South Korea is digitally sophisticated, technically capable and deeply invested in modern digital government systems. In September 2025, when a fire tore through a government-linked data centre in Daejeon, what followed was a clear failure of state capacity.
Around 745 government systems were affected, many taking months to return to service. More alarmingly, about 858 terabytes of government data was lost permanently. Parts of the system had no effective backup.
South Korea’s incident was not the result of a cyberattack or foreign sabotage. It was reportedly triggered by a battery fire. Government systems that citizens and officials relied on suddenly stopped working, and some datasets could not be recovered at all. By any practical definition of resilience, that should trouble us.
In recent work, I’ve argued that trust in technology systems rests on more than who owns them or where they sit. It depends on a set of capabilities: sound governance, credible assurance, operational resilience and clear accountability. National self-reliance sits within that picture, but it does not trump the others.
The South Korean case is instructive precisely because it shows what happens when one dimension of trust—national control—is present, while another—resilience—is not.
Digital sovereignty is often framed in terms of location and jurisdiction: where the data is stored; who operates the infrastructure; and which laws apply. Those questions are necessary but insufficient. A system that is domestically owned and controlled can still fail the trust test if it cannot withstand disruption or recover cleanly when things go wrong.
Resilience is a basic test of trust. If a state cannot demonstrate that essential systems are backed up, restorable and designed to survive foreseeable shocks, confidence in those systems is weakened regardless of how sovereign the infrastructure appears on paper.
This is where the South Korean incident cuts against a comfortable assumption. Domestic hosting did not prevent a single point of failure. National ownership did not guarantee redundancy. Formal control did not substitute for engineering discipline.
From a trust perspective, the outcome matters more than the intent.
When identity systems fail, citizens lose access to services. When administrative platforms go offline, governments struggle to function. When records are permanently lost, accountability and continuity are damaged long after the crisis has passed. These are direct hits to a state’s ability to govern.
That framing also creates space for a more honest discussion about hyperscale cloud. Too often, the debate is reduced to a simplistic choice between domestically controlled infrastructure assumed to be inherently safe, and hyperscale platforms treated as inherently risky because of their scale, foreign ownership or commercial nature.
The reality is more uncomfortable, and more nuanced.
Well-architected hyperscale cloud environments are designed around failure. They assume components will break and data centres will be lost. Redundancy, geographic distribution, continuous backup and rapid restoration are foundational design principles.
That doesn’t make hyperscale inherently trustworthy. Governance, legal exposure, vendor leverage and strategic dependency still matter enormously. But on the resilience axis of the trust taxonomy, hyperscale platforms often outperform bespoke or nationally hosted systems that might not have been engineered for loss at scale.
The Australian government’s Hosting Certification Framework rightly elevates sovereignty and control as criteria for hosting critical data. ‘Strategic’ certification, the framework’s highest level, signals trustworthiness under governance and assurance measures. But the framework’s focus on who controls the infrastructure needs to sit alongside equal attention to whether that infrastructure can survive stress and restore operations.
The lesson from South Korea is not that nationally controlled infrastructure is misguided, or that governments should default to hyperscale providers. It is that national control without demonstrable resilience is a weak form of trust.
A nationally controlled system that loses irreplaceable data in a single incident fails the same trust test as a foreign-controlled system that becomes unavailable during a crisis. In both cases, the state’s freedom of action disappears when it matters most.
Australia and others investing heavily in digital government are rightly focused on who we trust to build and operate critical systems. But they are less consistent in demanding proof that those systems can fail safely.
A more credible approach is to treat national control and self-reliance as one pillar within the trust taxonomy, not as a substitute for it. That means asking harder questions: can essential services continue if a facility is lost? Are critical datasets backed up across failure domains? Has recovery been exercised, not just promised?
Those questions apply equally to domestically hosted and nationally controlled data centres and hyperscale environments. They also cut through ideology and branding and focus attention where it belongs—on outcomes.
Fires will happen, power will fail and hardware will break. The choice is whether we design digital government systems that absorb those shocks, or systems that quietly undermine the state’s ability to govern the moment they are tested.
About the Author
