Emma Wright

Global Co Chair and Partner, Privacy and Cyber

Crowell and Moring

Emma is Global co-Chair of the privacy and Cyner practice at internafional law firm Crowell & Moring.Computer Weekly recently listed her in the Top 10 most influential women in UK Tech; UNESCO Global Expert without Borders on AI regulation.

Speaker sessions

Sovereignty by Design: A Provider–Buyer SaaS Playbook for Multi-jurisdictional Operations

As geopolitics bleeds into cyberspace, providers and customers must plan for scenarios that can abruptly sever access to outside SaaS: undersea cable sabotage, sanctions, or political decisions that weaponize service access. At the same time, regulatory fragmentation accelerates, but industry discourse often conflates two distinct concerns: infrastructure sovereignty (can the service operate when cut off?) and data sovereignty (who can lawfully access what data, under which jurisdiction?).This briefing delivers a practitioner design framework spanning people, technical, and legal dimensions so SaaS (especially cybersecurity) providers—and their multinational customers—can design for both infrastructure sovereignty and data sovereignty without losing market access or operational continuity. Using the backdrop of operating a parallel, globally reachable multi‐tenant deployment in a new geography, we present concrete questions and decision points: technical dependencies on external services and their impact if cut off (none / partial / complete degradation); kill‐switch exposure; software distribution and versioning; client routing vs. centralized traffic steering; and domain/namespace choices. We pair these with people requirements (independent local operators) and legal mechanisms (code and domain/url escrow, compelled‐action mitigations, SLA patterns, fiduciary/security duties, and sanctions screening).We also include a case study of a national, multi‐tenant secure communications deployment in Iceland that addressed local infrastructure risks while enabling MNCs to meet data obligations across jurisdictions—within a single tenant—without duplicative infrastructure.Attendees leave with a checklist‐driven framework and implementation patterns they can apply immediately, plus a roadmap to iterate with their counsel and engineering teams.