This paper examines the intricate relationship between digital sovereignty, cloud computing, and international law, emphasizing how states seek to maintain autonomy and regulatory control in a globally interconnected digital environment. Digital sovereignty is conceptualized as encompassing legal authority, technological independence, and strategic governance over data and infrastructure. Within this framework, cloud computing emerges as both an essential driver of digital transformation and a vector of vulnerability, as reliance on global Cloud Service Providers (CSPs) redistributes jurisdictional and operational control. The study analyzes the shared responsibility model governing cloud security, highlighting the differentiated accountability between providers and users under IaaS, PaaS, and SaaS architectures. It explores how hybrid and multi-cloud environments heighten exposure to cyber risks, including cybercrime, espionage, and hacktivism, while challenging traditional notions of attribution and liability. Particular attention is given to the dual use nature of cloud infrastructure, as commercial services are increasingly exploited for offensive cyber operations, data exfiltration, and command and control activities by both non-state and state-sponsored actors. These practices complicate the application of international legal principles of sovereignty, due diligence, and state responsibility. Finally, the paper situates these dynamics within the broader debate on cloud sovereignty, contrasting the extraterritorial reach of instruments such as the U.S. CLOUD Act with the General Data Protection Regulation (GDPR) of the European Union. It argues that achieving a balance between transnational data flows and sovereign control requires robust international norms that reconcile technological interdependence with legal accountability in the digital age.
