measure of service reliability and effectiveness. Ultimately, services are judged by whether users can complete critical journeys, not by infrastructure health alone.

Rethinking observability models

Historically, many organisations adopted centralised observability architectures that consolidated logs, traces, and telemetry into regional or global monitoring platforms. However, as localisation requirements proliferate, these models are becoming increasingly difficult to sustain.

Centralised approaches can create governance risks when operational data crosses borders or enters jurisdictions with different privacy obligations. At the same time, fully localised monitoring environments can create fragmented visibility, inconsistent reporting standards, and reduced regional oversight.

This is driving federated assurance models. In this model, measurement happens locally near users, devices, or jurisdictions. Raw telemetry remains local, while central teams receive aggregated KPIs, anonymised trends, compliance evidence, and exception alerts.

This avoids both a central data lake with cross-border risk and fragmented local systems with limited oversight. Federated assurance also improves auditability, allowing regulators and internal audit teams to verify compliance evidence within jurisdiction while still enabling enterprise-wide governance and benchmarking.

Privacy-preserving analytics

Across ASEAN, regulators are increasingly encouraging approaches that support operational visibility while minimising exposure of personal or regulated data. Singapore's Personal Data Protection Commission (PDPC), through its 2024 Guidance on Anonymisation, has provided practical frameworks for processing operational data while protecting privacy.

As a result, organisations are increasingly adopting principles such as data minimisation, anonymised aggregation, tokenisation, encryption, role-based access controls, and shorter data retention periods.

There is also growing interest in distributed analytics models that rely on local processing nodes, synthetic testing, encrypted telemetry pipelines, and federated learning approaches. These methods enable organisations to assess digital experience quality while reducing the need to move sensitive telemetry across borders.

Privacy-preserving approaches also strengthen trust by ensuring audit trails are maintained without exposing raw personal or device-level telemetry beyond permitted boundaries.

Preparing for a fragmented regulation

Regulatory fragmentation across Asia-Pacific is expected to continue. The ASEAN Digital Masterplan 2025 acknowledges regulatory diversity in data transfer and cybersecurity. While ASEAN members are actively harmonising through MCCs, anonymisation guides, and AI frameworks, non-members such as India and South Korea maintain their own distinct national approaches.

For IT decision-makers, this means digital experience assurance can no longer be designed around a single governance model. Organisations must classify telemetry by sensitivity, source, field type, and jurisdiction; map where it is collected, processed, stored, and accessed; separate raw user-level data from aggregated assurance metrics; define telemetry rights and residency obligations in outsourcing contracts; and ensure critical digital journeys are continuously tested from real user locations, devices, and networks.

As Asia's digital economy matures, organisations that balance visibility, privacy, and regulatory compliance will be better positioned to deliver trusted, resilient, and seamless consumer experiences. Customer experience assurance is becoming a strategic capability that underpins digital trust, regulatory compliance, and long-term brand loyalty.

Chandrasekar Ramamoorthy is the Co-CEO and Co-Founder of Mozark.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
© iTnews Asia
Tags:
data and analytics mozark opinions

Related Articles

  • Architectural foundation for Agentic AI transition yet to be ready
  • AI can help speed up modernisation, but wont fix broken foundations
  • Why infrastructure is the bottleneck stopping enterprises from scaling AI
  • APAC's AI Infrastructure crunch: How enterprises are figuring it out
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Architectural foundation for Agentic AI transition yet to be ready

Architectural foundation for Agentic AI transition yet to be ready

APAC's AI Infrastructure crunch: How enterprises are figuring it out

APAC's AI Infrastructure crunch: How enterprises are figuring it out

AI can help speed up modernisation, but wont fix broken foundations

AI can help speed up modernisation, but wont fix broken foundations

The key trends driving data and analytics over the next two years

The key trends driving data and analytics over the next two years

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.