How Global Network Dependencies Impact Government Website Security and Digital Sovereignty

Network Dependencies in Government Websites: A Growing Concern
When people access government websites, they often assume their data travels through secure, domestic channels. However, the reality is far more complex. Even if a government website is hosted locally, the data’s journey may cross multiple international borders, passing through foreign networks and infrastructure owned by entities in other countries. This has significant implications for digital sovereignty, infrastructure resilience, and cyber-security. When government services rely on foreign networks or centralized infrastructure, they become more vulnerable to outages, surveillance, censorship, or even political coercion.
The Intricacies of Data Routing
As part of a 2025 Internet Society Pulse Research Fellowship, researchers conducted an in-depth study into how government services are accessed across 58 countries. Using RIPE Atlas measurement probes and traceroutes, the study mapped the “on-path” infrastructure, which includes transit networks (Autonomous Systems or ASes) and Internet Exchange Points (IXPs). This data was categorized based on whether it was under domestic, foreign, or third-country ownership. Shockingly, in countries like Albania, Latvia, Pakistan, and the UAE, over 10% of traffic to local government services is routed via IXPs in third countries. For foreign-hosted government services, the reliance on third-country jurisdiction jumps alarmingly to 23–43% in nations such as Thailand, Malaysia, Norway, and South Africa.
Kazakhstan, on the other hand, has taken a distinct approach. All its government services are domestically hosted and any traffic flow is routed through a single, government-controlled exchange. While this strategy ensures greater sovereignty, it comes with its own risks, such as the potential for a single point of failure, exemplifying the delicate balance between control and functionality.
Security Risks: HTTPS Adoption and Network Consolidation
The study also highlighted the interplay between routing paths and encryption standards. Many countries with high foreign routing exposure also exhibit low HTTPS adoption on government domains. Albania, for instance, routes 86% of government-bound paths through foreign networks and 15% through foreign IXPs, yet only a third of its government domains implement HTTPS encryption. This lack of encryption opens opportunities for data interception, manipulation, or surveillance, especially when data traverses foreign jurisdictions.
Another pressing concern is network consolidation. In some countries, a small number of providers handle the majority of government traffic. A single outage, misconfiguration, or targeted attack could disrupt all its public services. The research underscores how countries like Canada, Sweden, and the United States mitigate these risks by distributing traffic across multiple operators and IXPs. This diversification strengthens resilience against technical failures and geopolitical threats.
Building True Digital Sovereignty
This research sheds light on the critical factors affecting digital sovereignty and government website security. Simply hosting services domestically isn’t sufficient; careful attention must be paid to the infrastructure routes that data takes. To ensure resilience, governments should focus on diversifying network dependencies, adopting robust encryption standards like HTTPS, and reducing reliance on foreign infrastructure.
Understanding these technical vulnerabilities is a cornerstone of improving Internet resilience and safeguarding public services. As nations strive to increase their digital sovereignty, transparency in network infrastructure and a well-distributed supply chain for Internet services are essential steps toward securing their critical digital assets.